The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
I have all the symptoms of this on my comp but I cannot find msblast on my computer. I searched for it and got no results.
I also dont know which version of windows xp I am running 32 bit edition or 64 bit edition so I cannot download the relevant patch to help me.
ARGHHHH I really need someones help on this!
I also dont know which version of windows xp I am running 32 bit edition or 64 bit edition so I cannot download the relevant patch to help me.
ARGHHHH I really need someones help on this!
Is your anti virus up to date ? That's the first thing.
Then do ctrl Alt Delete and check for msblast in processes. If it's not their then the problem is maybe something else.
Regarding the windows patch, if in doubt go for 32bit, you always have system restore if you screw up right ?
Then do ctrl Alt Delete and check for msblast in processes. If it's not their then the problem is maybe something else.
Regarding the windows patch, if in doubt go for 32bit, you always have system restore if you screw up right ?
Right I am downloading the 32 bit patch now.
msblast wasnt on my processes list but I have zone alarm firewall running at "high" now and only a few programmes secured for the internet.
msblast wasnt on my processes list but I have zone alarm firewall running at "high" now and only a few programmes secured for the internet.
I use Kazaa - But I never had it open yesturday at all.
The virus infects your computer through a vunrability with windows - In other words it's able to download sneakily onto the comp without you knowing.
Note to do with downloading a file yourself :\
And Kyz - Check in the "programs" list in ZoneAlarm - See if msblast is there.
The virus infects your computer through a vunrability with windows - In other words it's able to download sneakily onto the comp without you knowing.
Note to do with downloading a file yourself :\
And Kyz - Check in the "programs" list in ZoneAlarm - See if msblast is there.
I had (have) this. Symantec have a deletion tool, and I've install a variety of patches that have made my Downloads folder look very pretty if not actually beaten the virus.
I blame the Irish. And the French. And you.
I blame the Irish. And the French. And you.
I havnt had anything attack me so far... my firewall asks me about everything to see if i want it to connect to the internet... i've had about 10 programs i hadn't known about asking to connect.
If you don't have a firewall it's seriously good to get one... Just one porn site and you get hacked hundreds of times.
If you don't have a firewall it's seriously good to get one... Just one porn site and you get hacked hundreds of times.
Nope it aint there.
If I look in windows/system32 there are a few files that have blue writing and are semi-transparent...
If I look in windows/system32 there are a few files that have blue writing and are semi-transparent...
Run a virus check - And make sure Zone alarm is on.
Do I need to do anything else now or has the patch deleted the virus?
Im running a complete system check but if the virus is very new my anti virus may not pick it up. It updates the virus database every 2 weeks.
Page: