The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Last night I experianced something very strange - My computer kept on telling me there was an error with something and had to shutdown in 1 minute.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Turns out there's been a major security alert with NT based OS's and a virus has been spread to those who are vunrable. Luckily Zonealarm picked up 204 attempted "outgoing" connections from the application "msblast.exe" and told me to block the connection and download a patch from MS's site.
This is a warning to all XP user's - Check the "processes" list in task manager and see if ms blast is there.
****
"This worm spreads by exploiting a vulnerability in the RPC service for DCOM. This is described along with the fix for it in Microsoft Security Bulletin MS03-026. This affects the following systems; Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. The worm also performs a Denial of Service (DoS) attack on the windowsupdate.com server.
The worm exploits vulnerability in DCOM RPC. It subsequently searches IP addresses and when it finds a vulnerable computer it uses the exploit to remotely run a shell which issues a command for downloading a copy of itself by TFTP. The copy of the worm is lunched directly after download.
When the worm is lunched it copies itself as a file named msblast.exe to the SYSTEM32 folder and registers msblast.exe as a windows auto update item in the following registry key
If your computer is infected by this virus, you will have to apply the Microsoft security patch available from this link:
microsoft.com/technet/security/bulletin/MS03-026.asp
Symptoms of the worms existence within a network (LAN):
- increased traffic on UDP port 69 (TFTP used by worm for downloading
- increased traffic on port 135 or 593 (worm sending data to try and exploit RPC for DCCOM)
- sudden system crashes reporting fault in RPC
Recommendation for network administrators is to disable outward access on ports 135 and 593 used by worm.
Virus also contains these texts:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ?
Stop making money and fix your software!!"
************
Heh. Clever - Yet scary.
Page:
The patch "closes" the vunrability and stops the virus from loading up on startup.
You need to delete it with a virus checker.
You need to delete it with a virus checker.
Ms NY wrote:
> Heh. I *never* read the things when installing. It's just the usual
> "Next, next next, next". Maybe should read from now on.
>
> Thanks so much! You're a great helper. Got Ad Aware on the go right
> now and also disabled it in the msconfig thing.
>
> Ok. And it's just found 51 new objects in Ad Aware.... !
Yes, you should read the EULA whenever installing things. I did the quick next next next thing when I was asked to install a program which installed Adaware, optimize, Bargain and Internet Optimizer on my PC. At first they seemed harmless and helpful, but then they start to block the sites you use and aaaarrrggghhh! So annoying. I've got rid of them now though. The annoying thing was it wasn't technically a virus, so Norton didn't pick it up. I read about ti at http://sophos.com
> Heh. I *never* read the things when installing. It's just the usual
> "Next, next next, next". Maybe should read from now on.
>
> Thanks so much! You're a great helper. Got Ad Aware on the go right
> now and also disabled it in the msconfig thing.
>
> Ok. And it's just found 51 new objects in Ad Aware.... !
Yes, you should read the EULA whenever installing things. I did the quick next next next thing when I was asked to install a program which installed Adaware, optimize, Bargain and Internet Optimizer on my PC. At first they seemed harmless and helpful, but then they start to block the sites you use and aaaarrrggghhh! So annoying. I've got rid of them now though. The annoying thing was it wasn't technically a virus, so Norton didn't pick it up. I read about ti at http://sophos.com
gamezfreak wrote:
> The patch "closes" the vunrability and stops the virus from
> loading up on startup.
>
> You need to delete it with a virus checker.
Just to reiterate - if you've been infected, then the virus could have contained any payload which could be anywhere on your system. The only way to be sure you have a clean system is to reinstall Windows.
> The patch "closes" the vunrability and stops the virus from
> loading up on startup.
>
> You need to delete it with a virus checker.
Just to reiterate - if you've been infected, then the virus could have contained any payload which could be anywhere on your system. The only way to be sure you have a clean system is to reinstall Windows.
Hmmm.
But would'nt my Virus checker sort all of that?
But would'nt my Virus checker sort all of that?
http://securityresponse.symantec.com/ avcenter/venc/data/w32.blaster.worm. (SPACE) html#removalinstructions
Thats the removal advice and software to get rid of this worm. To check your system for the worm press ctrl+alt+del and then go to the process tab. If mbblast.exe is running your infected. Go to the link above and get the software to remove the worm. Then go to the microsoft site and get the patch. If your infected the patch will not remove the worm, it just stops the vulnerability.
You don't need to reinstall windows at all, just follow the steps in the URL.
Thats the removal advice and software to get rid of this worm. To check your system for the worm press ctrl+alt+del and then go to the process tab. If mbblast.exe is running your infected. Go to the link above and get the software to remove the worm. Then go to the microsoft site and get the patch. If your infected the patch will not remove the worm, it just stops the vulnerability.
You don't need to reinstall windows at all, just follow the steps in the URL.
Last night i was reading on mess.be about that.
You have to end the program and sort out the registery stuff, im guessing you have got it sorted now anyways.
www.mess.be
more info will be there.
You have to end the program and sort out the registery stuff, im guessing you have got it sorted now anyways.
www.mess.be
more info will be there.
I had this RPC thing the other day, just went on Google to find the Microsoft Patch for it and then it's all fine.
My neighbours called me round today and said they had a virus. I looked and it was this RPC thing I had, so I just done the same for them.
It really turns me on.
My neighbours called me round today and said they had a virus. I looked and it was this RPC thing I had, so I just done the same for them.
It really turns me on.
Ah, luckily I'm behind a linux box, because I got fed up of Zonealarm and uninstalled it after it kept annoying me.
My system also has msblast, even after ending process and deleting the two programs in System32 it is still there after rebooting, I have re-installed XP but to no avail, I can't get rid of the bug*er, sounds over the top, but I think I need to format my drive which is OK as everything is backed up, but .... can't seem to get to the format drive bit from my XP recovery disc, reading the info that came with it, I should get the option to persoanlise my installation which will allow me to format my drive before installing if I wish, but this doesn't happen, can someone help please.
VR - Download the patch from microsoft.
Then get yourself a virus checker - Scan your drive and once it finds it - It should delete it.
And whats the deal with having Linux? Does that make you cool?
Then get yourself a virus checker - Scan your drive and once it finds it - It should delete it.
And whats the deal with having Linux? Does that make you cool?
Page: