Home |
Search |
Today's Posts |
#1
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
And here's a MacInTouch-provided link to an article about this damned
worm: http://news.com.com/2100-1002-5062364.html?tag=macintouch This is a very nasty thing, people. Luke Kaven wrote: The Blaster/Posa/Lovsan worm will hunt you down and find you and cause you downtime and abundant headache without your doing anything to invite it. [I had such fun yesterday, all day] Hundreds of thousands of systems are being infected right now, and they are out looking for *you*!. If you run Windows2000/XP/NT, you want to download the listed patch (KB823980) immediately, and I do mean immediately. If you use Win2000, you need to be at least at Service Pack 2 to install this patch. Some of the early symptoms: * If you see a process running called "msblast.exe", you have it. * SVCHOST shuts down with errors * Drag and drop stops working * Add/Delete programs comes up blank with a "Cl&ose" button * File Search will fail to launch * Shift-Click in Internet Explorer (to launch in new window) does not work * Internet Explorer shows a blank version number (Help-About Internet Explorer) * Numerous programs (MS-Word/Excel, EZ-CDCreator, etc.), will not launch * Outlook Express will fail with (insufficient memory) if one tries to send a new message Here's hoping you have a worm-free day! Luke ===== From a notice posted by Jerry Bryant in microsoft.public.security - SEVERITY: CRITICAL DATE: August 11, 2003 PRODUCTS AFFECTED: Windows XP, Windows 2000, Windows Server 2003, Windows NT 4.0, NT 4.0 Terminal Services Edition WHAT IS IT? The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. This virus is also known as: W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer Associates). Best practices, such as applying security patch MS03-026 should prevent infection from this worm. Customers that have previously applied the security patch MS03-026 before today are protected and no further action is required. IMPACT OF ATTACK: Spread through open RPC ports. Customer's machine gets re-booted or has mblast.exe exists on customer's system. TECHNICAL DETAILS: This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026. Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill Symptoms of the virus: Some customer may not notice any symptoms at all. A typical symptom is the system is rebooting every few minutes without user input. Customers may also see: - Presence of unusual TFTP* files - Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest anti-virus software signature from your anti-virus vendor and scan your machine. For additional details on this worm from anti-virus software vendors participating in the Microsoft Virus Information Alliance (VIA) please visit the following links: Network Associates: http://us.mcafee.com/virusInfo/defau...virus_k=100547 Trend Micro: http://www.trendmicro.com/vinfo/viru...WORM_MSBLAST.A Symantec: http://securityresponse.symantec.com...ster.worm.html Computer Associates: http://www3.ca.com/virusinfo/virus.aspx?ID=36265 For more information on Microsoft's Virus Information Alliance please visit this link: http://www.microsoft.com/technet/security/virus/via.asp Please contact your Antivirus Vendor for additional details on this virus. PREVENTION: Turn on Internet Connection Firewall (Windows XP or Windows Server 2003) or use a third party firewall to block TCP ports 135, 139, 445 and 593; TCP ports 135, 139, 445 and 593; also UDP 69 (TFTP) for zombie bits download and TCP 4444 for remote command shell. To enable the Internet Connection Firewall in Windows: http://support.microsoft.com/?id=283673 1. In Control Panel, double-click Networking and Internet Connections, and then click Network Connections. 2. Right-click the connection on which you would like to enable ICF, and then click Properties. 3. On the Advanced tab, click the box to select the option to Protect my computer or network. This worm utilizes a previously-announced vulnerability as part of its infection method. Because of this, customers must ensure that their computers are patched for the vulnerability that is identified in Microsoft Security Bulletin MS03-026. http://www.microsoft.com/technet/sec...n/MS03-026.asp. Install the patch MS03-026 from Windows Update http://windowsupdate.microsoft.com As always, please make sure to use the latest Anti-Virus detection from your Anti-Virus vendor to detect new viruses and their variants. RECOVERY: Security best practices suggest that previously compromised machine be wiped and rebuilt to eliminate any undiscovered exploits that can lead to a future compromise. See Cert Advisory: Steps for Recovering from a UNIX or NT System Compromise. http://www.cert.org/tech_tips/win-UN...ompromise.html For additional information on recovering from this attack please contact your preferred anti-virus vendor. RELATED MICROSOFT SECURITY BULLETINS: http://www.microsoft.com/technet/sec...n/MS03-026.asp RELATED KB ARTICLES: http://support.microsoft.com/?kbid=826955 This article will be available within 24 hours. RELATED LINKS: http://www.microsoft.com/security/incident/blast.asp As always please make sure to use the latest Anti-Virus detection from your Anti-Virus vendor to detect new viruses and their variants. If you have any questions regarding this alert please contact your Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the US, outside of the US please contact your local Microsoft Subsidiary. Support for virus related issues can also be obtained from the Microsoft Virus Support Newsgroup which can be located by clicking on the following link news://msnews.microsoft.com/microsof...security.virus. -- hank alrich * secret mountain audio recording * music production * sound reinforcement "If laughter is the best medicine let's take a double dose" |
#2
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
LeBaron & Alrich wrote:
And here's a MacInTouch-provided link to an article about this damned worm: http://news.com.com/2100-1002-5062364.html?tag=macintouch This is a very nasty thing, people. Luke Kaven wrote: The Blaster/Posa/Lovsan worm will hunt you down and find you and cause you downtime and abundant headache without your doing anything to invite it. [I had such fun yesterday, all day] Hundreds of thousands It is indeed very active. My hardware firewall is currently logging hundreds of attacks per day on port 135. bobs Bob Smith BS Studios we organize chaos http://www.bsstudios.com |
#3
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
I would advise against just hacking the registry - just have a look at
www.sarc.com - follow the link to the w32.blaster.worm. Symantec have a free and very simple tool that fixes the damage and then takes you to the update patch from Microsoft which fixes the v.vulnerability Our uni was struck last night - it ground the servers to a halt with the traffic and infected many of our 3000 computers. Regards - Pat www.patski.cjb.net "Abhishek VERMA" wrote in message m... I had this same problem yesterday, the way i came around this is: - Start Run regedit (on Windows XP Pro) - Edit Find... (search for msbalster) - anything which has a value of msblaster, delete it NOTE: Would be nice to backup your windows registry first by File Save as... in the Registry Editor. I had 2 keys with the values containing "msblaster". After you've done this, restart your computer and hopefully everything should be sorted. REASON: This worm is relatively new, and hence no (less) support/anti-virus is available for it. This worm tries to start itself on every restart through these registry values, so if u delete these values the worm doesn't startsup. A good thing to do would be download the windows updates from microsoft's website. HTH Abhishek VERMA |
#4
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Symantec have a free cleaup utility, and apart from the MS patch it
might be worth using a personal firewall like ZoneAlarm. A friend of mine had his modem-connected PC infected yesterday, so that's no protection! He's a drummer though, so I guess it's not surprising. Ian (Abhishek VERMA) wrote in message snip? REASON: This worm is relatively new, and hence no (less) support/anti-virus is available for it. This worm tries to start itself on every restart through these registry values, so if u delete these values the worm doesn't startsup. A good thing to do would be download the windows updates from microsoft's website. HTH Abhishek VERMA |
#5
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Thank, I'll try that tonight.
-Rob William Sommerwerck wrote: I believe it is. Or a related one. Log off. Check the Task Manager Processes window for msblast and kill the process. Then find msblast.exe on your hard drive and delete it. Then log on and install the Microsoft update. I did these things yesterday, and that was the end of that. I think my computer at home is infected, but I haven't heard symtoms described like what it is doing. It keeps having a window pop up and says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)" It then says "save all information as your computer will now be shutting down". Then a 60 second timer starts counting down and the computer shuts down. It automtically restarts only to have the window pop up again and start all over. Does anybody know if this is the worm? |
#6
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"GeeMima" wrote in message ... I'm running Windows 98 SE, which I don't believe is vulnerable to the MSBlaster attack. However, I just did a search using regedit and an msblaster line showed up in Windows/Microsoft/Explorer. Should I delete this key? My computer is running normally. Also, I ran task manager and at the top of the list is a line reading: " Beware the MSblaster Worm, it will get you." Now, I'm freaking... Okay, forget the task manager listing. It showed up because this NG message was open in the background. Freak off... "William Sommerwerck" wrote in message ... I believe it is. Or a related one. Log off. Check the Task Manager Processes window for msblast and kill the process. Then find msblast.exe on your hard drive and delete it. Then log on and install the Microsoft update. I did these things yesterday, and that was the end of that. I think my computer at home is infected, but I haven't heard symtoms described like what it is doing. It keeps having a window pop up and says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)" It then says "save all information as your computer will now be shutting down". Then a 60 second timer starts counting down and the computer shuts down. It automtically restarts only to have the window pop up again and start all over. Does anybody know if this is the worm? |
#7
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"Rob Adelman" wrote in message
I think my computer at home is infected, but I haven't heard symtoms described like what it is doing. It keeps having a window pop up and says "NTAUTHORITY\SYSTEM - Remote Procedure Call (RPC)" It then says "save all information as your computer will now be shutting down". Then a 60 second timer starts counting down and the computer shuts down. It automtically restarts only to have the window pop up again and start all over. Does anybody know if this is the worm? For sure. How did you catch it? |
#8
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"Luke Kaven" wrote in message
The Blaster/Posa/Lovsan worm will hunt you down and find you and cause you downtime and abundant headache without your doing anything to invite it. [I had such fun yesterday, all day] The short answer for disabling this virus a (0) remove any network or modem cables attached to the machine. (1) Bring your machine up in "Safe Mode" by pressing F5 while re-booting. The virus will give you ample opportunities to do this. (2) Go to My Computer (3) Open up your "C" drive (4) Open up the "Windows" folder (5) Open up the "System32" folder in the "Windows" folder (6) Delete the MSBLAST.EXE file. You can avoid reinfection the next time you go online by downloading and applying the (now) well-known fix from MS. The obvious challenge is getting the fix before you get re-infected. I'd like to know how people are catching this virus as a matter of fact. I hear about bum email attachments, but it appears that it can be caught by simply being online without adequate protection. |
#9
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Arny Krueger wrote: Does anybody know if this is the worm? For sure. How did you catch it? No idea. Thanks for the fix though, going to try that tonight. -Rob |
#10
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
William Sommerwerck wrote: I believe it is. Or a related one. Log off. Check the Task Manager Processes window for msblast and kill the process. Then find msblast.exe on your hard drive and delete it. Then log on and install the Microsoft update. I did these things yesterday, and that was the end of that. I did it, and here I am! Worked like a charm. -Rob |
#11
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Is it really that dangerous. I have just XP bundled firewall service,
and got nothing. I have all remote and sharing services dissabled (not installed/ allowed). What's the deal? Vladan www.geocities.com/vla_dan_l www.mp3.com/lesly , www.mp3.com/shook , www.mp3.com/lesly2 www.kunsttick.com/artists/vuskovic/indexdat.htm |
#12
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
On Wed, 13 Aug 2003 09:13:10 -0500, "GeeMima"
wrote: I'm running Windows 98 SE, which I don't believe is vulnerable to the MSBlaster attack. However, I just did a search using regedit and an msblaster line showed up in Windows/Microsoft/Explorer. Should I delete this key? My computer is running normally. Also, I ran task manager and at the top of the list is a line reading: " Beware the MSblaster Worm, it will get you." Now, I'm freaking... Unless this was a joke, relax. What you see are references to reading this thread. Vladan www.geocities.com/vla_dan_l www.mp3.com/lesly , www.mp3.com/shook , www.mp3.com/lesly2 www.kunsttick.com/artists/vuskovic/indexdat.htm |
#13
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Vladan wrote: Is it really that dangerous. Umm, no. I have just XP bundled firewall service, and got nothing. Not the case for me. I got worms and I wasn't even going fishin' I have all remote and sharing services dissabled (not installed/ allowed). Me too. What's the deal? Dunno, Glad the worm is gone though. Hope it doesn't come back. |
#14
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
|
#15
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Don Cooper wrote:
Luke Kaven wrote: The Blaster/Posa/Lovsan worm will hunt you down and find you and cause you downtime and abundant headache without your doing anything to invite it. Having a Mac can really be boring some days. Though making friends with humans on the dark side does beget a lot of email from folks I've never met or heard of, or that maybe don't even exist. But they still send me emails by the ton. Pretty exciting throwing it all away. Everyday. -- ha |
#16
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
|
#18
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"Luke Kaven" wrote ...
The devilish thing is that once Microsoft announced that they had a critical security problem in Windows, the race was on. I should have known that hackers, one of whom likely found the bug in the first place, were setting to work the moment the challenge was laid down. I should have taken the attitude that such a worm was coming sooner rather than later and loaded the patch the minute it became available. Reports are that all the infected machines will be used to launch a DOS (denial of service) attack on Microsoft's patch servers by swamping them with bogus traffic. |
#19
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Luke Kaven wrote:
I should have known that hackers, one of whom likely found the bug in the first place, were setting to work the moment the challenge was laid down. I should have taken the attitude that such a worm was coming sooner rather than later and loaded the patch the minute it became available. You and about lebbenty zillion others! -- ha |
#20
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"Rick Thomas" wrote ...
See everyone should own a mac. If they did then you would be the one complaining about the unending infections. The juvenile delinquents go after whoever has the biggest market share. At times like these you should be glad Apple has such a tiny market share. |
#21
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Richard Crowley wrote:
Reports are that all the infected machines will be used to launch a DOS (denial of service) attack on Microsoft's patch servers by swamping them with bogus traffic. Technical point: the traffic is real; the message is bogus. g -- ha |
#22
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
|
#23
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Mike Rivers wrote: I'm using the free version of Zone Alarm, and if that allows blocking of specific ports, I haven't found it. It might be a feature only of the the paid version. But it blocks a lot of stuff, and I'm dialed up all the time and haven't found the latest worm yet. After I got rid of the worm, I must have changed something because I started getting all those annoying popups again. So I also started the free version of Zone Alarm and it seems to be working. It is up to about 40 blocked attempts. So maybe I will buy the paid version? I am wondering if Zone Alarm or Norton or someone started the worm? Sure is good for business.. |
#24
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Scott Dorsey wrote:
Patches come out on a regular basis, but none of them fix the fact that there is a fundamental design flaw. At least MS has proven that square wheels can roll if you push 'em hard enough. -- ha |
#25
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Rob Adelman wrote:
Mike Rivers wrote: I'm using the free version of Zone Alarm, and if that allows blocking of specific ports, I haven't found it. It might be a feature only of the the paid version. But it blocks a lot of stuff, and I'm dialed up all the time and haven't found the latest worm yet. After I got rid of the worm, I must have changed something because I started getting all those annoying popups again. So I also started the free version of Zone Alarm and it seems to be working. It is up to about 40 blocked attempts. So maybe I will buy the paid version? I am wondering if Zone Alarm or Norton or someone started the worm? Sure is good for business.. Go into Settings-Control Panel-Administrative Tools-Services Look for the "Windows Messaging" service and see it is running. If it is, right click on the entry for it, and bring up the Property sheet. Hit Stop, and select "Disable". You won't be able to run some kinds of instant messaging, but that will keep popups from coming in out of the wild. If you run Spybot Search & Destroy periodically (and keep up with the updates), you will be able to eradicate most annoying trojans (Xupiter, Gator, all those things we hate). Luke |
#26
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Scott Dorsey wrote:
There is NO excuse for this kind of bad design. There is NO excuse for shipping products that are fundamentally insecure by default. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." Somehow this reminds me of Marvin, the incredibly depressed, paranoid android where Bill Gates has given us an OS the size of a planet ...etc. Yep, I think my Windows machines have a lot of insecurities: fear of crashing, fear of invasion, blue screen of death, fear of other's applications, shutting down without pushing the "start" button... Thus far my firewall is holding. Ron Capik cynic in training -- |
#27
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Ron Capik wrote: Ron Capik cynic in training Great line, Ron! |
#28
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
An odd response from someone named Capik (ie, Capek)...
Ron Capik wrote... Somehow this reminds me of Marvin, the incredibly depressed, paranoid android where Bill Gates has given us an OS the size of a planet ...etc. Yep, I think my Windows machines have a lot of insecurities: fear of crashing, fear of invasion, blue screen of death, fear of other's applications, shutting down without pushing the "start" button... |
#29
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
"Luke Kaven" wrote in message ... Rob Adelman wrote: Mike Rivers wrote: I'm using the free version of Zone Alarm, and if that allows blocking of specific ports, I haven't found it. It might be a feature only of the the paid version. But it blocks a lot of stuff, and I'm dialed up all the time and haven't found the latest worm yet. Mike, Zone Alarm is a pretty cool tool to be so innocuous to load. The Pro version does allow highly tailored functions on a site by site basis if needed. I think it's quite sufficient enough in it's 'free' state though. After I got rid of the worm, I must have changed something because I started getting all those annoying popups again. So I also started the free version of Zone Alarm and it seems to be working. It is up to about 40 blocked attempts. So maybe I will buy the paid version? I am wondering if Zone Alarm or Norton or someone started the worm? Sure is good for business.. Rob, I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm is pretty reknowned for his work in identifying 'spyware' software, including actions against Real Networks (Real player, Real jukebox, Real download, etc.), PKZip and more - - I doubt he writes virii as a passtime. We could share in the great cynic, conspiracist approach, however. Go into Settings-Control Panel-Administrative Tools-Services Look for the "Windows Messaging" service and see it is running. If it is, right click on the entry for it, and bring up the Property sheet. Hit Stop, and select "Disable". You won't be able to run some kinds of instant messaging, but that will keep popups from coming in out of the wild. If you run Spybot Search & Destroy periodically (and keep up with the updates), you will be able to eradicate most annoying trojans (Xupiter, Gator, all those things we hate). Luke Did you figure out how you got this thing Luke? (I'd really like to hear how the USPS stumbled onto it). I like AdAware, but Spybot probably runs much the same way. Probably both are harmless, non-invasive pieces of software... I know AAW is. By practicing simple safe (albeit sometimes time consuming) surfing and mail-reading practices, using a firewall and judiciously setting a few preferences, I've never had a virus, and I have never used on-board anti-virus software. The protection has almost always been there, you just have to employ it. I think the careless, haphazard users get the worms in most cases. (I can't put you in that category). I'm surprised how many people are glued to the internet without a firewall and with no knowledge of their on-board protection options. Keeping updated is such a minor thing... some would make it sound like big trouble, but it's a no brainer to do this. (...And *without* downloading the automatic update notifier.. another POS to run in the background). -- David Morgan (MAMS) http://www.m-a-m-s.com http://www.artisan-recordingstudio.com |
#30
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
William Sommerwerck wrote:
An odd response from someone named Capik (ie, Capek)... ..snip... Ah, but I've been to the filk side... ;-) Ron Capik [aka: the NJ Editorial Minstrel ] -- [chorus] Re-boot 16 times, what do you get Another error message or the blue screen of death My registry's corrupted and the re-boot's slow I got my bugs from the Microsoft store [ "to the tune of 16 tons" ] |
#31
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Ron Capik wrote:
Ron Capik [aka: the NJ Editorial Minstrel ] -- [chorus] Re-boot 16 times, what do you get Another error message or the blue screen of death My registry's corrupted and the re-boot's slow I got my bugs from the Microsoft store [ "to the tune of 16 tons" ] EggHd, Sign this guy. -- ha |
#32
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
in article , Richard Crowley at
wrote on 8/14/03 2:20 AM: "Rick Thomas" wrote ... See everyone should own a mac. If they did then you would be the one complaining about the unending infections. The juvenile delinquents go after whoever has the biggest market share. At times like these you should be glad Apple has such a tiny market share. Ahh, viruses just dont work as well on mac os and amiga systems. There to easy to spot and get rid of. |
#33
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
|
#34
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Rick Thomas wrote in
: Ahh, viruses just dont work as well on mac os and amiga systems. There to easy to spot and get rid of. That's funny! The Amiga was the most virus-ridden computer of it's time. Actually, the whole virus scene was started with the Amiga. Sure, there were a few PC virii and other stuff before the avalanche of Amiga virii, but the Amiga was the first computer to get new virii written for it regularly. I remember when almost noone had heard of computer virii, almost all gamers owning an Amiga had at least one floppy with "VIRUS!" written on it, and almost no PC owners had ever encountered a virus. Actually, the way Amiga OS handled floppys made trhe Amiga easier to infect than anything else. You just had to insert the floppy. In a PC, you had to execute the infected executable yourself, or leave the floppy in the drive when bootting the PC. The Amiga oth happily executed the virus as soon as the floppy was inserted. Nowadays everything's changed of course. Floppy's are no longer the premium distribution channel for virii, strangely made email readers execute code left and right, an a consumer OS has wide open RPC daemons running all the time. Regards /Jonas |
#35
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
There's a version for 32-bit and a version for 64-bit XP. There's a hyperlink to the downloads page right on the microsoft home page. George W. writes: Anyone know the patch number for XP? Thanks. |
#36
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
|
#37
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Today in the office, the worm was propagating. Even though the "computer
guy" assured us it wouldn't get us. He has firewalls and routers and security stuff and told us it wouldn't get in. But hey, it didn't get me, I have windows 98 on my work computer he,he.. So the lady in the front area was sitting there with her computer shutting down and starting up and I told her to check the task manager, shut off msblast, then search for the file and delete. I was the Hero! heheh Computer guy was downstairs and I told him Pat's computer was infected but we fixed it and he was all " oh no, I gotta get up there and do this that and the other thing... William Sommerwerck wrote: I believe it is. Or a related one. Log off. Check the Task Manager Processes window for msblast and kill the process. Then find msblast.exe on your hard drive and delete it. Then log on and install the Microsoft update. I did these things yesterday, and that was the end of that. |
#38
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
I took Luke's advise and went into administration tools and shut off a
few things including alert. Pop ups are gone, free zone alarm, uninstalled, everything back to normal. I suppose there are hundreds of attempts going into my computer right now. Does it really matter? David Morgan (MAMS) wrote: "Luke Kaven" wrote in message ... Rob Adelman wrote: Mike Rivers wrote: I'm using the free version of Zone Alarm, and if that allows blocking of specific ports, I haven't found it. It might be a feature only of the the paid version. But it blocks a lot of stuff, and I'm dialed up all the time and haven't found the latest worm yet. Mike, Zone Alarm is a pretty cool tool to be so innocuous to load. The Pro version does allow highly tailored functions on a site by site basis if needed. I think it's quite sufficient enough in it's 'free' state though. Rob, I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm is pretty reknowned for his work in identifying 'spyware' software, including actions against Real Networks (Real player, Real jukebox, Real download, etc.), PKZip and more - - I doubt he writes virii as a passtime. We could share in the great cynic, conspiracist approach, however. Go into Settings-Control Panel-Administrative Tools-Services Look for the "Windows Messaging" service and see it is running. If it is, right click on the entry for it, and bring up the Property sheet. Hit Stop, and select "Disable". You won't be able to run some kinds of instant messaging, but that will keep popups from coming in out of the wild. If you run Spybot Search & Destroy periodically (and keep up with the updates), you will be able to eradicate most annoying trojans (Xupiter, Gator, all those things we hate). Luke Did you figure out how you got this thing Luke? (I'd really like to hear how the USPS stumbled onto it). I like AdAware, but Spybot probably runs much the same way. Probably both are harmless, non-invasive pieces of software... I know AAW is. By practicing simple safe (albeit sometimes time consuming) surfing and mail-reading practices, using a firewall and judiciously setting a few preferences, I've never had a virus, and I have never used on-board anti-virus software. The protection has almost always been there, you just have to employ it. I think the careless, haphazard users get the worms in most cases. (I can't put you in that category). I'm surprised how many people are glued to the internet without a firewall and with no knowledge of their on-board protection options. Keeping updated is such a minor thing... some would make it sound like big trouble, but it's a no brainer to do this. (...And *without* downloading the automatic update notifier.. another POS to run in the background). |
#39
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
Richard Crowley wrote:
The vast majority of the security vulnerabilities seem to be poor (or seeming non-existent) buffer/pointer management. Some have suggested this is due to the way early Microsoft C compiler manuals were edited. All their new-college-grad progrmmers used the section showing how to do it, and never looked at the appendix explaining buffer overrun safeguards and pointer preservation. An apparent dearth of meaningful code review would appear to have neatly finished the job. Now there are likely thousands and thousands of vulnerable buffers ripe for the discovery by the next slime-ball virus "author". No, not at all. The buffer overrun issues are only a tiny fraction of a more fundamental problem of just plain not designing with security in mind. The buffer overrun problems are only the most visible ones because they are the ones that are being fixed. But remember, Microsoft didn't implement real memory protection until Windows 95... and this was, what, almost thirty years after the industry had embraced the concept? The i386 architecture has all kinds of nifty security features built into it, including real rings. Seen anybody use the ring stuff? Didn't think so. It is very clear that whoever designed the "convenient" way that Outlook handles attachments never even thought about the ways it could be abused. THAT is the real problem. People who do systems design, and then write actual code, without any clue as to how it can be misused and what could go wrong with it. It doesn't take much, it just takes the right attitude. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#40
|
|||
|
|||
Beware the MSBlaster Worm, it will get you
I suppose not. But you still become a statistic if your computer can be seen.
And if a port is open, you can be hacked. I suppose it's just a personal preference to run my surfing toy in total 'stealth' mode. If you want to analyze your vulnerability to attack, do a free scan found at the Symantec site... You may want to close the doors anyway. http://security1.norton.com/us/intro...=sym&langid=us -- David Morgan (MAMS) http://www.m-a-m-s.com http://www.artisan-recordingstudio.com "Rob Adelman" wrote in message ... I took Luke's advise and went into administration tools and shut off a few things including alert. Pop ups are gone, free zone alarm, uninstalled, everything back to normal. I suppose there are hundreds of attempts going into my computer right now. Does it really matter? Rob, I can get 40 blocked attempts per hour!! The guy that developed ZoneAlarm is pretty reknowned for his work in identifying 'spyware' software, including actions against Real Networks (Real player, Real jukebox, Real download, etc.), PKZip and more - - I doubt he writes virii as a passtime. We could share in the great cynic, conspiracist approach, however. |
Reply |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Buyer Beware | Car Audio | |||
[TCR-D] Beware of this "nice" guy | High End Audio | |||
John Deacon, beware of seller, etc. | Pro Audio |