george Posted August 13, 2003 Posted August 13, 2003 A new network worm spreads rapidly on the internet, and causes trouble for internet users. The virus, who has also spread to Thailand, causes trouble and causes Windows machines to boot. More info here: Windows virus wreaks global havoc
exchange1973 Posted August 13, 2003 Posted August 13, 2003 Hi there, here are some special infos regarding to msblast: The worm uses a malfunction within remote-procedure-calls-service (RPC-service) listening on port 135. The worm causes a bufferoverflow and starts a tftp-server and attacks other windowssystems over the internet. The tftp-serverstart based on a shell that is openend and listens on port 4444. If the system is perfectly infected there is an open UDP-Port 69 (tftp-server) and some open TCP-Ports between 2500 and 2522. Shutting down the RPC-service is not the best solution because other services on your computer use that service. So download the patch from: http://www.microsoft.com/technet....026.asp Greetings from Berlin exchange1973
Zendesigner Posted August 13, 2003 Posted August 13, 2003 hi exchange, is it protected by the internet firewall when it wants to open some ports ? i'm sure most users can stop their rpc service if they are not in a network. bart
exchange1973 Posted August 13, 2003 Posted August 13, 2003 Hi zendesigner, yes, if you instruct the firewall to block port 135 the worm can't connect to rpc-service. To stop RPC isn't a good choice. Many service, not only networkservices use RPCs. For example the printerqueue, the WindowsInstaller, the taskscheduler.... Best choice is to install the patch. But firewalling is always a good choice ;-) So good night from Berlin! exchange1973.
ChiangMaiThai Posted August 14, 2003 Posted August 14, 2003 I'm not really a computer person. To download the patch, you have to choose XP 32 bit or XP 64 bit. Can anyone tell me how to find out which one I have? Thanks.
exchange1973 Posted August 14, 2003 Posted August 14, 2003 Hi ChiangMaiThai, the diffenrence is the following: The 64bit version of xp supports the Itanium 2 processor. with this version you can adress more memory (up to 16GB of RAM). So if there is no Itanium 2 processor in your system, just download the patch for 32bit version. Pay attention to the language of the patch! Hope this helps a little, regards and greetings from Berlin! exchange1973
jwildgrube Posted August 14, 2003 Posted August 14, 2003 For those of you that are non-computer users, you may want to just update your Windows OS by going to Microsoft's Update Site -- just look for all the patches under 'critical updates' For a wealth of information about this virus, check out Symantec's (Norton Anti-virus) Someone in my office has already been hit -- it does pay to protect yourself and at least keep updated on those critical updates
Jeff1 Posted August 14, 2003 Posted August 14, 2003 Hello, ( I have to type fast!!!!!!!!!) I printed out your how to deal with this virus and I think I got everything but when it says remove the following registry value hklm/ software................. auto /update HOW ? and WHERE is this . As you can tell im not a computer person. Thank you for all help , put simply. I also didnt know what patch to put on until I read your reply. So I downloaded both . Is that bad?? It hard to do all of this when your computer keeps shutting down !! I would like to meet this guy that made the worm and have a little talk with him ! Jeff
exchange1973 Posted August 15, 2003 Posted August 15, 2003 Hi Jeff, you can find the "key" you mentioned in the windows registry. The registry is a kind of "database" with thousands of settings relating to the operating system and all the other applications you have installed. As George already told, you have to use the registryeditor "regedit". You can search the registry using the + shortcut or you just browse the registry. The registry is constructed like a file-/foldersystem. To delete a key, you "simply" have to browse to the keys location, leftclick on the key and hit ! That's all! Chock dee and greetings from Berlin! exchange1973.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now