The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
Nope, despite my PC being on all day yesterday downloading, it's free of it, I have a hardware firewall and Zonealarm, and my anti virus is up to date. *sits back and realxes*
Belldandy wrote:
> Well I have it turned on, and it has the patch installed.
And did you still get it ?
> Well I have it turned on, and it has the patch installed.
And did you still get it ?
Well I have it turned on, and it has the patch installed.
DW wrote:
> Anyone know a free, decent virus checker?
AVG Anti Virus - Free Edition.
grisoft.com/us/us_dwnl_free.php
You'll need to update it after you've downloaded it.
And the virus is a clever piece of work . Very clever.
> Anyone know a free, decent virus checker?
AVG Anti Virus - Free Edition.
grisoft.com/us/us_dwnl_free.php
You'll need to update it after you've downloaded it.
And the virus is a clever piece of work . Very clever.
I did auto update on Saturday, but still got MSblast on Monday
How do you turn automated Update on? ;c)
I done Windows Update only last week. When I got XP.
This really should be a lesson for all of you with automated Windows update to turn it on ! Saves time in the long run.
Okay, downloading now.
I'm gonna start a new topic about formatting my hard drive when under XP, then I will download all XP & Norton updates, Zonealarm.
Nothing like learning a lesson the hard way :)
Nothing like learning a lesson the hard way :)
Page: