SVX Network Forums Live Chat! SVX or Subaru Links Old Lockers Photo Post How-To Documents Message Archive SVX Shop Search |
IRC users: |
#1
|
|||
|
|||
New Pc Virus!!!!
I got the virus at work today... here are all of the symptoms...
yeah, I had it on my work PC... here is some of what it did to me... Luckily enough I was smart enough to fix it... disables copy/cut paste makes office crash no web viewing click a link on a website that opens a new window, and that new window never opens if you have XP it puts you in a 60 second reboot cycle disables the search feature in your start menu Control Panel opens up in the sidebar as opposed to the main window Gives you a SVCHOST.EXE error and crashes that process The kicker is if you are not on the Internet or some sort of a network, your PC will work FINE untill you gain access to the internet, and thats when all hell breaks loose. The first thing I saw was the SVCHOST error, and then your screwed. The REAL kicker is the fact that you dont have the DL anything, open an email or anything like that... it just gets you through a nice little windows RPC loophole. That is unless you have already run the lastest windows update files...
__________________
Chris SVX World Network Administrator -1993 Subaru SVX LS-L, Barcelona Red, #46, 160,000+ Miles (Sold to SomethingElse) -2011 Toyota Sienna SE, Black, 30,000+ Miles (Swagger Wagon ) -2002 BMW R 1150R ABS, Black, 26,000+ Miles (Daily Driver ) SVX Owner from February 1997 to March 2008 SVX Online Community Member since February 1998 SVX World Network Member since February 2002, Member #520 Life is a game. Play to win. The world belongs to those who can laugh at it. |
#2
|
|||
|
|||
to supplement that, there was only 1 guy in my office that didnt get the virus. He went to nortons website and DLed a fix for it. This easily found and erradicated the virus. It then tells you to go get the patch from M$ website... well while you are getting the patch, guess what, you get infected AGAIN, why is that you say, well because of the stupid RPC loophole... we had my buddy DL the file and that was the only way to fix it... was to pass it around on a, you guessed it, FLOPPY DISK...
__________________
Chris SVX World Network Administrator -1993 Subaru SVX LS-L, Barcelona Red, #46, 160,000+ Miles (Sold to SomethingElse) -2011 Toyota Sienna SE, Black, 30,000+ Miles (Swagger Wagon ) -2002 BMW R 1150R ABS, Black, 26,000+ Miles (Daily Driver ) SVX Owner from February 1997 to March 2008 SVX Online Community Member since February 1998 SVX World Network Member since February 2002, Member #520 Life is a game. Play to win. The world belongs to those who can laugh at it. |
#3
|
|||
|
|||
Will it hurt my mac??!
|
#4
|
|||
|
|||
I doubt it, seriously, since it uses an exploit in windows software...
__________________
Chris SVX World Network Administrator -1993 Subaru SVX LS-L, Barcelona Red, #46, 160,000+ Miles (Sold to SomethingElse) -2011 Toyota Sienna SE, Black, 30,000+ Miles (Swagger Wagon ) -2002 BMW R 1150R ABS, Black, 26,000+ Miles (Daily Driver ) SVX Owner from February 1997 to March 2008 SVX Online Community Member since February 1998 SVX World Network Member since February 2002, Member #520 Life is a game. Play to win. The world belongs to those who can laugh at it. |
#5
|
||||
|
||||
Quote:
Doug Description ----------------- W32.Lovsan.worm is a worm the propagates by exploiting the RPC DCOM vulnerability reported in TruSecure Vulnerability Alert 6307. The worm scans for vulnerable systems over TCP and UDP ports 135 and exploits vulnerable systems. The worm launches a command shell and uses TFTP to connect to other infected systems to download the worm's executable. The file is then executed on the system and the registry is altered to ensure that the worm is executed when Windows starts. Virus definitions are available. Impact ----------------- W32/Lovsan.worm installs a TFTP server on the infected machine and propagates. The worm's propagation routine could cause network congestion. Warning Indicators ----------------- The presence of the file msblast.exe may indicate an infection. This worm often causes error messages or reboots of infected device. Helpdesks may receive calls that workstations are constantly rebooting. The worm contains the following strings: I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!! windowsupdate.com BILLY Technical Information ----------------- The worm adds the value windows auto update = "msblast.exe I just want to say LOVE YOU SAN!! bill" to the following registry key to ensure the worm executes when Windows starts: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run This worm does not use e-mail as a means of propagation and it will launch a denial of service attack against Microsoft's Windows Update system on August 16th.
__________________
1992 LS Touring (6/91) - Currently undergoing a five speed swap Black over Claret with spoiler; 235,000 miles; Mods: 2002 Legacy 5 speed, ACT Pressure Plate, Excedy Clutch, Short Throw Shifter, Aussie Powerchip 1992 LS Touring (6/91) Black over Claret with 2.5" setback spoiler; 202,000 miles; Mods: B&M Cooler 1994 LSi (4/93) Bordeaux Pearl; 198,000 miles; Mods: Weight reduction. 1969 Mustang GT Convertible 1970 Mustang Convertible 2000 Ford Excursion Sola lingua bona est lingua mortua. My Locker |
#6
|
|||
|
|||
doesnt surprise me that someone made this virus, since mircosoft stole everything they came out with and is invading our privacy. Guess Bill "Gay"tes wants to get off teen convos because he never had a life. Friggin butthole
|
#7
|
|||
|
|||
Will it do anything to Win. 95?
Gee...why do I ask you may wonder. Ron (Wow, this 200MMX 'puter really hums)!
__________________
Good s**t happened. 69 was worth the wait. '92 stock semi-pristine ebony - 160K '96 Grand Caravan - 240K '01 Miata SE - 79K '07 Chrysler Pacifica - 60k - future money pit. |
#8
|
||||
|
||||
Hi you PC users. best of luck.
In this part of the world we demand service. This is what I received from my server some time ago : -- Dear Xtra customer, Microsoft has issued a worldwide warning about a computer worm commonly known as W32 Blaster that can infect computers running Windows XP, Windows NT4, Windows Server 2003 and Windows 2000. Your computer can be infected simply by connecting to the Internet. The worm is not being transferred by email and, as a result, your computer will not be protected by Xtra's anti-virus email filter. Tools to fix the problem have been released and if you are running one of the operating systems mentioned above, it is vital you protect your system from this worm immediately. When you connect to the Internet after August 15th, all infected computers will try and flood Microsoft's Windows update Web site with large volumes of traffic. The steps you need to take are: If you have Windows XP or Windows Server 2003, enable the Internet Connection Firewall (ICF). To do this you will need to: 1. Ensure you are not currently connected to Xtra 2. Click the Start button 3. Click Control Panel 4. Click Networking and Internet Connections, and then click Network Connections (some computers may have the Network Connections icon directly inside the Control Panel). 5. Right-click the connection on which you would like to enable the firewall (normally this is labelled as "Xtra"), and then click Properties. 6. On the Advanced tab, click the box to select the option to "Protect my computer or network?" 7. Click OK 8. Close the Control Panel If you are running Windows 2000 or Windows NT, install an Internet firewall of your choice. How do I know if I've been infected? This may not be immediately obvious, however typical symptoms include your computer closing down while you're online and restarting without any warning. Visit this site http://www.xtra.co.nz/latest if you want more information about whether or not your computer has been infected. If your PC is not infected Download the appropriate patch via http://www.microsoft.com/security/incident/blast.asp. This site also includes information about firewalls and worm removal tools. Note that the patch required for Windows XP Home and Windows XP Professional is available via the "Windows XP (32 bit)" link. Update and run your anti-virus software. Customers who don't currently have an anti-virus program installed should refer to http://www.microsoft.com/security/ar.../antivirus.asp for help about anti-virus software or a list of Microsoft partners. Download any other required patches at http://www.windowsupdate.com Infected If your computer's operating system has already been infected with this worm, the Microsoft patch will not be effective on its own. You will need to visit http://www.xtra.co.nz/latest where you will find information to help you. Additional information for remedying the effects of this worm is also available at http://www.microsoft.com/security/incident/blast.asp For further support, please visit Microsoft at http://www.microsoft.com/security or telephone 0800 800 004. Microsoft assures us they are working hard to deal with this issue. We will keep you informed of any updates on our Web site. Kind regards The Team@Xtra We have made every effort to ensure the information in this email is accurate. However it is intended to be for general information only. As a result, Xtra does not accept any liability for any loss or damage whatsoever which may arise as a result of your use of this email, or for any errors or omissions in this email. However I run a Mac. Don't we Rob !
__________________
Trevor, New Zealand. As a child, on cold mornings I gladly stood in cowpats to warm my bare feet, but I detest bull$hit! |
#9
|
|||
|
|||
Quote:
__________________
Chris SVX World Network Administrator -1993 Subaru SVX LS-L, Barcelona Red, #46, 160,000+ Miles (Sold to SomethingElse) -2011 Toyota Sienna SE, Black, 30,000+ Miles (Swagger Wagon ) -2002 BMW R 1150R ABS, Black, 26,000+ Miles (Daily Driver ) SVX Owner from February 1997 to March 2008 SVX Online Community Member since February 1998 SVX World Network Member since February 2002, Member #520 Life is a game. Play to win. The world belongs to those who can laugh at it. |
#10
|
|||
|
|||
i do broadband internet tech support and......
That worm was a nightmare for me at work yesterday. Everbody was calling in with problems and to top it off we use windows 2000 for some of our servers so we had some major outtages......Glad i use a Mac..
Last edited by RRX; 08-13-2003 at 07:01 AM. |
#11
|
||||
|
||||
Three words:
Fifty Dollar Firewall. I usually recommend the Linksys Cable/DSL routers. The built in firewall seems pretty good for the price. Doug
__________________
1992 LS Touring (6/91) - Currently undergoing a five speed swap Black over Claret with spoiler; 235,000 miles; Mods: 2002 Legacy 5 speed, ACT Pressure Plate, Excedy Clutch, Short Throw Shifter, Aussie Powerchip 1992 LS Touring (6/91) Black over Claret with 2.5" setback spoiler; 202,000 miles; Mods: B&M Cooler 1994 LSi (4/93) Bordeaux Pearl; 198,000 miles; Mods: Weight reduction. 1969 Mustang GT Convertible 1970 Mustang Convertible 2000 Ford Excursion Sola lingua bona est lingua mortua. My Locker |
#12
|
||||
|
||||
We had a customer's box at work infected Monday. We loaded SP4 on it from CD (they obviously have not worried about upgrades) but everytime we tried to go online it would start acting up and would not let us get to the update site. It appeared to be waiting for the machines specific IP addy. I reallocated a new IP for the server and like magic we were able to go online and apply all the critical updates. Reset the IP back to the original and rebooted and we were good to go.
I'm not really sure if the virus works that way but if you are in a corporate environment and have unused IP space you can allocate temporarily then give it a shot. Don't reassign a new IP until you are ready to go online immediately for the updates. Best of luck! I am definitely not lookiing forward to the 16th when the crap hits the fan. We had another customer who's internal clock was set to the wrong day. The box went nuts when it thought it turned August 16. A real nightmare. This could really end up crippling the entire internet with all the traffic it will generate if those morons do not update their boxes ASAP!
__________________
Pearl '92 LS-L 179K (Historic 1st 5-speed SVX) Mods: 5-speed, 4.11's, Group-N motor mounts, dual Magnaflows, cone air filter, Kenwood MP-228 CD/Receiver, white-faced gauges, '97 grill, custom window tinting. Ebony Mica '92 LS 80K Oct 2002 - Dec 2004: Victim of theft. She served me well. You can tell the lack of craftsmanship by the wrinkles in the duct tape. |
#13
|
||||
|
||||
Two simple words
Zone Alarm. It's free so why not use it?
__________________
Andy ------------------------------------------------------------------------------------ If I would be a young man again and had to decide how to make my living, I would not try to become a scientist or scholar or teacher. I would rather choose to be a plumber or a peddler in the hope to find that modest degree of independence still available under present circumstances. -- Albert Einstein, The Reporter, November 18 1954 |
#14
|
|||
|
|||
Quote:
Quote:
Even still there are only TWO sure fire ways to block this WORM. 1. Windows Update, Windows Update, Windows Update (got it yet?)!! 2. Firewall configured to block UDP Packets. This is the ONLY sure fire way to keep this from happening ever again.
__________________
Chris SVX World Network Administrator -1993 Subaru SVX LS-L, Barcelona Red, #46, 160,000+ Miles (Sold to SomethingElse) -2011 Toyota Sienna SE, Black, 30,000+ Miles (Swagger Wagon ) -2002 BMW R 1150R ABS, Black, 26,000+ Miles (Daily Driver ) SVX Owner from February 1997 to March 2008 SVX Online Community Member since February 1998 SVX World Network Member since February 2002, Member #520 Life is a game. Play to win. The world belongs to those who can laugh at it. |
#15
|
||||
|
||||
Windows update is free too (do you have to do it three times before it works?)
__________________
Andy ------------------------------------------------------------------------------------ If I would be a young man again and had to decide how to make my living, I would not try to become a scientist or scholar or teacher. I would rather choose to be a plumber or a peddler in the hope to find that modest degree of independence still available under present circumstances. -- Albert Einstein, The Reporter, November 18 1954 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|