Aces High Bulletin Board
General Forums => The O' Club => Topic started by: moose on August 11, 2003, 08:56:54 PM
-
anyone else get this? i did after 12pm today and my friend was getting calls from all of his clients about it too.
unless you change the service properties, windows will restart every time rpc fails. erk.
****ing microsoft ****box easily hacked software.
-
3 words:
patch your s__t :)
-
Go it, fixed it. My bro's an IT guy and he walked me through the fix despite him being massively busy fixing his company's computers at work.
-
I wonder if a guy I know has this...
He was earlier complaining about his windows being force restarted with a countdown every now and then.
Never got to ask him if windows tells him why it's forcing restart.
-
That's the one.
-
So, uh....how do you fix it? My friend has this problem.
__________________
(http://r1329776.hostultra.com/images/nachosig.jpg)
Misty tales and poems lost
All the bliss and beauty will be gone
Will my weary soul find release for a while
At the moment of death I will smile
It's the triumph of shame and disease
In the end Iliad
4,/JG 53 (http://bellsouthpwp.net/w/o/wotans/4JG53/)
-
It's the w32.blaster.worm
For XP or ME
-Turn off system restore
-From task manager, shut down msblast.exe
-Run your antivirus scan, let it remove virus
-edit registry, remove the run msblast.exe
-
some of my friends are saying msblast isn't running and the anti-virus picks up nothing? Any more tips? Google isn't helping
-
http://www.net-integration.net/zeroscripts/msblasta.html
-
Originally posted by Ozark
http://www.net-integration.net/zeroscripts/msblasta.html
I'm telling you they can't find msblast.exe in processes. I found a quick fix for them though, when the message pops up, start >> run >> cmd >> type shutdown -a and that will abort the reboot. Should work until we find a fix
-
Did you get the patch?
-
Originally posted by Ozark
Did you get the patch?
Patch fixed it for him, you can get it at http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
__________________
(http://r1329776.hostultra.com/images/nachosig.jpg)
Misty tales and poems lost
All the bliss and beauty will be gone
Will my weary soul find release for a while
At the moment of death I will smile
It's the triumph of shame and disease
In the end Iliad
4,/JG 53 (http://bellsouthpwp.net/w/o/wotans/4JG53/)
-
Apparently, it can still cause problems for your system from other computers. The patch stops that. I checked my registry and it wasn't there either.
-
I have the system shutdown box on my desktop right now, been trying to fix it for last 1.5 hours. Figures I'd find the answer here:D
Shutdown box popped up but the timer never started ticking this last time. I've had it pulled down to the bottom of the screen for 20 minutes or so.
-
you can prevent it from doing the autoshutdown by changing the RPC service properties in windows management. i just set mine to attempt to restart the service when it failed instead of making me reboot.
i'm at work right now, when i get home i'll get the damn thing outta my system.
what annoys the crap outta me is that it came in via an open port, not even by my own stupid email or whatever. i havent downloaded a virus that i can remember but this somsqueak found me.
-
It found me too. God-damn microsoft. First CFS3 then this sht.
-
My virus protection software and firewall protected me just fine.
-
sounds like a scary mofo..
Good thing I should have it patched up, since windows update desn't find any necessary updates.
-
interesting, huh?
The RPC buffer overflow issue has been around since windows 98.
A private security firm comes to M$ and says "we found this exploit, it could be nasty, and by the way, mention us in your press release".
Press release, patch, lots of chatter and news articles warning about impending attack. Three weeks later, here it is.
-
Everyone squeakes about M$, but what about the miserable waste of flesh little salamanders who start these things?
You never hear about them getting arrested and doing time.
They really ought to be treated like E-Terrorists. Give 'em real prison sentences.
Little f*cks.
-
Windows keeps several ports open all the time. Go to a DOS box (XP/2K Start->Run, then type "command" and press )
In the box run "netstat -an" and it will list all your open ports for UDP and TCP. Make sure you close down all programs before running this, or you could get quite a list.
The ports with "Foriegn Addresses" os all zero's are the ports Windows keeps open all the time. They will get exploited, even if it is just a DOS attack.
The ports you cannot close down in Windows are ports TCP ports 135, 139, 445 (XP/2K) and UDP ports, 445 (XP/2K), 137, and 138.
The 13x ports are the NetBIOS ports and are used for file and printer sharing and have always been a security problem with all versions of Windows since W95.
-
Yea this is a nasty one. Been dealing with customers who have this for the last few days. Get yourself behind a firewall, preferably a router. I can see more viruses passed like this in the future.
-
Of course, like Ripsnore, wasn’t taken by surprise either.
I have a non-electric vacuum pump to seal my bunker foods I bought at a Preprepardness Expo in Texas.
Along with my diesel generator and Type 7 VHF radar and a two-level R6 bunker spread air traffic civil and military Mersey Radar, I’m set. The food will last for years.
Oh, and I patched WINXP, thank god.
-
The Internet is the new old wild west. If you ain't behind a farwall it's only a matter of time before you get plugged pardner.
-
Iron-
I've got a firewall on my PC...I think it's a McCaffee job. Yes, it's a big white M in a red square. (Geez, I know nothing about computers).
Anyway, it was a free trial but I never dowloaded it. I just keep resetting the clock on my computer back 2 weeks to keep it going.
Is this protection enough? Should I pay for the damn thing or keep bumping my computer back 2 weeks?
-
muck you can have sygate personal FW for free :
http://smb.sygate.com/products/spf_standard.htm
-
get a router with build in firewall. You can hook up more then computer and they are all covered.
-
My home machine has this...turned up this morning.
I'm p*ssed....my wife's relatives have been playing around on my computer and someone must have downloaded something.
:mad: :mad:
-
Originally posted by fd ski
get a router with build in firewall. You can hook up more then computer and they are all covered.
Huh? What?
Could you put that in English?
Router? Is that a little black box thingy?
I am soooo confused.
-
curval it's a port hack. All you have to be is connected to the internet. No download necessary.
-
Originally posted by Curval
My home machine has this...turned up this morning.
I'm p*ssed....my wife's relatives have been playing around on my computer and someone must have downloaded something.
:mad: :mad:
And you got crabs from the toilet seat...
Nope, it searches for an open port and yer done. Unpatched Windows, and no firewall, you got it.
-
Really? You mean I cannot blame this on relatives....DAMN. :)
Okay...patching tonight, and virus software going on too.
Thanks guys.
Now, how do I get rid of these crabs?
-
The non-electric vaccum pump.
whoopee it's hard to sell a goof here.
-
i got it last night too. scared the crap outta me!
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
Click here for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability.
NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003 rev. 19
Also Known As: W32/Lovsan.worm [McAfee]
Type: Worm
Infection Length: 6,176 bytes
Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0352
This is what NAV said about it, i removed the file, removed the registry key and patched computer. Everything seems fine now!
-
Uhmm..just clarification: An "open" port is a port on your computer that has some software attached to it causing it to be visible.
Also, see this post: http://www.hitechcreations.com/forums/showthread.php?s=&threadid=93762
-
So...logically if my wife's relatives downloaded the software that is attached to my port..they are still to blame.
Cool. Thanks Skuzzy.
-
Now, how do I get rid of these crabs?
I recommend seeing your pharmacist. She probably has some oitment that you can apply to your groin area.
May want to check the wife for crabs, too. Those little devils go everywhere
:D
-
all my freinds who dont have a firewall got it,,,i told them along time ago it would be a good idea to run zonealarm ,,,but no,,they wouldnt lisin,,lol,,but the ones i convinced to down load a firewall,,they got no virus at all,,crazy to your ip ports nakid online,,lol
-
It's all in how it is setup hyena. I have never used a firewall, and still don't and still will not catch this bugger, or any other bugger released on the net.
There is the brute force approach, and the elegant approach in securing network and computer systems.
-
Ok since i didn t check my system this morning ( i think i shut it down last night but....)
So If i have it when i get home will it still let you start the system and get the patch + remove it? Or is this thing gonna make the system un usable?
-
Box..just follow what is said on the link provided by Ozark. You will be able to boot up no problem...it isn't a file destroying virus as far as I could see. I got that remote access control failure message this morning and it shut down my machibe. But, I was able to boot up again no problem.
I'm now clean of this virus and patched.
Thanks all.
-
COOL TY curval!
-
This thing nailed me. I called several squadies yesterday about it and banana called me at 7:30 AM to tell me what I had. I could not even stay online long enough yesterday and this AM to read my e-mails or the BB's to find the answers to my questions.
Deleted the W32Blaster in the Task Mgr. Then downloaded the FixBlast which removed it. I then was reading all the BB's and e-mails while I was trying to download the updates to close the door to this nasty bug. During that I reinfected my system. Ugh.. had to go though it all again, but did not have any luck the first couple of tries. I could not find it in the Task Mgr. Finally was online long enough to download the XP update. Problem was I did not know if I needed the XP 64 bit or the XP 32 bit. I downloaded the 64. Wrong! Keep in mind I am up in the Sierra Nevada Mts on a slow dial up. So now I am downloading the 32 bit. Crossing my fingers I can get this fixed. :rolleyes:
-
I wasn't sure about the 64 or 32 bit version either..I guess I got lucky and got the right one...I went with 32 (in Windows there is a System32 directory which is what I based my decision on.)
Sounds like you and I are at about the same tech level daddog...and these types of viruses/worms hurt guys like us the most.:(
-
Originally posted by muckmaw
Iron-
I've got a firewall on my PC...I think it's a McCaffee job. Yes, it's a big white M in a red square. (Geez, I know nothing about computers).
Anyway, it was a free trial but I never dowloaded it. I just keep resetting the clock on my computer back 2 weeks to keep it going.
Is this protection enough? Should I pay for the damn thing or keep bumping my computer back 2 weeks?
Muck, depends, if you have a broadband connection I'd definitely get a hardware firewall. CompUSA often has 'em for $40. If you have dialup there are many good software firewalls, personally I despise everything McAfee because of the headaches they've given me over the years. Zonealarm's pretty good.
Here's one reason a hardware firewall is better. Your PC isn't exposed to the attack and there's no Microsoft running on the firewall interface to be hacked/cracked/phracked.
-
best way to deal iwth it is download the patch of microsoft...though in my case i couldent download the damn thing due to the system shutting down before i could get it...so i ended up downloading it at a freinds burning it and taking it home
oh and firewall wont stop it...it gains access through port 135...norton antivirus cant touch it...
and its a shame you cant blame it on relatives...my little brother was downloading **** when it hit (noon yesterday...)
-
A hardware firewall will stop it, a software firewall can stop it if configured properly. I believe that most software firewalls will allow you to control who has access to any and all ports. Still, hardware is much better way to go.
-
I think Skuzzy should write us a book ...
"Skuzzy's internet survival guide for idiots"
they'ed probly end up making a movie out of it ....
-
Originally posted by Roscoroo
I think Skuzzy should write us a book ...
"Skuzzy's internet survival guide for idiots"
they'ed probly end up making a movie out of it ....
Can I play the part of the hillbilly?
-
LOL Roscoroo!
-
I'd probably buy it Skuzzy, don't laugh too hard. :D
There's a market for this type of guide...something that isn't for beginners (I mean I made it this far :) ), but who are lacking in these types of internet and computer knowledge.
-
A hardware firewall will stop it, a software firewall can stop it if configured properly. I believe that most software firewalls will allow you to control who has access to any and all ports. Still, hardware is much better way to go.
i been thinking of making my old computer into my server and stack it full of protection,,,,and you are right,,my firewall stops just about all ports besides the ones i let ,,and i didnt get hit,,but all my freinds who dont run any protection besides nortons anti virus got hit,,nortons is not good anuff protection,,i wont run with out a firewall,,mine has picked up over 8,600 highly rated so far this year alone
-
I went thru those software firewalls many moons ago ... ZA always seamed to think everything was a virus ... and was totally confused most of the time ...
i finally learned to close certian ports . and run an anti virus scan type program . ive been safe since i went back to that method.
(i even instantally caught and banished the virus's the mrs Roo brought home from a kazaa dl )
I heard that alot of hacks are looking for firewalls and trying to get thru them more often then a simple setup...
P,s. The Mrs Roo says she'll play the Damsel in distress for the movie Provided we get Mel Gibson to play Skuzzy :D
-
im running a pirated version of Win XP... am i at risk of getting worms and viruses?
-
Yes you are , Shhhhhhh i have one of those to , and i put all the updates on it and it didnt effect it at all (cause it to blow out) the patches and update reset it to 30days again also, (i think u know what i mean ) hope this helps
I just tossed xp back in the drawer though and went back to 98 , it runs my games so much better.
-
Note that there's not really such thing as a "hardware firewall". You can buy of course a nice box dedicated and tuned to be a firewall, but you can bet there's some software inside it running the show.
At home I use Kerio Personal Firewall, it's free for home use, and has a nice default "learning mode". It blocks everything by default, but asks you when it encounters a new "kind" of connection, so you can allow, deny or just make a rule to stop it from asking in the future, so you are just bothered by it the first time you connect to your games, chats or whatever.
I have setup old 486 or Pentium Linux boxes as low budget firewalls, they performed pretty good, and there's little they cannot do.
Most DSL routers for home use have built in firewalls, YMMV, I have found some easy to use, others are arcane.
At work we use a few of those "hardware firewalls". Nice looking NetScreen boxes full of fancy colored leds. They are pretty and can do lots of nice stuff, but at 20K € each, they don't really fit at home. We didn't got the worm into our 6000+ computers network, but were pretty lucky to be able to unplug some guy who brought his infected laptop from home when he started probing port 135 like crazy, having happily bypassed our fancy firewalls just walking. So you have to be on top of things and have some luck even if you think you have everything secured.
-
Read this yesterday and planned to deal with our plant PC's today when I arrived. As it turned out, by the time I arrived, they were already shutting down all over the building. Spent the first 2 hours 'fixing' terminals here. I won't wait next time, might even try to stay current with all the patches and fixes. Gawd I hate windows....
-
Who would play Skuzzy?
(http://www.internerd.com/frinky/images/measasimpson.gif)
-
This makes you think about how many exploits that MS dont know about... and exploits the hackers are sitting on and wont realease to the general public...
We can patch patch patch but still there are unknown ways for the scriptkiddies and haxxors to use...
-
2 Freebies that I think have been mentioned -
Free software Firewall - Kerio (http://www.kerio.com) and Free Anti-Virus - AVG (http://www.grisoft.com/us/us_index.php)
I've run both of them on W2K for about 3 years have yet to get infected (touch wood). I'm virtually PC/Internet illiterate so if I can do it, I guess anyone can.
-
1) Complain long and loud to your ISP about allowing ports 13x to be propagated to/from the Internet. This is the source of most problems.
2) Hit the MS update site regularly. This worm would have had zero effect on anyone that would have kept up on the patches for XP/2K.
I would say 99.9% of the firewall users have no idea how to properly configure a firewall. The brute force approach is to block all ports, including those that have nothing running on them. It yells to the Internet, "I HAVE A FIREWALL, TRY AND BREAK IN!"
People are too paranoid or lack the understanding of how networking operates.
First, there is absolutely no way any software can connect to your computer, unless the port is already opened on your computer. It is a networking impossibility for that to happen. Thus, if you must run a firewall, at lease just block the ports that are opened on your computer. The NetBIOS 13x ports are the serious ones. Port 443 for XP/2K is the other port.
I do not like software firewalls for one big reason. They steal CPU cycles away from all other software. I do not like consumer/personal routers as they are not complete. They lack load balancing, they use a very slow CPU, they do not have a complete NAT solution (or are very limited due to lack of ram) and they propagate NetBIOS ports (really stupid).
Of course, they have a firewall added to a CPU which is basically overloaded already (most have a 16Mhz CPU, and run a mini-version of Linux).
Anywho, I use a Linux box (Slackware) for all the work. A 233Mhz system with 32MB of ram and 2 nice ethernet cards. Of course, I have 6 computers on my LAN, and a couple of networked printers as well. My router has been up for just about a year now, with no reboots and no problems. Anyone having problems with type of setup simply did something wrong or did not understand how to set it up properly.
The nice thing about this is Linux will not propagate NetBIOS ports, even though I run Samba on it for a shared partition (does not propagate beyond my LAN). I have it handle all incoming email so it can toss any incoming attachments (always hated those things). I use it for my name server (more reliable than the ISP's is), and it handles my outbound email (masquerades so even my local IP's do not show up in the email header).
I have no firewalls or anti-virus programs running on any of my computers and have never gotten a virus on any of the systems.
Admittedly, this is not something everyone can do. It does take some knowledge and understanding of a lot of different aspects of networking, Linux, sendmail, samba, BIND, fetch, tcp wrappers and so on.
But, if you already have a computer laying around, it is about as cheap as solution as you can get and works much better than the consumer routers will ever be able to do.
-
NetBIOS should be disabled on default and only enabled by the user if he needs to.
NetBIOS is completely useless for most people around and yet they're keeping this gaping hole open to their computer, since it's been so out of the package and they have no idea whats NetBIOS.
-
Your right curval. I know just enough to get myself in trouble. After that I rely on my nerd squadies to help me out. ;)
Anywho, I use a Linux box (Slackware) for all the work. A 233Mhz system with 32MB of ram and 2 nice ethernet cards. Of course, I have 6 computers on my LAN, and a couple of networked printers as well. My router has been up for just about a year now, with no reboots and no problems. Anyone having problems with type of setup simply did something wrong or did not understand how to set it up properly.
The nice thing about this is Linux will not propagate NetBIOS ports, even though I run Samba on it for a shared partition (does not propagate beyond my LAN). I have it handle all incoming email so it can toss any incoming attachments (always hated those things). I use it for my name server (more reliable than the ISP's is), and it handles my outbound email (masquerades so even my local IP's do not show up in the email header).
I have no firewalls or anti-virus programs running on any of my computers and have never gotten a virus on any of the systems.
Admittedly, this is not something everyone can do. It does take some knowledge and understanding of a lot of different aspects of networking, Linux, sendmail, samba, BIND, fetch, tcp wrappers and so on.
But, if you already have a computer laying around, it is about as cheap as solution as you can get and works much better than the consumer routers will ever be able to do.
Skuzzy I love you man. Would you move in with me? I will not make you change any diapers and my wife is a good cook.
-
Originally posted by takeda
Note that there's not really such thing as a "hardware firewall". You can buy of course a nice box dedicated and tuned to be a firewall, but you can bet there's some software inside it running the show.
Well, since we're on a technical subject here, many firewalls don't have any software, rather they have firmware.
Skuzzy, I have to disagree about the low end stuff. I find most of the small boxes do NAT quite well and handle the load of less than 5 PCs with ease. At least that's been my experience, and I've seen and supported many in use. Furthermore, I've never seen one hacked, not that it's not possible, just haven't seen it.
-
Originally posted by AKIron
Well, since we're on a technical subject here, many firewalls don't have any software, rather they have firmware.
hu ?
There is not difference between firmware and software ... it's in both case a sequence of code executed by a CPU
-
There's enough difference for there to be a name for each.
-
Well theres plenty of viruses that reset your bios, or corrupts your bios, this is the tactic for infecting "hardware firewalls" i guess...
They "djust" have to find an exploit on the specified hardware firewall that let the "hacker" run his code on it...
-
No doubt they can be hacked. Takes a hands on approach though and is a lot of effort. No worms doing it anyways, so far. And why bother when all you'll likely find on the other side is Joe Blow's home PC.
-
it's not 'WHAT' goes 'OUT' of your puter that is dangerous....
it's 'who' or 'what' that is trying to come 'IN'.....(they use your computer ports for that)
usually you will try to stop anything coming 'IN' with a Firewall.
if ya really paranoid....you check both.
ALWAYS.....ALWAYS update your OS...did i say 'ALWAYS'.
-
Originally posted by SLO
it's not 'WHAT' goes 'OUT' of your puter that is dangerous....
You've obviously never plugged a 486 cpu in the wrong way and had parts of it punch a hole in your ceiling when the machine was turned on. :D
Neither have I but I've seen the results.
-
But if i use my 486 for a gateway I wont be able to play AH with it anymore:(
-
What would we be up to now if Intel had continued the x86 naming convention? 886?
So, will a P5 be called a PP (Pentium Pentium)?
-
Originally posted by Skuzzy
I have no firewalls or anti-virus programs running on any of my computers and have never gotten a virus on any of the systems.
See what happens when you don't download porn on IRC all day?:D
-
LOL daddog!
True rpm. I do not have any IRC programs installed, nor any file sharing programs, nor any instant messengers. None of them are worth the headaches they will eventually cause.
-
Originally posted by AKIron
There's enough difference for there to be a name for each.
hahem ... synonym ring a bell ?
-
Originally posted by straffo
hahem ... synonym ring a bell ?
Except they are not. Firmware is most often stored in ROM and executed from there. Software is usually loaded from a disk into RAM and executed from there.
The biggest difference here is that a hardware/firmware firewall can easily be reset to factory defaults quickly eliminating the sometimes extensive efforts of a hacker.
-
noodle32.exe
Its an variant of the worm... update your virus software...
-
Both can be true :D
I'm certainly picky :p ,I'm daily building a software wich is a ****ware ... according to your definition :
If it's on my devellopement PC it's a software ...(*)
When I do a release it's embeded on a PC104 ...(*)
So it's a firmware or a software :confused: ?
(*) in both case the ****ware work the same but a PC104 is a lot more tiny than even a shoe-box PC
-
Straffo, I didn't make these words up, they've been around a long time.
We were discussing the merits of a software firewall (the type that runs on your PC) vs a hardware firewall (in our case one of the soho variety). Takeda got picky and said that they were all software. I got pickier and said the hardware were actually firmware.
-
Got the worm...found it ...removed it....fini.
You guys are soundin mighty geeky:)
-
Originally posted by Rude
Got the worm...found it ...removed it....fini.
You guys are soundin mighty geeky:)
me a geek ?
never :p
Concerning the merit of "hardware" or "software" Firewall it's pretty simple : an "hardware" solution won't add another "software" on your gaming PC and so won't use any horsepower on it.
Notice how prudent I am : I've used a f**ed abnormal number of double-quote in this post :p
-
hehe Rude, if you read this board yer a geek, only a matter of degree.
Straffo, you pegged it. When it runs on yer PC it's software, when your burn a rom it's firmware. If you load it into RAM from ROM then I guess you could call it Software. You can execute it directly from ROM though.
-
Originally posted by Curval
Now, how do I get rid of these crabs?
Shave half of your groin. Soak the other half in lighter fluid, light it, and stab the little buggers when they leap across.
-
That reminds me of the guy who came in with genital warts so bad, he couldn't urinate. Had to call the urologist on duty to literaly punch the catheter to reach his bladder.
Originally posted by Snork
Shave half of your groin. Soak the other half in lighter fluid, light it, and stab the little buggers when they leap across.
-
so if i put a condom over the worm it will keep me protected???
-
Make sure you check yor c:\windows\prefetch directory for a lingering MSBLAST.EXE file. I was shoked to see this thing in my computer after a disinfection, a patch and a fixblast and a serch
c:\. All turned up nuthing, yet there it was, laying in wait.
-
Is the worm (MSBLAST) a Micro$oft's tactic to force pirated users of Win XP to buy the original software that cost $200+?:rolleyes: BTW, those people who have the pirated section (like me) of Win XP cant upgrade to SP1.