Larian Banner: Baldur's Gate Patch 9

Register Log In

Larian Studios Forums General Chat Chat (Anything) Alert : Blaster ! (Worm / Virus)

Print Thread

Page 9 of 10

1

2

…

7

8

9

10

Re: Virus "life is beautiful.pps" HandEFood #99020 26/02/04 04:16 AM
Joined: Apr 2003 Location: Somewhere between Here, ..and ... Jurak veteran
Jurak veteran Joined: Apr 2003 Location: Somewhere between Here, ..and ...	that was Handee......!! <img src="/ubbthreads/images/graemlins/wave.gif" alt="" /> <img src="/ubbthreads/images/graemlins/up.gif" alt="" /> <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" /> thx! [color:"#33cc3"]Jurak'sRunDownShack! Third Member of Off-Topic Posters Defender of the [color:"green"]PIF. [/color] Das Grosse Gr�ne Ogre!!! [/color]

Re: Virus BAGLE.Q Jurak #99021 21/03/04 11:48 AM
Joined: Mar 2003 A AlrikFassbauer OP veteran
OP AlrikFassbauer veteran A Joined: Mar 2003	Bagle.Q (Mutations ordered by Alphabet) uses just another exploit - security hole in the Internet Explorer and accompanied files. Just opening an Bagle.Q - infected e-mail is all you need - because Bagle.Q loads itself via using an embedded Hyperlink. I've got my information from this German Article. The links on the bottom of the article lead to descritions made by major Virus-Scanner developing companies, even in English <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> . Quotation from NAI : Quote The worm uses the Object Tag vulnerability in Internet Explorer, which allows for the writing and overwriting of local files by exploiting the ADODB.Stream object. A remote file (random_name.php ) is downloaded upon viewing the email message. This file is actually a HTML file containing a VBS script, and it is detected as VBS/Psyme with the 4306 DATs or greater. When run, this script creates another VBS script (Q.VBS) - again detected as VBS/Psyme - which is responsible for downloading the worm from one of the following IP addresses. There follows a list of a lot of IP-Adresses. Also, Bagle.Q tries to kill Programs - resident guarding scanners, firewalls and some others. Be careful ! Last edited by AlrikFassbauer; 21/03/04 11:49 AM. When you find a big kettle of crazy, it's best not to stir it. --Dilbert cartoon "Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch

Re: Virus BAGLE.Q AlrikFassbauer #99022 21/03/04 12:19 PM
Joined: Nov 2003 Cleglaw veteran
Cleglaw veteran Joined: Nov 2003	Quote Bagle.Q (Mutations ordered by Alphabet) uses just another exploit - security hole in the Internet Explorer and accompanied files. Just opening an Bagle.Q - infected e-mail is all you need - because Bagle.Q loads itself via using an embedded Hyperlink. I've got my information from this German Article. The links on the bottom of the article lead to descritions made by major Virus-Scanner developing companies, even in English <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> . Quotation from NAI : Quote The worm uses the Object Tag vulnerability in Internet Explorer, which allows for the writing and overwriting of local files by exploiting the ADODB.Stream object. A remote file (random_name.php ) is downloaded upon viewing the email message. This file is actually a HTML file containing a VBS script, and it is detected as VBS/Psyme with the 4306 DATs or greater. When run, this script creates another VBS script (Q.VBS) - again detected as VBS/Psyme - which is responsible for downloading the worm from one of the following IP addresses. There follows a list of a lot of IP-Adresses. Also, Bagle.Q tries to kill Programs - resident guarding scanners, firewalls and some others. Be careful ! Yet another reason to use Mozilla! The question is not, Can they reason? nor, Can they talk? but, Can they suffer? ~Jeremy Bentham

Re: Virus BAGLE.Q Cleglaw #99023 21/03/04 12:54 PM
Joined: Mar 2003 A AlrikFassbauer OP veteran
OP AlrikFassbauer veteran A Joined: Mar 2003	A) You don't need to quote EVERYTHING. <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> B) To anyone reading this : If you have any information about any kind of serious (more or less) threats, then please post it here ! Thank you. <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> When you find a big kettle of crazy, it's best not to stir it. --Dilbert cartoon "Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch

..im infected with Nachi.B and i can't seem to.. Virgo_Bluefire #99024 19/04/04 12:29 AM
Joined: Jun 2003 Location: Floating Among Vapor Ware Virgo_Bluefire old hand
Virgo_Bluefire old hand Joined: Jun 2003 Location: Floating Among Vapor Ware	...im infected with Nachi.B and i can't seem to..remove it Im seeking multiple removal tools and or prevention... Last edited by Virgo_Bluefire; 19/04/04 12:32 AM. This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)

Re: ..im infected with Nachi.B and i can't seem to.. Virgo_Bluefire #99025 19/04/04 12:36 AM
Joined: Jun 2003 Location: Visible Rincewind old hand
Rincewind old hand Joined: Jun 2003 Location: Visible	Have you tried Stinger ? "McAfee AVERT Stinger... is a stand-alone utility used to detect and remove specific viruses." It's a free tool. Last update was April 6, 2004, and all known variants of Nachi are included on the list of detections. The Rivertown Chronicle

Re: ..im infected with Nachi.B and i can't seem to.. Rincewind #99026 19/04/04 12:41 AM
Joined: Jun 2003 Location: Floating Among Vapor Ware Virgo_Bluefire old hand
Virgo_Bluefire old hand Joined: Jun 2003 Location: Floating Among Vapor Ware	thanks i'll try it when i have a chance <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)

Re: ..im infected with Nachi.B and i can't seem to.. Virgo_Bluefire #99027 19/04/04 10:06 AM
Joined: Apr 2003 Location: Estonia Egin veteran
Egin veteran Joined: Apr 2003 Location: Estonia	I have replaced HDD and therefore installed everything from scratch. Guess what have I got after connected to internet? Msblast or Lovesan virus. Tried to remove it with Kaspersky antivirus, later found out that I need first to patch IE and second Msblast removal patch. Got it, hope my system is clean now. Seeing that menue was weird. "You computer will shut down in 40, 39, 38, 37 seconds. "Endure. In enduring, grow strong." -Githzerai adage.

Re: ..im infected with Nachi.B and i can't seem to.. Egin #99028 19/04/04 10:37 AM
Joined: Sep 2003 Location: ::A dark dungeon:: LUCRETIA veteran
LUCRETIA veteran Joined: Sep 2003 Location: ::A dark dungeon::	@ Egin I had WBlast too in my system. My computer was sutting up every two minutes. There is a very good remocal tool in microsoft�s site. I would send you the link but I am at work right now and I don�t have it. It worked fine and cleaned my system. Check Microsoft if you can. Good luck friend <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> You can have my absence of faith you can have my everything...

Re: ..im infected with Nachi.B and i can't seem to.. LUCRETIA #99029 19/04/04 12:48 PM
Joined: Apr 2003 Location: Estonia Egin veteran
Egin veteran Joined: Apr 2003 Location: Estonia	Luc I have done that. Yes, this removal tool kills the virus. Thank you <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> "Endure. In enduring, grow strong." -Githzerai adage.

Im DOOMED!!!!! :( Rincewind #99030 19/04/04 03:42 PM
Joined: Jun 2003 Location: Floating Among Vapor Ware Virgo_Bluefire old hand
Virgo_Bluefire old hand Joined: Jun 2003 Location: Floating Among Vapor Ware	it didn't work <img src="/ubbthreads/images/graemlins/sad.gif" alt="" /> i've noticed by now that there are weird garbage folders etc on my two hard drives and weird programs asking for internet connection lol This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)

Re: Im DOOMED!!!!! :( Virgo_Bluefire #99031 19/04/04 06:33 PM
Joined: Sep 2003 Location: ::A dark dungeon:: LUCRETIA veteran
LUCRETIA veteran Joined: Sep 2003 Location: ::A dark dungeon::	@ Virgo Try ad aware program. It removes all the crap from the hard drive plus the dialers and trace programs. <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> You can have my absence of faith you can have my everything...

Re: Im DOOMED!!!!! :( LUCRETIA #99032 19/04/04 07:47 PM
Joined: Mar 2003 A AlrikFassbauer OP veteran
OP AlrikFassbauer veteran A Joined: Mar 2003	At least a lot. <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> Keep on reading in virus alert threads (or threats) ! <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> When you find a big kettle of crazy, it's best not to stir it. --Dilbert cartoon "Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch

Re: Im DOOMED!!!!! :( AlrikFassbauer #99033 19/04/04 10:55 PM
Joined: Jun 2003 Location: Visible Rincewind old hand
Rincewind old hand Joined: Jun 2003 Location: Visible	Ad-Aware site right here SpyBot - Search & Destroy site right here. Another free removal tool, this one from Sophos: includes more disinfection info., but you may have more than just Nachi on your system. Last edited by Rincewind; 19/04/04 11:04 PM. The Rivertown Chronicle

Re: Im DOOMED!!!!! :( Rincewind #99034 20/04/04 12:04 AM
Joined: Mar 2003 Location: My Corner of Divinity GoldyLocks veteran
GoldyLocks veteran Joined: Mar 2003 Location: My Corner of Divinity	The W32/Nachi variants W32/Nachi-A and W32/Nachi-B are worms that spread using the RPC DCOM vulnerability in a similar fashion to the W32/Blaster-A worm. One of these tried to infect my pc but Norton Antiviruse stopped it. Thank God. Good luck to those who have it.

Re: Im DOOMED!!!!! :( GoldyLocks #99035 20/04/04 12:18 AM
Joined: May 2003 Location: Seattle LewsTherinKinslayer13 veteran
LewsTherinKinslayer13 veteran Joined: May 2003 Location: Seattle	how are people getting these worms! that would help others avoice them I beleive.

Re: Im DOOMED!!!!! :( LewsTherinKinslayer13 #99036 20/04/04 12:45 AM
Joined: Jun 2003 Location: Visible Rincewind old hand
Rincewind old hand Joined: Jun 2003 Location: Visible	@Lews: As Goldy said, these particular nasties use a vulnerability in the MS operating system. But Microsoft released a patch for this in March 2003, and another patch in July 2003. The message is: [color:"orange"] run Windows Update regularly, and be sure to install all critical updates![/color] And don't forget good anti-virus software for all the other nasties out there, with Ad-Aware and/or SpyBot S&D for backup! The Rivertown Chronicle

Re: Im DOOMED!!!!! :( Rincewind #99037 20/04/04 01:58 AM
Joined: Mar 2004 NightMares journeyman
NightMares journeyman Joined: Mar 2004	Guess I am more worried about windows updates than the hackers. The last time I tried to install one of their updates, it destroyed my hard drive. I had to reformat and reinstall everything. I personally will take my chances with the hackers; they cannot do any more damage then the windows updates. Men and nations do behave wisely, once all other alternatives have been exhasted

Re: Im DOOMED!!!!! :( NightMares #99038 20/04/04 02:16 AM
Joined: Jun 2003 Location: Visible Rincewind old hand
Rincewind old hand Joined: Jun 2003 Location: Visible	@NightMares: I tend to ignore most of their non-critical updates for that very reason... Have certainly seen serious problems caused by driver updates installed from the Windows Update site (I prefer to go directly to the appropriate vendor site). However, if you are vulnerable to the DCOM exploits, you might want to check out GRC's Freeware, which includes a utility to disable DCOM: The DCOMbobulator DCOMbobulator allows any Windows user to easily verify the effectiveness of Microsoft's recent critical DCOM patch. Confirmed reports have demonstrated that the patch is not always effective in eliminating DCOM's remote exploit vulnerability. But more importantly, since DCOM is a virtually unused and unneeded facility, the DCOMbobulator allows any Windows user to easily disable DCOM for significantly greater security. The Rivertown Chronicle

Re: Im DOOMED!!!!! :( Rincewind #99039 20/04/04 11:48 AM
Joined: Jun 2003 Location: Floating Among Vapor Ware Virgo_Bluefire old hand
Virgo_Bluefire old hand Joined: Jun 2003 Location: Floating Among Vapor Ware	<img src="/ubbthreads/images/graemlins/disagree.gif" alt="" /> i scheduled an appointment with one of the i_tech dudes on campus for thursday after i get back from class i'll play doctor with that cd i just got.......who knows maybe i can mess up my computer a bit more just for measure no? <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> lol This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)

Page 9 of 10

1

2

…

7

8

9

10

Moderated by ForkTong, Larian_QA, Lynn, Macbeth

Hop To

Link Copied to Clipboard

Powered by UBB.threads™ PHP Forum Software 7.7.5