1. Register NOW and become part of this fantastic knowledge base forum! This message will go away once you have registered.

Worm.....

Discussion in 'Computing' started by Opus2000, Aug 12, 2003.

  1. Opus2000

    Opus2000 Well-Known Member

    Obviously I'm sure most of you have heard about the new worm that is infecting most Win2k and XP users....

    Make sure you either update your anti virus, install a firewall and or get the patch for the security hole(grand canyon hole is more like it!) that is unfritunate in the MS OS!

    Cheers

    Opus :D
     
  2. falkon2

    falkon2 Well-Known Member

    The patch in question was released middle of last month, so for once, Microsoft can't really be faulted. But yeah - more than a couple of friends got hit. Instant reformat for most, tedious backup sessions for the more tech-savvy.
     
  3. Opus2000

    Opus2000 Well-Known Member

    Actually all you had to do was install the patch and it should be up and running again...

    BUT....I'm sure most of you know that why take the chance and have it reside quarantined(or somewhat quarantined!) on your drive!

    Two of my friends got hit by it as well...

    sad but true as they say!

    Opus :D
     
  4. Ethan Winer

    Ethan Winer Active Member

    Opus,

    > install a firewall <

    Bingo! I paid about $180 for my LinkSys firewall/router a few years ago, but now that they're $50 or $60 there's simply no excuse not to have a real hardware firewall.

    --Ethan
     
  5. Blutone

    Blutone Guest

    :roll:
     
  6. Opus2000

    Opus2000 Well-Known Member

    Mac

    Opus :D
     
  7. gdoubleyou

    gdoubleyou Well-Known Member

    My wife is a Microsoft employee, she said the servers at her location became unresponsive around one oclock, she's not on the main campus.

    Please buy more Microsoft products, so i can afford a G5 in january.

    :D ;) :roll:
    :p:
     
  8. SonOfSmawg

    SonOfSmawg Well-Known Member

    First of all, let me start by saying:

    BILL GATES SUCKS

    It all started Monday morning. My g/f and I got our coffee & cigarettes, and went online to play our favorite online RPG for about an hour, as we do every day, just to start our day off on a bright note. We both started getting this error message, repeatedly:

    "This system is shutting down. Please save all important information and close running applications. This shut down was initiated by NT AUTHORITYSYSTEM.

    The system is being shut down because the Remote Procedure Call (RPC) service was terminated unexpectedly."

    She had to go to work, and said she'd mess with her computer when she got home...

    I had a bad feeling about this strange error, and I decided I'd investigate. Google yielded zilch. I thought about the error (which I'd never seen before), and went into Services. I found two listings for Remote Procedure Call, and discovered that, in the first one, under the Recovery tab, it was set to restart the computer if there was an error. I changed it to Take No Action. This succeeded in stopping the shutdowns.

    Later that day, my g/f came home and went on her peecee, and I did the same to hers as I'd done to mine ... but it didn't work. She had all sorts of probs. She couldn't bring up web pages, the error message kept coming up, she kept getting booted from the RPG ... she finally came and asked me to have a look at it. I checked it out for a while, but she said she was going to watch tv anyway, and told me not to bother with it anymore. After pulling my hair out for about an hour, I was glad to oblidge.

    Tuesday, while in town, I dropped into my ISP's office and told the guy there about this strange error message. He told me that he was being flooded with calls from XP users having the same problem, and handed me a sheet of paper. It said to do EXACTLY what I had already done, but it also gave a link to the MicroSoft patch for this problem. He was busy, so I didn't get to actually discuss it with him.

    When I got home, I went online to get the patch. To my horror, at the top of the page was MSBLASTER WORM. This was my first run-in with a real web-nasty. I applied the patch and everything was still fine. But I knew my g/f's peecee was in worse shape than mine, and I feared the worst. So, I kept looking into it. I found that Trend had a free little program which is updated daily that would detect and remove all traces of MSBLASTER, so I downloaded it to my peecee, ran it, and it found no traces of any nasties at all. Then my g/f came home...

    I told her I'd found Trend's little "cyber ferret", as well as a MicroSoft Patch, burned them to a CD, and took them over to her hive of cyber-infestation. I popped-in the CD and ran Trends nifty little tool (which is AWESOME, btw). Sure enough, MSBLASTER, in all it's hideous glory. The Trend program deleted most of it, but it left behind a hidden file in CWindowsSystem32. I typed MSBLASTER into search, it displayed the last offender, and I promptly deleted it.

    I decided to run the Trend utility again to make sure it got it all. But now, WHAT WAS THIS? PUROL, a different Worm! The Trend utility detected it, but could not do anything about it. By the looks of the log, it had infested itself into damn near every nook and cranny of the system.

    I read about Purol on the Trend site, and it is much worse than MSBLASTER. It's highly destructive. Trend gives instructions on how to get rid of it, but they are very long and envolved. After seeing PUROL's degree of infestation, and reading about what it does, I decided that it's really best to just partition, format, and reload. I'm a back-up phreak, so she isn't going to lose anything in the process.

    So, tonight I'm setting her up with a different peecee, and loading Windows98se on it, at her request. I'm zeroing it's hard drive as I type. She's playing the RPG online right now, on the Purol-infested peecee, but it's not giving her any trouble. Tomorrow I'll start the task of reloading her peecee, which I'll have done in a couple of days.

    Now, I'm wondering if this MSBLASTER is perhaps being used to sort-of "make way" for the PUROL worm, or if catching two worms at the same time just happens to be a million-to-one coincidence. What would you think??? I'm sure you can understand why I would logically deduce that the former is most likely the case.

    What gets me is the message that the MSBLASTER author put into the virus:

    "I just want to say LOVE YOU SAN!!
    billy gates why do you make this possible ? Stop making money and fix your software!!"

    So, this clown wasted about a week of my time just cuz he wanted to stick his tongue out at Bill Gates. What a fukkin moron.

    I think what he and a lot of people don't understand is that Bill Gates is leaving these back doors there on purpose, for his own (evil) future plans. If he closes them up now, he won't have access to do the things he has planned for the future. He's going to do whatever the hell he wants to do, and nobody seems to have enough balls to stop him. He's already proven that he won't even do what the courts tell him to do, and the courts just look the other way.

    Again, I encourage everyone to start participating in Linux. The less people use Windows, the less money Bill Gates makes. Don't be fooled into thinking that because you are using a cracked version of Windows that you are succeeding in bypassing his money-making scheme. You still see all the same advertising that the people who paid for it see. You still use applications made for Windows. You still buy from vendors who manufacture stuff made for Windows. Download a few Linux distros, come and hang-out at the RO Linux forum, and get yourself used to it. The more nasty events like this current one that happen, the more people will be inclined to switch to Linux. Don't wait. Do it now!

    :c:
     
  9. chrisperra

    chrisperra Active Member

    here's a way to close one of the back doors. has anyone ever recieved a pop up from block messenger.com or stop popups.com. with statements like go to our website, buy our program for 30 bucks and say goodbye to pop ups forever?


    this will do the same thing, but for free.
    go to your:

    control panel,

    administrative tools,

    services,

    scroll down and find "messenger", double click, you'll get a page that first:

    select "stop" on the service status, and set the startup status to manual.

    this will close a backdoor way into xp that many popup ads use. it's a built in messenger system that we aren't really told about


    also:

    a freware program called "ad aware" from lavasoft.com searches your entire computer for data miner programs that screw with things.

    the first time i ran it there was 200 items , from data miner programs to registry keys.after i used it my computer ran way faster.

    be carefull if you depend on cookies cause ad aware will get rid of them as well.

    good luck

    chris perra
     
  10. falkon2

    falkon2 Well-Known Member

    Another one:

    http://www.download.com -> Search for "Spybot"

    I haven't used Ad Aware, so I can't comment on how they fare in comparison to each other.
     
  11. Opus2000

    Opus2000 Well-Known Member

    Ahhh SOS...again, the rambling man! lol

    Quick and dirty way of stopping most of this madness...

    Firewall! If you don't want to go out and get one simply go into the network properties of the LAN card and turn on the built in firewall. That does two things....stops the annoying back door ads and helps protect your computer. I leave all the options as is..I never fiddle with them.

    That's only if you are not using a real firewall.

    Then again I'm planning on building a Linux box as my Firewall system!

    Opus :D
     
  12. SonOfSmawg

    SonOfSmawg Well-Known Member

    I hear ya, Gary. Good advice, and I do intend to install some sort of protection now, but I'm just not sure what type yet. Online games are finnicky about that stuff. Since I never had a single problem before, I never gave protection a second thought, so I'm ignorant about it, but I'm sure as hell learning now!

    Perhaps I was a bit lenient on the MSBLASTER author. He has cost me a lot of time. But even though his methods were nasty, I just find it hard to be too pissed at a guy who spikes the ball in Bill Gates' face. If this fiasco has helped to lean some people toward Linux, well, then at least there's a bright side to all of this.
     
  13. MisterBlue

    MisterBlue Member

    Three easy things prevent you from this kinda crap :

    Install those Windows XP updates as soon as they become available, get a decent virus checker and internet firewall software package and keep the software current. First and third measure are free and the second one can be had for less than $20. I got the OEM version of Norton Internet Security 2002 a year ago for $12 from Directron. Catches most of the junk out there.

    An occasional "DriveImage2002" run to backup the disks additionally takes the worst edge off any catastrophic HDD failures.

    Well, I guess I should say that this combination seems to work at least for me so far. Knock on wood ...

    MisterBlue.
     
Similar Threads
  1. mikE@THECAVE
    Replies:
    4
    Views:
    2,119
Loading...

Share This Page