The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
I don't have it, so I'll get the patch then. Yah?
best get it quick then...
I dunno. My virus checker only works for ME too, and I've just upgraded to XP. Anyone know a free, decent virus checker?
The patch prevents it IF you do not have it.
Does the patch stop you from getting it?
If so i'm gonna get it now.
If so i'm gonna get it now.
DW wrote:
> I have lsass.exe running, anything serious? Hope not.
I'm almsot certain it's not.. i have it aswell and it says it's a system program although i'm presuming msblast shows as a system program aswell...
But i'm certain it's just a normal thing.
> I have lsass.exe running, anything serious? Hope not.
I'm almsot certain it's not.. i have it aswell and it says it's a system program although i'm presuming msblast shows as a system program aswell...
But i'm certain it's just a normal thing.
Good news *sarcasm* anyone with is has until Satruday to get sorted, then the fun really begins....
http://edition.cnn.com/2003/TECH/internet /08/12/windows.worm/index.html
I'll also quote here for the lazy people;
""MSBlaster" is considered a time bomb. Its code directs infected computers to assault Microsoft's support Web page with a barrage of requests beginning this Saturday.
This type of attack is referred to as "denial of service." The attacks are also programmed to occur any day from September to December, then the 16th to the 31st of each month starting next year.
Because this hole in Microsoft's software was first reported nearly a month ago, experts believe that most large corporations have managed to defend themselves by installing the necessary patch. Internet service providers are also now working to slow its movement.
Some tech analysts worry, however, that if "MSBlaster" is able to find enough vulnerable computers, its spread could slow the performance of the Internet by bogging it down."
http://edition.cnn.com/2003/TECH/internet /08/12/windows.worm/index.html
I'll also quote here for the lazy people;
""MSBlaster" is considered a time bomb. Its code directs infected computers to assault Microsoft's support Web page with a barrage of requests beginning this Saturday.
This type of attack is referred to as "denial of service." The attacks are also programmed to occur any day from September to December, then the 16th to the 31st of each month starting next year.
Because this hole in Microsoft's software was first reported nearly a month ago, experts believe that most large corporations have managed to defend themselves by installing the necessary patch. Internet service providers are also now working to slow its movement.
Some tech analysts worry, however, that if "MSBlaster" is able to find enough vulnerable computers, its spread could slow the performance of the Internet by bogging it down."
Okay, I've just found an article in the Sun about it.
BLAST BUG SLAYS PCS
--------------------
Tens of thousands of homes and businesses worldwide have been hit by a new computer virus.
The "worm" type bugs, with names including MS Blast, MSBlaster and LovSan, is designed to hit computers running Microsoft Windows.
It started in Britain on Monday, causing gridlock on the internet and freezing emails.
Microsoft issued a "patch" to beat it - but the bug's programmer adapted it to stop victims downloading the cure.
I have lsass.exe running, anything serious? Hope not.
BLAST BUG SLAYS PCS
--------------------
Tens of thousands of homes and businesses worldwide have been hit by a new computer virus.
The "worm" type bugs, with names including MS Blast, MSBlaster and LovSan, is designed to hit computers running Microsoft Windows.
It started in Britain on Monday, causing gridlock on the internet and freezing emails.
Microsoft issued a "patch" to beat it - but the bug's programmer adapted it to stop victims downloading the cure.
I have lsass.exe running, anything serious? Hope not.
>
> And whats the deal with having Linux? Does that make you cool?
This virus only affetcs Win2000 & XP so Win95 & 98 Users are safe like Linux people
> And whats the deal with having Linux? Does that make you cool?
This virus only affetcs Win2000 & XP so Win95 & 98 Users are safe like Linux people
My system restarts before I can fully download the patch :(
Page: