Wed, Dec 25, 8:20 AM CST

Renderosity Forums / Poser - OFFICIAL



Welcome to the Poser - OFFICIAL Forum

Forum Coordinators: RedPhantom

Poser - OFFICIAL F.A.Q (Last Updated: 2024 Dec 23 7:38 pm)



Subject: New windows security hole...


  • 1
  • 2
Khai-J-Bach ( ) posted Tue, 12 August 2003 at 4:25 PM

found out how it got on mine.. I have to lower my firewall to get into my FTP (bloody Zonealarm!) .. it got me then....



maclean ( ) posted Tue, 12 August 2003 at 4:31 PM

Weird. I got a 60-sec shutdown message a week ago. First for a long time. I d/ld and ran the patch today, ran the worm killer, which said I didn't have the worm. and chaecked at ShieldsUp. Apparently I'm in total stealth mode and protected. No open posts, nuttin'. So why'd I get a shutdown a week ago? Oh well, I'll run the blastfix thingy again just to make sure. mac PS This meassage belongs in this forum and then some! I'd never have known about it if praxis hadn't posted here. A big 'Thank you!', praxis.


FishNose ( ) posted Tue, 12 August 2003 at 4:35 PM

x2000 - I have a feeling it's just that you spend a lot of time here lol.... after all, you don't have to be anywhere special to get it. Even a PC standing unused (but connected) is vulnerable. :] Fish


x2000 ( ) posted Tue, 12 August 2003 at 4:43 PM

FishNose - Guilty as charged.;) No, it doesn't matter where you go. In fact, when my second restart hit, I was still connected but not actually on the net, IE was closed. Maclean - Read the link I posted in the Hardware/Technical forum thread. This guy got hit a week ago, too, so I guess it started then, it's only that it's kicked into high gear now, probably because more and more people got infected and kept infecting more... 2, then 4, then 16, etc, you know? As far as detecting the worm, I don't think it had been identified until yesterday. I checked Norton updates yesterday and I was fully updated, a scan showed no sign of anything. But then there was a new update this morning, and with that installed, another new scan spotted the little bugger. So everyone, check your virus scanner updates today, even if you did it yesterday.


x2000 ( ) posted Tue, 12 August 2003 at 4:45 PM

Oh, and if the wormkiller app shows nothing, then I guess you're clean. The restart thing doesn't necessarily mean you were infected, but contrary to some beliefs, it doesn't mean you weren't, either.


bijouchat ( ) posted Tue, 12 August 2003 at 5:06 PM

AOL uses proxies to cache visited websites and then calls up the proxy to serve you the files faster. You don't have a direct connection to the web most of the time, the proxy has a connection and you're connected to it, as are thousands of other users. This causes endless grief to AOL users that want to use chat services, as the proxy often kicks in and kicks them off. so that can explain why a great deal of AOL people didn't get hit.


spurlock5 ( ) posted Tue, 12 August 2003 at 5:22 PM

I had my system restart several times when I was downloading from DAZ. I have run the Symantec wormkiller twice and come up clean twice. I have also installed the patch. The sad part was I had spent about six hours the previous day backing up and verifying my system onto tape. I suppose the tape is clean but the operating system on tape lacks the patch. If I do restore it for some reason, I need to run the patch again. I could backup again (another day shot) but I still am uneasy about the worm being on my system.


JurgenDoe ( ) posted Tue, 12 August 2003 at 5:30 PM

I just run a check and the worm could not be found on my PC..I also downloaded the patch and run Norton again. Hehehe my puter seems to invisible for Shields Up. Gosh I'm very paranoid if it comes to things like that and my updates are always up to date :)

Strength Is Life, Weakness Is Death


bijouchat ( ) posted Tue, 12 August 2003 at 5:40 PM

I never got hit by it either, never had a spurious restart. But got concerned as I saw this situation develop. Just went through with Norton and all clean... whew. I always let Windows update do its thing automatically but I downloaded the patch and installed it just in case.


Catharina Przezak ( ) posted Tue, 12 August 2003 at 5:58 PM

I am glad I use my old Win/ Me for Internet connection only for first time!! best solution to protect your work use 2 compu one not Online.. no more viruses or worms that never sleep and waiting for damage your poser stuff you spare for years..lol I heard in the radio that 200.000 computers was plat today thanks to this worm... what a drama


maclean ( ) posted Tue, 12 August 2003 at 6:40 PM

Catherine, I usually surf only from my 2nd computer - an old 166Mhz with win 98. It's a junkheap, but the reason I keep it is for net use only. Problem is, lately I've used my main one a lot because it's so much hassle to keep transferring files. I guess I'll go back to the junkheap again. In fact, I'm on it now. It's the best virus protection ever. mac


bikermouse ( ) posted Tue, 12 August 2003 at 6:44 PM

I went to the avg website and found that ther are actually three worms. The big one is LoveSan not MSBlaster. The site tells where these worms reside - You mighr check it out. A google using "AVG +virus" should produce a link to AVG 6 and 7. If you don't have an AV program there is or was a free version of AVG6 on the site.


Dizzie ( ) posted Tue, 12 August 2003 at 7:10 PM

Thanks Fish!! I've always liked ME but for once it's a GOOD thing to use Win ME!


Darboshanski ( ) posted Tue, 12 August 2003 at 7:41 PM

Hi All, I was hit by this virus also. It is called W32 Blaster worm or Lovsan worm and infects your system threw your internet connection at port 135 on window based systems such as ME, NT, Win 2000 and XP. It is a global virus that was launched yesterday and has effected thousands and has invaded many ISPs. You will get these error window messages: "Generic Host Process for WIn32 Services has encountered a problem and needs to close". "This shutdown was iniatiated by the NT AUTHORITY/SYSTEM windows must restart now because the Remote Procedure Call(rpc) serivice terminated unexpectingly". This virus causes your machine to crash and reboot over and over until the virus is removed and you have downloaded and installed the latest security patch from Mircosoft. Here are some links which may help: You can download the latest security patch here: http://www.microsoft.com/security/incident/blast.asp This site has a very good removal tool for this blaster worm virus: http://securityresponse.symantec.co...aster.worm.html http://us.mcafee.com/virusInfo/default.asp?id=lovsan If you use any removal tools please remeber that the System restore option must be turned off in WinXP before you run the removal tool. If not the virus will no be removed and will continue each time you boot up. Also, getting the patch is very recommended Zone Alarm does effectively block port 135 (if you keep it enabled). If you would like to test that port, to be sure, go to GRC.com and run the ShieldsUp program. Hope this helps and best of luck! Miche

My Facebook Page


Catharina Przezak ( ) posted Tue, 12 August 2003 at 8:05 PM

the http://securityresponse.symantec.co i down get server error.. :(


ilona ( ) posted Tue, 12 August 2003 at 8:09 PM

ok.. another problem.. I downloaded the pach and when I tried to install it , it said it couldnt cause my system windows files are i another language.. so.. does anyone have a patch for windows in portuguese? I would appreciate it! hugs Ilona


JurgenDoe ( ) posted Tue, 12 August 2003 at 8:26 PM

Attached Link: http://securityresponse.symantec.com/avcenter/venc/data/w32.femot.worm.removal.tool.html

Try this url Cath :) [Symantec](http://securityresponse.symantec.com/avcenter/venc/data/w32.femot.worm.removal.tool.html)

Strength Is Life, Weakness Is Death


Charlie_Tuna ( ) posted Tue, 12 August 2003 at 8:59 PM

" security holes are built in so the government can check up on what your doing, it's part of the homeland security act." Mesh magic, that is ten tons of pure bull droppings! The real reason is plain sloppy code writing not any sort of conspiricy on part of any government.

Why shouldn't speech be free? Very little of it is worth anything.


Charlie_Tuna ( ) posted Tue, 12 August 2003 at 9:19 PM

The words 'Microsoft' and 'Security' can not be used in the same sentence unless 'error', 'hole' or 'problem' is also included. MS has always created sloppy, bug ridden, security impared code. Everytime I see on the news or read about, yet ANOTHER bug or security problem with something from MS I just sneer in the direction of MS headquarters an go on my virus free way unburdned by multipule firewalls and virus checkers and don't even pay attention to security alerts and virus updates. BTW, I'm on a Mac :-)

Why shouldn't speech be free? Very little of it is worth anything.


Spit ( ) posted Tue, 12 August 2003 at 9:40 PM

The revered UNIX had way more security holes than Windows and it took literally DECADES to plug them. But this was before the web so nobody noticed.


umblefugly ( ) posted Tue, 12 August 2003 at 10:41 PM

the virus also travels as message.zip in emails...beware. Ive been protected from it:)


geoegress ( ) posted Tue, 12 August 2003 at 11:16 PM

grrrrrrrrr- I got it too :( sniffles just spent the whole night getting rid of it I hope. symantec's removal thingy couldn't even see it- had to do it manualy. thank god the patch is kinda small.


ph0enixx ( ) posted Wed, 13 August 2003 at 12:33 AM

I'm not sure if anyone is still having the problem but I thought I would share my expeirence with the virus. I'm not 100% positive where I got the actual virus from -- seeing as how I usually don't open shady emails, and can't recall opening a strange email but I can recall getting one that I threw away. It was from the "System Admin" and subject was "Delay in E-Mail" or something of that nature. I waited a day to trash it because I thought it was junk, not virus. And to my knowledge had no attachments. But, again, I'm not sure this was the source of the problem. Anyway, I shrugged off the first of the RPS errors feeling it was just computer problems. But after reading this post in the 5 minute interval I had before my computer shut down, it seemed as if I had the problem. I ran symantec (took a long time, had to search through a lot of files) and symantec caught nothing yet I still had the virus. I went to the Microsoft page noted in the first of posts and downloaded the patch. Then I went and checked my task manager, and sure enough "msblast.exe" was residing. I ended the process, deleted it from my C:/Windows/System folder. I also changed the values or whatever that was noted for me to do. I'll post the link I followed in a couple secs. So far, it seems ok. knock on wood :) Hope you get your systems cleaned.

“Our real discoveries come from chaos, from going to the place that looks wrong and stupid and foolish.” – Palahniuk


ph0enixx ( ) posted Wed, 13 August 2003 at 12:37 AM

I've seem to have lost the link, sorry. Erg. Send me an IM if you need more detaield instructions on what I did.

“Our real discoveries come from chaos, from going to the place that looks wrong and stupid and foolish.” – Palahniuk


praxis22 ( ) posted Wed, 13 August 2003 at 4:05 AM

Well it looks like it just got us, the whole office got it at once, except moi of course, but I have other problems, ah well, that'll be somebody with a laptop then... later jb


Paoli ( ) posted Wed, 13 August 2003 at 9:41 AM

Attached Link: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

i got that virus yesterday and i fix it very fast and easy... i used an aplication very light in weight but worked for me and i'm virus-free now, look the attached URL and good luck to everyone Paoli Cheers!


Paoli ( ) posted Wed, 13 August 2003 at 9:48 AM

BTW download the patch from micr*soft too so you finished to protect your system, the URL it's inside the like on post 77. was very fast at deleting it like 20 secs or something, well bye


rockets ( ) posted Wed, 13 August 2003 at 9:51 AM

Are you guys just running a search for msblast.exe? I did and didn't find anything, but I'm running Windows ME and from what I've read, it doesn't effect ME (but you never know).

My idea of rebooting is kicking somebody in the butt twice!


Tirjasdyn ( ) posted Wed, 13 August 2003 at 2:00 PM

hrm...for those that are wondering where it is from. Xp calls home...alot, this is where the virus sneaks in at according to symantec and microsoft. (considering every xp update contains the words "might take over your system" this does not suprise me and I'm surprised it took this long to happen) It activates when you get online. Broadband users who don't disconnect have the greatest threat. The biggest problem is that the virus is flawed(go fig) and sends screwed data causing your system to reboot or turn off. So when you hear of systems going down, large or small, this is what happened. As far as I know they are looking but they don't know where the remote cmd.exe's are opening and who or if can even use them if 1000's are opening at once(they probably crashed their own computer) I got protected and shut down the ports, I have to run the symantec tool tonight to get rid of everything else. I was bummed last night I had time to play and it all got taken by this stupid virus.

Tirjasdyn


Spit ( ) posted Wed, 13 August 2003 at 5:36 PM

I hope people don't go and disable automatic updating because of this. It wouldn't help anyway. The patch fixes the buffer overrun. Even XP's firewall closes the port.


  • 1
  • 2

Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.