Jump to content

Urgent warning

Newt

By Newt
in Non-Fishing Chat

 Share

Recommended Posts

Newt Member

Newt

Posted
Posted

If you run NT4/2K/XP, go to the microsoft site below and read then download & install the patch for your OS version. Very fast spreading critter that is not being reliably caught by AV software due to the way it operates.

 

http://support.microsoft.com/default.aspx?...kb;en-us;823980

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites
  • Replies 36
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Elton Member

Elton

Posted
Posted

Cheers, Newt.

Anglers' Net Shopping Partners - Please Support Your Forum

CLICK HERE for all your Amazon purchases - books, photography equipment, DVD's and more!

CLICK HERE for Go Outdoors. HUGE discounts!

 

FOLLOW ANGLERS' NET ON TWITTER- CLICK HERE - @anglersnet

PLEASE 'LIKE' US ON FACEBOOK - CLICK HERE

Link to comment
Share on other sites
chesters1 Member

chesters1

Posted
Posted

naughty boys ,shame on you :D proves you dont use windows update regularily :)

Believe NOTHING anyones says or writes unless you witness it yourself and even then your eyes can deceive you

None of this "the enemy of my enemy is my friend" crap it just means i have at least two enemies!

 

There is only one opinion i listen to ,its mine and its ALWAYS right even when its wrong

 

Its far easier to curse the darkness than light one candle

 

Mathew 4:19

Grangers law : anything i say will  turn out the opposite or not happen at all!

Life insurance? you wont enjoy a penny!

"To compel a man to furnish contributions of money for the propagation of opinions which he disbelieves and abhors, is sinful and tyrannical." Thomas Jefferson

Link to comment
Share on other sites
Steve Randles Member

Steve Randles

Posted
Posted

Some extra info for you all on removal and symtoms etc etc....

 

 

Some of you may experence an RPC error then windows will reboot!

You need to patch the exploit....

http://www.microsoft.com/technet/tr...in/MS03-026.asp

 

if it keeps shutting down before you manage to install it!

install or modifily your firewall to block port's 135 and 138

 

Another way

===========

 

First, if you have zonealarm or any similar firewall, DONT ALLOW msblast to access the internet.

 

Go to start->run type regedit. Go to HKEY Local MachineSoftwareMicrosoftWindows

CurrentVersionRun

 

If there is a key named 'windows auto update' with 'msblast' as the data, DELETE IT. What this does is it causes the program to allow connections on port 135.

 

Next, go to start->run type msconfig. Go to 'startup' and find msblast, uncheck it, and hit 'apply' and then 'ok'. When prompted to restart hit 'exit without restart'.

 

Next, alt-ctrl-delete. Go to 'processes' and then find msblast. Right click->end process tree. When prompted, hit YES.

 

Now, go to start->search and search for msblast. Anything that comes up [between 7-10kb files] drag to the desktop, and delete.

 

===================================

 

 

 

 

Microsoft RPC DCOM Worm

 

11 August 2003

 

Greetings,

 

On Monday, August 11, 2003, Counterpane was made aware of a wide spreading worm exploiting the recent Windows RPC vulnerability. This is a critical vulnerability affecting Windows NT, Windows 2000, Windows XP, and Windows Server 2003. The vulnerability exploits a flaw in the DCOM implementation which listens on RPC enabled ports. Specially crafted malformed messages can enable an attacked to gain complete control over a vulnerable Windows-based system. DCOM listening on TCP and UDP ports 135, 139, 445, and 593 are accessible to this vulnerability. Full details on the Microsoft security alert can be found at the following links:

 

http://www.microsoft.com/technet/tr...in/MS03-026.asp

http://www.cert.org/advisories/CA-2003-19.html

 

Counterpane research has seen positive indicators of worm activity in the wild. It is important to apply all vendor supplied patches as soon as possible to reduce exposure. The following details have been released from SANS, please visit http://isc.sans.org/diary.html?date=2003-08-11 for the entire release:

 

Technical Details:

 

Names and Aliases: W32.Blaster.Worm (symantec), W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trend Micro), Win32.Posa.Worm (CA), Lovsan (F-secure), MSBLASTER,Win32.Poza.

 

Infection sequence:

 

SOURCE sends packets to port 135 tcp with variation of dcom.c exploit to TARGET

this causes a remote shell on port 4444 at the TARGET

the SOURCE now sends the tftp get command to the TARGET, using the shell on port 4444,

the target will now connect to the tftp server at the SOURCE. The name of the binary is msblast.exe. It is packed with UPX and will self extract. The size of the binary is about 11kByte unpacked, and 6kBytes packed:

MD5sum packed: 5ae700c1dffb00cef492844a4db6cd69 (6176 Bytes)

So far we have found the following properties:

 

Scans sequentially for machines with open port 135, starting at a presumably random IP address

uses multiple TFTP servers to pull the binary

adds a registry key to start itself after reboot

There are no rules for good photographs, there are only good photographs. - Ansel Adams

 

Focal Planet

Link to comment
Share on other sites
Riley Member

Riley

Posted
Posted

Sorry getting a page unavailable message, and I get the uidea this is something I should have, what am i looking for under downloads?

Riley

 

****************************************

The more people I meet the more I like my dog!

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We and our partners use cookies on our website to give you the most relevant experience by remembering your preferences, repeat visits and to show you personalised advertisements. By clicking “I Agree”, you consent to the use of ALL the cookies. However, you may visit Cookie Settings to provide a controlled consent.

  I accept