The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
Oh. Damnit!!
Thanks guys. Will get rid of it now I know..
Thanks guys. Will get rid of it now I know..
Also please note that Microsoft have released an advisory about a modified RPC exploit. Rather than crashing RPC, causing the computer to reboot and the user to immediately twig that something is wrong, it works in a way that allows the computer to continue booting as normal, although still infected. It is thought that all these msblast.exe files are planning a DDoS attack against windowsupdate.microsoft.com sometime later this month, so even if your computer isn't crashing left, right and centre, if you have an unprotected Windows machine on a broadband connection you've likely been infected without your knowing. You too will have to reinstall.
Hundreds of thousands of broadband users exist every day without the use of intensly annoying firewalls and nothing bad ever happens!
(hehe)
(hehe)
Miserableman wrote:
> You too will have to reinstall.
Please note, this doesn't mean you have to reinstall regardless, only if you've been infected! It is up to you to find out whether you have or not.
> You too will have to reinstall.
Please note, this doesn't mean you have to reinstall regardless, only if you've been infected! It is up to you to find out whether you have or not.
Icarus wrote:
> Just remove it from startup and find out where the
> actual program is and you'll be fine.
Hehe. How do I actually know what program it came with?!
I found it in the Windows folder in it's own folder. (IGator). There's two applications there. There's also another "Trickler" in a folder called Prefetch.
Also how would I get rid of it? Just right-click, delete?
Or is there some other way?
I disabled it in the Task Manager, and the internet stopped working. Maybe I shouldn't touch computers! :D
> Just remove it from startup and find out where the
> actual program is and you'll be fine.
Hehe. How do I actually know what program it came with?!
I found it in the Windows folder in it's own folder. (IGator). There's two applications there. There's also another "Trickler" in a folder called Prefetch.
Also how would I get rid of it? Just right-click, delete?
Or is there some other way?
I disabled it in the Task Manager, and the internet stopped working. Maybe I shouldn't touch computers! :D
Actually, better use Ad Aware and run a compete scan of your system, if you've had gain_tricker for a while then there's a good chance your PC is swarming with spyware and other ad stuff.
Ms NY wrote:
> Icarus wrote:
> Just remove it from startup and find out where the
> actual program is and you'll be fine.
>
> Hehe. How do I actually know what program it came with?!
> I found it in the Windows folder in it's own folder. (IGator).
> There's two applications there. There's also another
> "Trickler" in a folder called Prefetch.
> Also how would I get rid of it? Just right-click, delete?
> Or is there some other way?
>
> I disabled it in the Task Manager, and the internet stopped working.
> Maybe I shouldn't touch computers! :D
It doesn't matter what program it came with, it's installed in a separate folder. There should be two files in the gator folder, just delete that.
Or, you could not delete anything and just disable it from startup. Just type in "msconfig" in the Run box (Start>Run), click on the "Startup" tab, and look for the gain_trickler line. Just untick the box and save.
> Icarus wrote:
> Just remove it from startup and find out where the
> actual program is and you'll be fine.
>
> Hehe. How do I actually know what program it came with?!
> I found it in the Windows folder in it's own folder. (IGator).
> There's two applications there. There's also another
> "Trickler" in a folder called Prefetch.
> Also how would I get rid of it? Just right-click, delete?
> Or is there some other way?
>
> I disabled it in the Task Manager, and the internet stopped working.
> Maybe I shouldn't touch computers! :D
It doesn't matter what program it came with, it's installed in a separate folder. There should be two files in the gator folder, just delete that.
Or, you could not delete anything and just disable it from startup. Just type in "msconfig" in the Run box (Start>Run), click on the "Startup" tab, and look for the gain_trickler line. Just untick the box and save.
Eww *cringe*.
Ok, thanks for the advice. I think it's only been on here for the past 2 or 3 weeks. So hopefully not too bad.
Ok, thanks for the advice. I think it's only been on here for the past 2 or 3 weeks. So hopefully not too bad.
Oh, here are some programs that could have installed the Gator App with its own:
Getright
DivX
Other download programs
Most of the time when installing it does give you the option to install it or not, you just have to be aware of the different steps when installing new programs.
Getright
DivX
Other download programs
Most of the time when installing it does give you the option to install it or not, you just have to be aware of the different steps when installing new programs.
Icarus wrote:
> DivX
Yep. That sounds right! :S
> Most of the time when installing it does give you the option to
> install it or not, you just have to be aware of the different steps
> when installing new programs.
Heh. I *never* read the things when installing. It's just the usual "Next, next next, next". Maybe should read from now on.
Thanks so much! You're a great helper. Got Ad Aware on the go right now and also disabled it in the msconfig thing.
Ok. And it's just found 51 new objects in Ad Aware.... !
> DivX
Yep. That sounds right! :S
> Most of the time when installing it does give you the option to
> install it or not, you just have to be aware of the different steps
> when installing new programs.
Heh. I *never* read the things when installing. It's just the usual "Next, next next, next". Maybe should read from now on.
Thanks so much! You're a great helper. Got Ad Aware on the go right now and also disabled it in the msconfig thing.
Ok. And it's just found 51 new objects in Ad Aware.... !
51? That's not so bad.
Page: