Jump to content

Windows virus "blaster" hits thailand


Recommended Posts

Posted

Hi there,

here are some special infos regarding to msblast:

The worm uses a malfunction within remote-procedure-calls-service (RPC-service) listening on port 135. The worm causes a bufferoverflow and starts a tftp-server and attacks other windowssystems over the internet. The tftp-serverstart based on a shell that is openend and listens on port 4444.

If the system is perfectly infected there is an open UDP-Port 69 (tftp-server) and some open TCP-Ports between 2500 and 2522.

Shutting down the RPC-service is not the best solution because other services on your computer use that service.

So download the patch from:

http://www.microsoft.com/technet....026.asp

Greetings from Berlin

exchange1973

Posted

Hi zendesigner,

yes, if you instruct the firewall to block port 135 the worm can't connect to rpc-service.

To stop RPC isn't a good choice. Many service, not only networkservices use RPCs. For example the printerqueue, the WindowsInstaller, the taskscheduler....

Best choice is to install the patch. But firewalling is always a good choice ;-)

So good night from Berlin!

exchange1973.

Posted

Hi ChiangMaiThai,

the diffenrence is the following:

The 64bit version of xp supports the Itanium 2 processor. with this version you can adress more memory (up to 16GB of RAM).

So if there is no Itanium 2 processor in your system, just download the patch for 32bit version. Pay attention to the language of the patch!

Hope this helps a little, regards and greetings from Berlin!

exchange1973

Posted

For those of you that are non-computer users, you may want to just update your Windows OS by going to Microsoft's Update Site -- just look for all the patches under 'critical updates'

For a wealth of information about this virus, check out Symantec's (Norton Anti-virus)

Someone in my office has already been hit -- it does pay to protect yourself and at least keep updated on those critical updates

Posted

Hello, ( I have to type fast!!!!!!!!!)

I printed out your how to deal with this virus and I think I got everything but when it says remove the following registry value  hklm/ software................. auto /update

HOW ? and WHERE is this . As you can tell im not a computer person.

Thank you for all help , put simply.  

I also didnt know what patch to put on until I read your reply. So I downloaded both . Is that bad?? It hard to do all of this when your computer keeps shutting down !!

I would like to meet this guy  that made the worm and have a little talk with him !

Jeff

Posted

Hi Jeff,

you can find the "key" you mentioned in the windows registry. The registry is a kind of "database" with thousands of settings relating to the operating system and all the other applications you have installed.

As George already told, you have to use the registryeditor "regedit".

You can search the registry using the + shortcut or you just browse the registry. The registry is constructed like a file-/foldersystem.

To delete a key, you "simply" have to browse to the keys location, leftclick on the key and hit ! That's all!

Chock dee and greetings from Berlin!

exchange1973.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...