The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
Ah good good. So that bit's sorted. It hasn't gotten rid of the IGator folder and contents. Is that my job? To delete the folder?
Well if tricker isn't running anymore after restarting, it's best to forget about it.
If it's empty, try deleting it anyway.
The prob is people dont use Windows update enough!
Icarus wrote:
> Well if tricker isn't running anymore after restarting, it's best to
> forget about it.
Heh. I forgot to restart. All gone from the Task Manager now. Still the folders and content is left. I'll just delete.
Thank you! :D
> Well if tricker isn't running anymore after restarting, it's best to
> forget about it.
Heh. I forgot to restart. All gone from the Task Manager now. Still the folders and content is left. I'll just delete.
Thank you! :D
Yeah, sorted.
To be honest, I haven't used Windows Update for months now. Not setting a good example, am I?
To be honest, I haven't used Windows Update for months now. Not setting a good example, am I?
:D True i check everyday i dont even need a firewall most of the time since i've made sure im protected.
The problem is, everytime I install something the computer takes even longer to startup again... and for an OS promising to load up in 20 seconds, after installing all the updates it would be a miracle if it loaded in a minute.
I think I fixed it.
ZoneAlarm alerted me that msblast wanted to access the internet - So I blocked it from doing so.
Downloaded the Lovsan patch from windows update.
Cleared the virus with my virus checker.
Is that enough?
ZoneAlarm alerted me that msblast wanted to access the internet - So I blocked it from doing so.
Downloaded the Lovsan patch from windows update.
Cleared the virus with my virus checker.
Is that enough?
How many of you with the virus use Kazaa ? When I was on last night Norton was flashing up warnings like mad, took ages to find a non infected file.
Page: