The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
Tóm wrote:
> Apparently, if you're having problems with the PC shutting down before
> you get to download the patch, you can cancel the abort by issuing:-
>
> shutdown -a
>
> In a DOS window.
thanks Tom, very helpful.
> Apparently, if you're having problems with the PC shutting down before
> you get to download the patch, you can cancel the abort by issuing:-
>
> shutdown -a
>
> In a DOS window.
thanks Tom, very helpful.
Belldandy wrote:
> That may well be adrian, all I know is that I compared the patch file
> to the list of programs in add/remove programs, and the patch was
> there. I have the auto update turned on, and if I try to install the
> patch it tells me it is already installed, I know the virus is not on
> the PC because I double cheked using that grc security site and anti
> virus. Somehow the patch installed, I assume through autoupdate, I
> did same with Win ME and nothing got screwed up so I'm not likely to
> be changing any time soon !
Well if it works for you then good. I am more selective on what I install and some of the Windows updates are not necessary anyway like Journal Viewer. I would rather perform the update myself every few weeks and know what is being installed.
> That may well be adrian, all I know is that I compared the patch file
> to the list of programs in add/remove programs, and the patch was
> there. I have the auto update turned on, and if I try to install the
> patch it tells me it is already installed, I know the virus is not on
> the PC because I double cheked using that grc security site and anti
> virus. Somehow the patch installed, I assume through autoupdate, I
> did same with Win ME and nothing got screwed up so I'm not likely to
> be changing any time soon !
Well if it works for you then good. I am more selective on what I install and some of the Windows updates are not necessary anyway like Journal Viewer. I would rather perform the update myself every few weeks and know what is being installed.
I haven't tried it by the way, just found it on thedvdforums.com where many more people were having this problem.
Apparently, if you're having problems with the PC shutting down before you get to download the patch, you can cancel the abort by issuing:-
shutdown -a
In a DOS window.
shutdown -a
In a DOS window.
That may well be adrian, all I know is that I compared the patch file to the list of programs in add/remove programs, and the patch was there. I have the auto update turned on, and if I try to install the patch it tells me it is already installed, I know the virus is not on the PC because I double cheked using that grc security site and anti virus. Somehow the patch installed, I assume through autoupdate, I did same with Win ME and nothing got screwed up so I'm not likely to be changing any time soon !
Belldandy wrote:
> This really should be a lesson for all of you with automated Windows
> update to turn it on ! Saves time in the long run.
The patch was released after the worm was released. The patch is not on the update list as on mine it wasnt. You have to download the patch from another part of the MS site and not the automatic update. Automatic update is in a way a bad idea. There is an updated driver for my nforce motherboard which I downloaded when I first got my new computer, and it completely messed it up, so having automatic update could mess up your PC. Anything important like this new patch is not usually on the update list but is on a different download page so 98, ME, 2000 etc users can get it.
> This really should be a lesson for all of you with automated Windows
> update to turn it on ! Saves time in the long run.
The patch was released after the worm was released. The patch is not on the update list as on mine it wasnt. You have to download the patch from another part of the MS site and not the automatic update. Automatic update is in a way a bad idea. There is an updated driver for my nforce motherboard which I downloaded when I first got my new computer, and it completely messed it up, so having automatic update could mess up your PC. Anything important like this new patch is not usually on the update list but is on a different download page so 98, ME, 2000 etc users can get it.
Here's a thought - could it be the prototype for Skynet? I mean, if it's in a film it must be true.
Happliy hugs works computer with Win 98 operating system and BB but cries at thought of home computer with XP on.
I have two viruses; neither being the blaster.
"Parite" or something.
"Parite" or something.
The pc downstairs got it yesterday, and we're networked. Luckily it hasn't affected my PC. I also got the patch yesterday.
The thing is, it only happened when BB died and I had to go back to 56k, so it's not a problem. I also did a scan ddownstairs with NAV and it found nothing, so we should be alright.
The thing is, it only happened when BB died and I had to go back to 56k, so it's not a problem. I also did a scan ddownstairs with NAV and it found nothing, so we should be alright.
Page: