Forum Coordinators: RedPhantom
Poser - OFFICIAL F.A.Q (Last Updated: 2024 Nov 10 2:03 pm)
Attached Link: http://www.renderosity.com/messages.ez?ForumID=12377&Form.ShowMessage=1378432
Someone has already taken advantage of this hole.:( http://story.news.yahoo.com/news?tmpl=story&cid=569&ncid=578&e=8&u=/nm/20030812/tc_nm/tech_windows_worm_dc It even attacked me on dial-up!Both my machines are patched. I hate automatic update as it sometimes tries to add updates that I know would screw up my system, so I have it set to notify before downloading and installing. A worm became active yesterday that's playing havoc with networks all over the place through the internet. My friend who works at Comcast called me yesterday and alerted me to the problem, but with no specifics. Just said to make sure that I'm up-to-date on the updates. He's still at work (all nighter). Curious Labs website is down. Kuroyume
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
 -- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
Attached Link: http://msnbc-cnet.com.com/2100-1002_3-5062477.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnew
From C-Net news: "The worm attacks Windows computers via a flaw in a component of the operating system that allows other computers to ask Windows systems to perform an action or service. Microsoft warned about the flaw July 16. The component, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources. MSBlast installs the TFTP server and runs the program to download the MSBlast code to the compromised server. But the way the worm causes a compromised computer to download the file is very inefficient, Maiffret said. Moreover, although MSBlast can detect whether a machine is already infected, it has to compromise the machine again before it can check. Starting with a random Internet address, the worm sequentially scans for computers with the vulnerability. Because the scanning process is not completely random, the worm will likely cause a lot of excess traffic on the network. It also adds a registry key to ensure that the worm is restarted when the host computer is rebooted."What we do in life, echoes in eternity.
E-mail
| Renderosity
Homepage | Renderosity
Store | RDNA
Store
It turns out I was unfected and didn't even know it! I patched XP as soon as the trouble started yesterday, but it was apparently too late. I updated Norton again this morning, ran it again, and there it was. Norton couldn't delete it, I had to go to Symantec and download a special removal tool. Seems to have worked, though I'm going to run Norton AGAIN just to make 100% sure. But again, since I patched everything seemed fine, but it was there and I didn't even know it. It was there. And I'm on dial-up for god's sake! I've always been good about protecting my machine and keeping up with updates, but from now on I'm going to be positively anal.;)
DAMN! Looks like I caught the infernal thing! Odd thing is, if I leave my cable modem disconnected, the system will continue to run, but within 5 minutes of reconnecting the cable, I'll get the shutdown message. 60 seconds later, poof! What burns me is that I received my latest Norton files Thursday and my system ran its virus check the next day. Sincerely, Bill
Tempt the Hand of Fate and it'll give you the "finger"!
Attached Link: Windows XP Home and Professional Service Configurations by Black Viper
another big reason to disable file & print sharing, check out the link for a list of services to shutdown. Also go to https://grc.com/x/ne.dll?bh0bkyd2 (Shields up) to check if your firewall is really shielding you from hackers attention.Symantec (http://www.symantec.com/) and Pandasoft (http://www.pandasoftware.com/download/utilities/) both have free cleaners out for those that are intersted.....
What we do in life, echoes in eternity.
E-mail
| Renderosity
Homepage | Renderosity
Store | RDNA
Store
My ADSL provider (Sweden's biggest phone co) got hit, hard. Almost all their servers went down, including customer services, so they couldn't even inform about it except thru media! All went down last night (17 hours ago). My router and HW firewall crashed, needed a factory reset. My SW firewall (PC-Cillin) recorded about 75 hits in a half hour when I connected using an old phone modem this morning... yuck. But I didn't get infected. It's worth having all that protection. The Blaster worm (this outbreak) hits XP and 2000 PCs thru ports 135 and 137. Close them down. And get the MS fix. Get it before the 16th. That is when all the world's infected PCs will hit the MS site (the whole point of the virus). Apparently each infected PC will poll the MS update site every 20 milliseconds, totally overloading it. It's going to be fun, (not). Hope MS is working on it! :] Fish
This may be a stupid question but, first off, I went to Shields Up! (thanks for that link - have certainly added it to my Favourites) and found I still have 3 ports open...what I would like to know is: 1. How do I close a Port? 2. If I close all ports, does this mean, automatic updates from both Norton and Windows can not get through? Thanks. :) Irene
Irish, you have XP. Enable the firewall. Control Panel Network Connections Right-click your internet connection Select Properties Click the 'Advanced' tab Put a checkmark next to "Internet Connection Firewall" This is done for each network separately, so if you have more than one (I have a dialup connection and cable) do it for both. This will put you in Stealth mode and you'll be happy the next time you visit Shields Up! :) No, it does NOT interfere with Norton or MS and autoupdates...those will still work fine.
I actually instaled the patch, but it appears to have killed the interdrive NFS stuff that allows me to mount the UNIX system onto my PC, rolling back with the restore stuff in XP doesn't help. I doubt it will affect you, but beware it loks like it closes part of the DCOM protocol that other apps may rely on. later jb
Irish having a firewall close those ports shouldn't stop Norton or Windows from updating, all the ports on my machine come up on shields up as stealth but I can still get the updates without any trouble. I did have problems with the XP firewall conflicting with Zonealarm but that's probably my fault so I shut it off. It seems like this new monster uses file&print sharing to start it's dirty work so unless you really need it disabling it is a very good idea.
Irish, you have XP. Enable the firewall. Control Panel Network Connections Right-click your internet connection Select Properties Click the 'Advanced' tab Put a checkmark next to "Internet Connection Firewall" This is done for each network separately, so if you have more than one (I have a dialup connection and cable) do it for both. This will put you in Stealth mode and you'll be happy the next time you visit Shields Up! :) No, it does NOT interfere with Norton or MS and autoupdates...those will still work fine.
My mom's laptop got it, and she's on dial-up, only accesses the internet a few times a week. However, mom hasn't been the best about keeping her anti-virus updates. Her son has just written her a long e-mail advising of the wisdom of weekly A/V updates and firewall software. :-) As a far heavier 'net user, I think what may have helped this time is that I have both Windows and Norton set to automatically update. It's easy to forget to do so manually, and of course Norton and McAffee respond very quickly to reports of new threats. I suggest that my Renderosity compatriots set their A/V software to automatically update, especially if you're a download nut like me. I agree that this isn't fully on topic, and won't mind if the thread gets moved, but we in the Poser community are hugely reliant on the 'net for so much that it doesn't seem grossly off-topic.
I got this thing last week took forever for me to figure out how to get rid of it. I did find out that you really need to disable the port it attacks. Since i don't use that port anyway I did To see if that port is closed or hidden Grc read the article or scroll down to the bottom of the first table.
My laptop got hit twice and my son't PC got it several times, (both are on dialup) but now I've got all 4 of my computers patched and updated. My main PC was spared because my daughter updated everything yesterday before it hit.
Jeff
Renderosity Senior Moderator
Hablo español
Ich spreche Deutsch
Je parle français
Mi parolas Esperanton. Ĉu vi?
I didn't have the virus, but I do now have the updates. :)
Coppula eam se non posit acceptera jocularum.
wipes some of the sweat off of her brow I already had the patch, plus when I went to ShieldsUP!, I apparently don't exist on the internet. LMAO. So that's a very good thing. I have Norton 2003, plus AdAware, plus Sygate Personal Firewall (which is free and REALLY GOOD, I highly recommend it) plus the normal XP firewall up. I'd rather be paranoid than reformatting. hehe
"when I went to ShieldsUP!, I apparently don't exist on the internet. LMAO. So that's a very good thing." Me too. :)
Coppula eam se non posit acceptera jocularum.
Attached Link: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://slashdot.org/articles/03/08/12/1326237.shtml?tid=185&tid=190&tid=201 The one above is the link to the slashdot thread about the spreead of the virus as well as some usefull advice about how to get around some of the problems. The top link is for the removal tool. I say this baecasue allegedly the patch doesn't work for all people, so "watch your back" later jbAttached Link: http://www.securityfocus.com/archive/75/332694/2003-08-09/2003-08-15/0
This is the "my patch didn't work" link later jbYea..I got slamed with it yesterday. By chance I got the latest updates from Norton over the weekend...but it still wasn't detected.I found and deleted the msblast.exe,but as soon as I got online to get the patch...got it again(less than a min...with XP firewall on). So can't get the patch without getting online...and can't get online without getting the worm,and getting shutdown....talk about Catch22. Pulled out my old puter with Win98(uneffected by msblast)...got online..got the patch,now up and running.....but I'm still going to reformat,just to be safe. BTW..none of my friends that use AOL,got hurt by it for some reason. SWAMP
I am SO not a technical person.... I was infected as well (currently I am not on my PC). I found the msblast.exe and deleted it, and also deleted it from the regestry. Still no go, so I downloaded the removal tool, and obviously it couldn't scan because the computer kept shutting down. So I opened it in safe mode. Now it could scan. At the end of the scan it said that this worm was not on my computer. Ok, I restart the computer, and guess what - I got the same error and "system will shut down in one minute" or however it's phrased. Any ideas what I can do, other than reformat the computer?....
Did you get the patch, too? You have to install the patch whether you removed the virus or not, or else you just keep getting attacked (and infected). It's the attack that keeps causing your computer to restart, the patch should correct that. The worm itself doesn't seem to be doing anything yet that I could see, I didn't even realize I had it until Norton spotted it.
The worm attacks any vulnerable systems. Supposedly, the restarting thing meant that the attack was unsuccessful (and it will keep attacking over and over and make your computer restart over and over, which is crippling computers worldwide). Apparently, that's not true, even if your computer restarts, the worm still may have gotten through, it did on mine.
Dizzie, one gets it straight off the web. Other infected PCs, any PC anywhere, goes out and looks for unprotected PCs to hit. If you don't have a firewall or a good antivirus app, you're at risk - every time you get onto the web. It doesn't come via Outlook, the usual path these days, neither does it need for a file to be opened. It uses a security breach in Win2000 that was discovered last month to go straight into your Windows system. Then your PC becomes one of those trying to spread to everyone else.... anyone else. Hundreds of thousands of machines including a helluva lot of servers have been hit all over the world. Whole corporations... Example: X takes his/her laptop home over the weekend. Gets on the web, drops into Rosity etc. While surfing, the PC gets hit. It just behaves a bit oddly, but nothing special. On Manday he/she takes the laptop back to work, connects it to the intranet there and (now inside the company firewall!!!) instantly the virus infects every XP or Win2K PC on the corporate intranet. Boom.... :] Fish
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
Attached Link: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
Patch early. patch often ladies and germs, those of you with Windows Me and below are not affected.