Larian Banner: Baldur's Gate Patch 9
Previous Thread
Next Thread
Print Thread
Page 2 of 10 1 2 3 4 9 10
Joined: Mar 2003
old hand
Offline
old hand
Joined: Mar 2003
It (the blaster worm) hit us really hard at work today! I have two computers on my desk and both got hit by the worm. One of the computers couldn't find it by doing a search either. I had to go to C:\WINNT\System32\ to find it so it was trying to hide. - Weird! <img src="/ubbthreads/images/graemlins/eek.gif" alt="" />


~DragonQueen~
Joined: Mar 2003
Location: Canada
veteran
Offline
veteran
Joined: Mar 2003
Location: Canada
Jelp - fast - before it shuts this machine down again...i have windows XP - how do i turn it onto safe mode??????

Joined: Mar 2003
old hand
Offline
old hand
Joined: Mar 2003
Reboot and hold control key down the whole time until it asks how you want to restart (safe mode). Hope this helps!!


~DragonQueen~
Joined: Jun 2003
old hand
Offline
old hand
Joined: Jun 2003
My isp has a strange habit of turning on and off just like when i got up 9 hours ago my connection to the internet was down, so I pretty sure im still clean. Thanks for the heads up though. <img src="/ubbthreads/images/graemlins/shhh.gif" alt="" />


This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)
Joined: Mar 2003
Location: sailing around
veteran
Offline
veteran
Joined: Mar 2003
Location: sailing around
how does one become infected with this virus? and what's it do? crash your comp a lot?


Joined: Mar 2003
Location: Belgium
veteran
Offline
veteran
Joined: Mar 2003
Location: Belgium
it's a worm faile, so you can get infected by just being online, it uses a fault in windows to enter your system, your PC doesn't crash, but it can lock or it can turn your PC off, use the tool I'v linked before and after you've scanned your PC, answer 'yes' when it asks to install the vulnerability patch for your system


Viper
Joined: Mar 2003
Location: sailing around
veteran
Offline
veteran
Joined: Mar 2003
Location: sailing around
oh, ok. thanks, viper.


Joined: Mar 2003
apprentice
Offline
apprentice
Joined: Mar 2003
@DQueene:

A fix that could perfectly block the worm has been online on the Microsoft Update site for over a month.

It so stupid that most people just don't keep theirs systems up-to-date. If the computers at work were infected by this worm, it's basically the fault of the companies sytem-administrator.
Also, a solid firewall could have spared you alot of throubles.
(Here @ work we have a double Linux firewall <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> )




Uther Pendragon Truly great madness cannot be achieved without significant intelligence.
Joined: Mar 2003
Location: Belgium
veteran
Offline
veteran
Joined: Mar 2003
Location: Belgium
I keep my PC up-to-date, haven't had probs so far


Viper
Joined: Mar 2003
Location: Belgium
veteran
Offline
veteran
Joined: Mar 2003
Location: Belgium
I have something else here: everytime i run the removaltool, after a few minutes it just shuts down (the tool i mean) <img src="/ubbthreads/images/graemlins/confused.gif" alt="" /> <img src="/ubbthreads/images/graemlins/confused.gif" alt="" />


Joliekiller, paladin on a crusade against (almost) all evil.
Joined: Mar 2003
Location: Belgium
veteran
Offline
veteran
Joined: Mar 2003
Location: Belgium
and what does the LOG say?? did you close all programs?

did you disable System Restore in XP??


Viper
Joined: Apr 2003
Location: Estonia
veteran
Offline
veteran
Joined: Apr 2003
Location: Estonia
Hehe, my boss came with his notebook complaining that it automatically closes any programs right after he openes them. Connecting to internet makes PC to reboot.
Daamn, it took long to find tha cause and solution.

I couldn't connect notebook to our office network to update a-virus software, because I thought the virus will go to other machines.

And it closed Kaspersky right after I start virus scan <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" />

Only at evening we have found that Stinger program - removal for virus.

Yes and virus name was MS Blast. Nasty. Beware.



"Endure. In enduring, grow strong." -Githzerai adage.
Joined: Mar 2003
Location: Belgium
veteran
Offline
veteran
Joined: Mar 2003
Location: Belgium
Quote
and what does the LOG say?? did you close all programs?

did you disable System Restore in XP??


Cool hé log is empty. Restore disabled.

But i've solved the problem. It appeared that it always stopped in my temp files. SO i deleted them and temp internet files--> problem solved <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />


Joliekiller, paladin on a crusade against (almost) all evil.
Joined: Jun 2003
Location: Visible
old hand
Offline
old hand
Joined: Jun 2003
Location: Visible
According to one news story:

Quote
Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!"


A "security expert" quoted in the same article said:

Quote
But to expect home users to keep their systems current is unreasonable, said Bruce Schneier, chief technology officer with Counterpane Internet Security Inc. He blames software developers for writing bad software that constantly need "critical" patches.

"My mother will never install the patch until I come visit," he said. "I couldn't even call her and walk her through it. The industry is wrong to expect her to do it. The fact that she sends me e-mail is incredible enough."


While I agree that software developers (read "Microsoft"!) are often at fault, it doesn't follow that home users (that's us, dammit!) are quite so naive....It's a sweeping generalization; I think his mom should slap him silly for being so arrogant!

Last edited by Rincewind; 13/08/03 01:34 PM.
Joined: Mar 2003
A
veteran
OP Offline
veteran
A
Joined: Mar 2003
I agree that - as usual - the home users are the loosers.

Companies have Hardware Firewalls, Intrusion Detection Systems and advanced stuff, but the home user hasn't.

And currently Blaster is spreading mostly because of home users.


And now for something different ...

It seems, there's a new kid on the block :

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RPCSDBOT.A

Technical details :

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RPCSDBOT.A&VSect=T


When you find a big kettle of crazy, it's best not to stir it.
--Dilbert cartoon

"Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch
Joined: Mar 2003
Location: Canada
veteran
Offline
veteran
Joined: Mar 2003
Location: Canada
Well, it took me forever to get rid of this last night...but now it is all good. I had to try to help my dad do it. <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> Don't i feel special...he is too impatient sometimes. <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> But, i love him anyway.

Then, i had to reinstall Noton - for some reason it was screwed...had to dump/re-install...but, scanned the whole computer again after that - everything is good to go! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

Joined: Aug 2003
Location: north ontario
apprentice
Offline
apprentice
Joined: Aug 2003
Location: north ontario

IMHO this virus is long overdue. Some info on this:
It's a vulnerability in the windows system itself b/c it comes in through Port 135. The exploit has been known for over a month now, all's you have to do is update windows, which you really should b/c if you leave yourself open to this, you'd be silly. It automatically scans for IP address, presumed random at this moment, and looks for Port 135 to enter. It was made to make a DDOS attack on microsoft's update page on the 16th of August I believe. It add's a new registry key to your computer and boots itself up. Filename is msblast.exe . It's a worm based on dcom.c (the vulnerability is that itself and NEEDS to be updated). Also this can be used to take over your system, people can send a trojan and completely exploit/takeover your system without having to do any background work except knowing that you run Win 2000, NT, and XP. Earlier versions of window's are not affected. Thankfully this worm is not coded very well (seems to have been a rush job on someone's part) and does no malicious damage as of yet. Though on the 16th things could get very interesting.

So in short: UPDATE your windows system or else someone can remotely administrate your computer and do nasty things to it or other computers that will get you in trouble.
EDIT: oops thats wrong up there, its not the Port that is the vulnerablity it is RPC DCOM. sorry bout that.

Dunyain

Last edited by dunyain; 13/08/03 02:31 PM.
Joined: Mar 2003
Location: Canada
veteran
Offline
veteran
Joined: Mar 2003
Location: Canada
Why shoudl things get intresting on the 16th?
From what i have heard, they actually knew about this since 4.0, but it does only effect the newer ones...

Joined: Aug 2003
Location: north ontario
apprentice
Offline
apprentice
Joined: Aug 2003
Location: north ontario
Things may get interesting b/c people are just patching with the removal tool or updating virus definitions. I know of at least 3 programs right now that have been built in a few days that have become remote admin tools. Who's to say that everyone will go and update window's. As that one security guy said about his mother, some people just won't do it. Now you multiply that across the world and say you have 4000-5000 PCs that are not updated and infected with msblast.exe. Launching a DDOS attack on a scale that large could definitly cause some serious problems. And who's also to say someone doesn't take advantage of this, poses as the original author of the virus and codes in an extra few lines of maliciuos code, you could have all newer versions of windows PC's formatting they're (or their, not sure) HD's. Kinda hard to update your version of windows when each time you get it installed, it starts formatting your drive before you can download the vulnerability.

Plus there are so many people that can and are starting to mutate this virus. And with a huge DDOS attack being launched on the 16th, things could get very interesting for window's users.

EDIT: Did I mention some business' are just too damn lazy to update they're software. I know I had to go to each and every damn new machine and update it myself as the users just didn't listen to me (sys admin/security man)

Last edited by dunyain; 13/08/03 02:48 PM.
Joined: Jun 2003
Location: Visible
old hand
Offline
old hand
Joined: Jun 2003
Location: Visible
Carrie - From the Symantic site:

"If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on Windows Update. The worm will activate the DoS attack on the 16th of this month, and continue until the end of the year"

Page 2 of 10 1 2 3 4 9 10

Moderated by  ForkTong, Larian_QA, Lynn, Macbeth 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.5