Aug 12, 2003 09:02 pm Danke
Virus Heads Up
Posted on Aug 12, 2003 08:56 pm
jues
Contributor Since: Dec 30, 2002
This one's REALLY nasty. It will cause your computer to "shut down" everytime you connect to the internet!
Info on the Virus here: www.techtv.com/news/secur...3498394,00.html
Microsoft Secuirty Fix here: www.microsoft.com/downloa...;displaylang=en
[ Back to Top ]
Aug 12, 2003 09:45 pm it already got me... i'm screwed. its shutting me down right now - i just checked this site to see if i could connect at all! arghh....
Aug 12, 2003 10:53 pm Pretty easy to get rid of. disconnect from the internet (try safemode if it's still rebooting on you after disco), if you have spybot search & destroy, run it's check and it will remove it.
www.safer-networking.org/
If not run regedit and search for msblast, it should be under the windows update key. delete the msblast.exe from the key. Next Using files & folder search from the start menu search for msblast, 2 occurances should pop up delete them.
Now connect to the inet and get the patch and apply it, and your safe at least for now <G>
Aug 12, 2003 11:00 pm Does this affect Windows 98? I haven't had any trouble and I've been logged on all day. I can't find any patch for 98 on the Microsoft site.
Aug 13, 2003 12:49 am Doesn't appear to. At any rate the patch has been available on Windows Update for any affected Operating systems since around mid July I believe, so if you been to WU since then your probably covered anyhow :)
Aug 13, 2003 05:05 am Quote:
it already got me... i'm screwed. its shutting me down right now - i just checked this site to see if i could connect at all! arghh....
sorry, I shouldn't laugh. I hope you can fix it...
Aug 13, 2003 05:32 am this is what i was talking about last month, this security hole. db said not to worry. good call db! (just joshin'):)
i am connected to the net with win98 and from what i've read 98 is invulnerable since this was...a problem with the xp code, right? but then how come NT and win2000 are listed too? how can it exploit a hole in win2000--it's an older OS...i can't understand how such a flaw wouldn't have been caught there much earlier?
what an elegant virus though, eh? i wish i knew more about computers. ports. how the heck do ports work. how many are there and WHAT are they, physically, if anything?
sorry for all the questions...this is fascinating.
Aug 13, 2003 05:43 am Quote:
what an elegant virus though, eh?
Not reall, it's pretty simple and barbaric really. It just forces a buffer overflow on certain ports and then runs a hidden cmd.exe box which performs a DoS (denial of Service) on a selected server.
The way it spreads is pretty clever tho, it generates a random IP address and then continues to add to it until it has spread to all 255 possible variants on that chain.
clever stuff. You can read up more on viruses on that link I gave at the top.
jues.
Aug 13, 2003 06:55 am Quote:
this is what i was talking about last month, this security hole. db said not to worry. good call db! (just joshin'):)
If people go to Windows update and keep their systems updated (like I have ALWAYS said), then there is nothing to worry about :-P The fix for this was on windowsupdate.microsoft.com on July 16...
Oh, and a command prompts also have some funny text in it poking fun at Bill Gates...a hackers sense of humor I guess.
it really wasn't that clever, and most firewalls and any properly patched Windows 2000 or Windows XP system wouldn't be affected.
No, it doesn't sound like Windows 98, 95 or ME were vulnerable, but, keep in mind those OS's run on a FAT32 filesystem, which means they have virtually NO security so they are vulnerable to MUCH more than this simple little virus.
Aug 13, 2003 07:36 am Well, here I am at work, cursing under my breath about that damn virus back at home... Thanks, olddog, thanks very much for that specific info on how to remove that key from my registry. You know, I've run that c-net "fix" download twice, and let me just say that the fix - doesn't. I'll run it once again when I get home, then take that key out.
Aug 13, 2003 07:46 am Well, if it doesn't fix it, perhaps that isn't what you problem is. It may be something entirely unrelated to the virus of yesterday, hell, one of my PC's at home (the "family PC") went to hell last night, totally unrelated to the virus...everything that went bad on anyone's PC yesterday isn't automatically the fault of the DCOM flaw.
Aug 13, 2003 12:36 pm that got me too that one...kept freaking me out! fixed now
Aug 13, 2003 02:54 pm Tincanbug: Try opening up the Taskmanger (ctrl-alt-del) and make sure that MSBLAST.EXE isn't running before you run Spybot S&D. If it's running it should be under the Processes tab. You'll have to be quick cause it will probably shut you down in 30 seconds. If it's there kill it, then remove the registry entry either with S&D or manually.
Aug 13, 2003 02:56 pm denial of service attacks are common, sure. but the spreading method of this one seems to be something i've never seen before. also, it's a polite virus which warns you to save your data. how odd. it's devoted to microsoft's 'fix' page. i think that's elegant. elegant as a joke, perhaps. i have read that it was clumsily written, however.
Aug 13, 2003 06:22 pm "Light is green... trap is clean!"
Virus-free is how I be. Thanks for the tips, olddog! That fix I downloaded didn't have enough sense to remove the running virus before cleaning it... it was reinstalling everytime because it was still running.
Aug 14, 2003 10:28 am ...yeah... my computer went to hell itself this week and it isn't connected to a network anymore... SONAR sometimes doesn't recognise my Q10...though everything else works fine (like games/winamp) I'll be plugging it in the network for the usual round of updates tonight I guess...
Aug 19, 2003 01:29 pm DOH, blaster.worm has a close-cousin called Welchia
FYI, Moves about on port 80 (http) securityresponse.symantec...lchia.worm.html for more info, she's a FAST one.
Aug 19, 2003 07:56 pm what is a port, exactly? i've always wanted to know where these ports lead, if they have some physical component or are just a nonphysical information channel.
Aug 19, 2003 08:11 pm a port is just a designated "channel" in/out of which information can flow. 80 does HTTP (web), 21 does FTP stuff, blah blah. you can open and close ports. it's pretty much just software organizing stuff for TCP/IP.
Aug 19, 2003 08:12 pm A computer has hundred of "ports" available, they are different channels on which PC's communicate. The internet (http) is on port 80, secure socket layer (https) is commonly on port 443 or 8443. POP email (recieving) is typically on 110 and SMTP email (sending) is on 25 (those tow mightbe beackwards, I forget) FTP is on 21...etc, everything has it's different port to talk on, the safest computer has the fewest ports possible open. The typical internet user should get a firewall (like the free ZoneAlarm from zonelabs) and have only ports 110, 80 and 25 open) developers like me need 21 for ftp, sometimes 23 for telnet, etc.
That's probably more than you wanted to know...
Also, be wary of attachments right now (and always should be) the SoBig virus is spreading like mad today, I have gotten dozens of infected emails at my yahoo account.
Get the free version of ZoneAlarm (which is a GREAT firewall) here www.zonelabs.com/store/co...reeDownload.jsp
Aug 19, 2003 08:19 pm you're right on SMTP and POP, dB. jinx! 1..2..3..4...
Aug 20, 2003 05:08 pm www.microsoft.com/technet...in/MS03-030.asp
www.microsoft.com/technet...in/MS02-040.asp
These are just the ones I recieved today...this is why I am not alarmed by the virus alerts, exploits and such...I get these weekly...
|
Related Forum Topics: |
If you would like to participate in the forum discussions, feel free to register for your free membership.