It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Hardware Madness > Hardware/Software Problems, Bugs
worm virus !!! worm virus !!!
FAQ Members List Calendar Search Today's Posts Mark Forums Read


worm virus !!!
Closed Thread
 
Thread Tools
Old 12th August 2003, 11:07   #1
[M] Reviewer
 
Gamer's Avatar
 
Join Date: May 2002
Posts: 4,587
Gamer Freshly Registered
Default worm virus !!!

http://www.tweakers.net/nieuws/28292

dutch only.

english :
Quote:
WORM_MSBLAST.A

Aliases: W32/Lovsan.worm, Lovsan, W32.Blaster.Worm


Description:



TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

This worm has been observed to continuously scan random ip addresses (x.x.x.0) and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against windowsupdate.com:

On the 16th to the 31st day of the following months:

January
February
March
April
May
June
July
August

Any day in the months of September to December.
This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.


For more information on the RPC DCOM Buffer Overflow, please visit the following Microsoft page:

Microsoft Security Bulletin MS03-026


Solution:



AUTOMATIC REMOVAL INSTRUCTIONS

To automatically remove this malware from your system, please use the Trend Micro System Cleaner.

MANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process from memory.

Open Windows Task Manager press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs*, locate the process:
MSBLAST.EXE

Select the malware process, then press either the the End Process button.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
”windows auto update" = MSBLAST.EXE
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_MSBLAST.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.

Applying Patches

TrendLabs advises all affected users to apply the patch issued by Microsoft at the following page:

Microsoft Security Bulletin MS03-026

TrendLabs also asks users to filter access to port 135 and allow trusted and internal sites only.
got the same problem this morning, problem solved in 10 minutes

__________________
Gamer is offline  
Old 12th August 2003, 11:12   #2
Member
 
Bosw8er's Avatar
 
Join Date: May 2002
Posts: 3,711
Bosw8er Freshly Registered
Default

http://www.arstechnica.com/archive/news/1059332882.html
__________________
"Think of how stupid the average person is, and realize half of them are stupider than that."
Bosw8er is offline  
Old 12th August 2003, 11:17   #3
[M] Reviewer
 
Gamer's Avatar
 
Join Date: May 2002
Posts: 4,587
Gamer Freshly Registered
Default

I know, windows update isn't one of my favourite sites
__________________
Gamer is offline  
Old 12th August 2003, 12:15   #4
Blade
 
Posts: n/a
Default

Soooooo many "connection reset by peer" on irc
 
Old 12th August 2003, 19:12   #5
ModdiN MansoN
 
Posts: n/a
Default

@ work today, about 7 people brought in their pc with that virus on it :wtf:
 
Old 12th August 2003, 19:17   #6
TeuS
 
Posts: n/a
Default

Quote:
Originally posted by ModdiN MansoN
@ work today, about 7 people brought in their pc with that virus on it :wtf:
no wonder. normally a virus spreads by mail, but this virus just starts infecting machines by picking random IP's :wtf:

not one virusscanner stops it, and prolly most firewalls either!
 
Old 12th August 2003, 19:41   #7
FreeStyler
 
Posts: n/a
Default

had 2peeps with the problem.
Next to all the coputer @ work.
 
Old 12th August 2003, 22:53   #8
Member
 
Join Date: May 2002
Posts: 1,543
DUR0N Freshly Registered
Default

kewl virus :s
DUR0N is offline  
Old 12th August 2003, 23:15   #9
jakkerd
 
Posts: n/a
Default

had it last night, quite irritating
 
Old 13th August 2003, 15:24   #10
LowBasic
 
Posts: n/a
Default

BlackIce on paranoid mode will do it
 
Closed Thread


Similar Threads
Thread Thread Starter Forum Replies Last Post
MIT builds battery from bacterial virus, humans to power machines by 2012 jmke WebNews 0 3rd April 2009 11:05
Malicious Worm Causes CPU Fan To Stop Working jmke WebNews 1 27th February 2009 12:39
Microsoft Offers $250,000 Reward to Catch Worm Authors jmke WebNews 0 15th February 2009 01:07
Conficker worm spikes, infects 1.1 million PCs in less than 24 hours jmke WebNews 0 16th January 2009 23:15
Buy an Asus Eee Box and get a free virus jmke WebNews 0 10th October 2008 18:18
Virus Infects Space Station Laptops (Again) jmke WebNews 0 28th August 2008 14:11
January 2006 Virus and Spam Statistics jmke WebNews 0 19th February 2006 18:43
First potential virus risk for Windows Vista found Sidney WebNews 0 5th August 2005 19:52
Intel Releases Pentium 4 with Dedicated Virus Coprocessor jmke WebNews 1 29th May 2005 10:49
Sober worm makes a comeback Sidney WebNews 0 7th May 2005 18:04

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 06:09.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO