virus for winxp: remote process control failure

[Creamo]

Originally posted by Curval
My home machine has this...turned up this morning.

I'm p*ssed....my wife's relatives have been playing around on my computer and someone must have downloaded something.

And you got crabs from the toilet seat...

Nope, it searches for an open port and yer done. Unpatched Windows, and no firewall, you got it.

[Curval]

Really?  You mean I cannot blame this on relatives....DAMN.  

Okay...patching tonight, and virus software going on too.

Thanks guys.

Now, how do I get rid of these crabs?

[Creamo]

The non-electric vaccum pump.

whoopee it's hard to sell a goof here.

[Furball]

i got it last night too. scared the crap outta me!

W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.

You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability.

NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003 rev. 19

Also Known As: W32/Lovsan.worm [McAfee]

Type: Worm
Infection Length: 6,176 bytes



Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0352

This is what NAV said about it, i removed the file, removed the registry key and patched computer.  Everything seems fine now!

[Skuzzy]

Uhmm..just clarification:  An "open" port is a port on your computer that has some software attached to it causing it to be visible.

Also, see this post: http://www.hitechcreations.com/forums/showthread.php?s=&threadid=93762

[Curval]

So...logically if my wife's relatives downloaded the software that is attached to my port..they are still to blame.

Cool.  Thanks Skuzzy.

[Wanker]

Now, how do I get rid of these crabs?

I recommend seeing your pharmacist. She probably has some oitment that you can apply to your groin area.

May want to check the wife for crabs, too. Those little devils go everywhere

[hyena426]

all my freinds who dont have a firewall got it,,,i told them along time ago it would be a good idea to run zonealarm ,,,but no,,they wouldnt lisin,,lol,,but the ones i convinced to down load a firewall,,they got no virus at all,,crazy to your ip ports nakid online,,lol

[Skuzzy]

It's all in how it is setup hyena.  I have never used a firewall, and still don't and still will not catch this bugger, or any other bugger released on the net.
There is the brute force approach, and the elegant approach in securing network and computer systems.

[boxboy28]

Ok since i didn t check my system this morning ( i think i shut it down last night but....)
So If i have it when i get home will it still let you start the system and get the patch + remove it? Or is this thing gonna make the system un usable?

[Curval]

Box..just follow what is said on the link provided by Ozark.  You will be able to boot up no problem...it isn't a file destroying virus as far as I could see.  I got that remote access control failure message this morning and it shut down my machibe.  But, I was able to boot up again no problem.

I'm now clean of this virus and patched.

Thanks all.

[boxboy28]

COOL TY curval!

[daddog]

This thing nailed me. I called several squadies yesterday about it and banana called me at 7:30 AM to tell me what I had. I could not even stay online long enough yesterday and this AM to read my e-mails or the BB's to find the answers to my questions.

Deleted the W32Blaster in the Task Mgr. Then downloaded the FixBlast which removed it. I then was reading all the BB's and e-mails while I was trying to download the updates to close the door to this nasty bug. During that I reinfected my system. Ugh.. had to go though it all again, but did not have any luck the first couple of tries. I could not find it in the Task Mgr. Finally was online long enough to download the XP update. Problem was I did not know if I needed the XP 64 bit or the XP 32 bit. I downloaded the 64. Wrong! Keep in mind I am up in the Sierra Nevada Mts on a slow dial up. So now I am downloading the 32 bit. Crossing my fingers I can get this fixed.

[Curval]

I wasn't sure about the 64 or 32 bit version either..I guess I got lucky and got the right one...I went with 32 (in Windows there is a System32 directory which is what I based my decision on.)

Sounds like you and I are at about the same tech level daddog...and these types of viruses/worms hurt guys like us the most.

[AKIron]

Originally posted by muckmaw
Iron-

I've got a firewall on my PC...I think it's a McCaffee job. Yes, it's a big white M in a red square. (Geez, I know nothing about computers).

Anyway, it was a free trial but I never dowloaded it. I just keep resetting the clock on my computer back 2 weeks to keep it going.

Is this protection enough? Should I pay for the damn thing or keep bumping my computer back 2 weeks?

Muck, depends, if you have a broadband connection I'd definitely get a hardware firewall. CompUSA often has 'em for $40. If you have dialup there are many good software firewalls, personally I despise everything McAfee because of the headaches they've given me over the years. Zonealarm's pretty good.

Here's one reason a hardware firewall is better. Your PC isn't exposed to the attack and there's no Microsoft running on the firewall interface to be hacked/cracked/phracked.