Pib Posted May 15, 2017 Share Posted May 15, 2017 Here's Microsoft Customer guidance weblink for description and download of their security patch for older systems like XP....apologies if already posted in this tread. Don't think the patch automatically downloads to older systems like XP systems unless maybe you were a paying customer for continued support after life cycle support to the masses ended Apr 14. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Link to comment Share on other sites More sharing options...
tominbkk Posted May 15, 2017 Share Posted May 15, 2017 Thankfully I use a mac. Link to comment Share on other sites More sharing options...
worgeordie Posted May 15, 2017 Share Posted May 15, 2017 "Despite a report on Monday claiming the ransomware had yet to be detected in Thailand, pictures shared on Twitter on Sunday claimed the contrary." one hand not knowing what the other is doing, but its all under control, trust us. regards worgeordie Link to comment Share on other sites More sharing options...
JAS21 Posted May 16, 2017 Share Posted May 16, 2017 13 hours ago, alocacoc said: He won't find it. Fact: Both, Win7 and Win 10 got at the same day the patch against this wannacrypt. So, without the patch, both OS are same vulnerable. This SMB thing affects only Win 7 server and Win 10. It was never implemented in Win7 home. That's because there is nothing to disable. Win 10 users can disable it if they want. But as long they patched their OS properly, they are safe too. I have two PCs ... one with W7 Ultimate and the other W7 Pro. Do I need to run this SMB thing that I read about...tks Link to comment Share on other sites More sharing options...
Pib Posted May 16, 2017 Share Posted May 16, 2017 Yes 1 hour ago, JAS21 said: I have two PCs ... one with W7 Ultimate and the other W7 Pro. Do I need to run this SMB thing that I read about...tks Yes, but since Win 7 is still supported by MS you would have got the patch automatically in March unless you have updates turned off. Link to comment Share on other sites More sharing options...
JAS21 Posted May 16, 2017 Share Posted May 16, 2017 1 minute ago, Pib said: Yes Yes, but since Win 7 is still supported by MS you would have got the patch automatically in March unless you have updates turned off. Sorry please clarify a little more... the YES is that I still need to run that SMB thing or I don't need to run it as my updates are up to date. While on the subject my main PC has three drives C is an SSD and I keep little that is important to me on it. F and M are two separate Hard drives F is a backup of M Yes I know if my PC catches fire I will loose all my files. Do virus only attack the main drive ... the one with Win7 on. So if I get bad news I can just re-install Win7 on C drive Sorry I am not exactly PC intelligent as you can easily gleam. I do have an external backup though. tks Link to comment Share on other sites More sharing options...
lopburi3 Posted May 16, 2017 Share Posted May 16, 2017 Some can encrypt all drives that your computer has access - so backup drive should not be attached or on unless being used to make backup - once made remove power or USB cable. Link to comment Share on other sites More sharing options...
samtam Posted May 16, 2017 Share Posted May 16, 2017 18 hours ago, ukrules said: To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end. Doing the following on a Windows 7 installation will stop it : Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter. Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up. sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsisc.exe config mrxsmb10 start= disabled sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled After each line there will be a confirmation that it worked on the screen. you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware. The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine. There are new variants of this malware circulating right now and they don't have the 'killswitch' in them. Thanks. I will try this. I'm not clear from the link whether this should be a temporary disable or permanent. Link to comment Share on other sites More sharing options...
Pib Posted May 16, 2017 Share Posted May 16, 2017 1 hour ago, JAS21 said: Sorry please clarify a little more... the YES is that I still need to run that SMB thing or I don't need to run it as my updates are up to date. While on the subject my main PC has three drives C is an SSD and I keep little that is important to me on it. F and M are two separate Hard drives F is a backup of M Yes I know if my PC catches fire I will loose all my files. Do virus only attack the main drive ... the one with Win7 on. So if I get bad news I can just re-install Win7 on C drive Sorry I am not exactly PC intelligent as you can easily gleam. I do have an external backup though. tks The update/patch takes care of the SMB vulnerability. Since you have updates enabled you are good. Malware can attach all drives like how the wannacry ramsomware looks for certain files/files extensions regardless where they are located on your "puter. Link to comment Share on other sites More sharing options...
ukrules Posted May 16, 2017 Share Posted May 16, 2017 4 hours ago, samtam said: Thanks. I will try this. I'm not clear from the link whether this should be a temporary disable or permanent. It disables it permanently. The commands turn off the service which starts automatically when the comuter starts. This is why the 'start=disabled' part of the command is there. Once it's disabled it won't start again unless it's enabled using different commands. Also this is why you need to reboot because the service might be running, there are other ways to stop a running 'background service' but rebooting is going to be easier for most people. Apparently this SMBv1 is only really used by some older industrial machines and some scanner/printers which are connected through the network so it's not something that's going to be used by a lot of people. But if you do disable SMBv1 and your network connected scanner no longer works, this is going to be the reason. Link to comment Share on other sites More sharing options...
samtam Posted May 16, 2017 Share Posted May 16, 2017 OK, and if that is the case, how do I re-install? I have done a Windows Update ( recently and yesterday), so perhaps not necessary to do these? Link to comment Share on other sites More sharing options...
ukrules Posted May 16, 2017 Share Posted May 16, 2017 5 minutes ago, samtam said: OK, and if that is the case, how do I re-install? I have done a Windows Update ( recently and yesterday), so perhaps not necessary to do these? The instructions to reactivate SMBv1 are on the microsoft link, however nobody should be using it these days anyway as it has vulnerabilities - it's dead. Yes, the update will have fixed your problem anyway so don't worry about it. Link to comment Share on other sites More sharing options...
samtam Posted May 16, 2017 Share Posted May 16, 2017 Many thanks indeed for assisting this IT neanderthal! Link to comment Share on other sites More sharing options...
alocacoc Posted May 16, 2017 Share Posted May 16, 2017 An ATM in India. We can be happy that Thai ATMs aren't affected. Link to comment Share on other sites More sharing options...
wakeupplease Posted May 16, 2017 Share Posted May 16, 2017 On 15/05/2017 at 10:55 AM, ukrules said: To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end. Doing the following on a Windows 7 installation will stop it : Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter. Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up. sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsisc.exe config mrxsmb10 start= disabled sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled After each line there will be a confirmation that it worked on the screen. you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware. The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine. There are new variants of this malware circulating right now and they don't have the 'killswitch' in them. or go down to the apple mac shop and invest in a real computer, thats your best bet Link to comment Share on other sites More sharing options...
Pib Posted May 16, 2017 Share Posted May 16, 2017 1 hour ago, alocacoc said: An ATM in India. We can be happy that Thai ATMs aren't affected. A Thai ATM would instead say, "Oops, we have raised our foreign card fee again....it's now Bt250" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now