PDA

View Full Version : XP and W2k machines being massively atacked


Seska
08-12-2003, 09:15 AM
Connected to the net? You use Win XP or 2000? Well then check the following:

Alt-ctrl-del ONCE and check in your processes tab to see if you have a running process called msblast.exe running. If you do, you have been hit by the latest worm to target security failures in win xp/2k.

If you dont have the running process, I suggest you install the following security patch: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

If you DO have the process running, here is how you get rid of it:

1. Disable your network.

2. Stop the process /msblast.exe/ from your Task Manager (ctrl-alt-del to make it pop up).

3. Delete the following registry key created by the worm:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"windows auto update"="msblast.exe"

4. Delete the binary archive (msblast.exe) and the packeted archive (MSBLAST.EXE-09FF84F2.pf) from your system.

5. Enable a firewall (the default one in Xp should be enough - check network properties).

6. Install the security patch linked above.


Among other nasty things, this worm causes your system to reboot on its own over and over again, as well as preparing your system and all other affected systems connected online to launch a simultaneous attack on the 16th against the Microsoft Windows Update service.

Nasty.

Nindalf
08-12-2003, 09:39 AM
Quickly! CLICK HERE! (http://members.aol.com/crazykwazy/lifthzwoortwoortwoort.wav)

And no, its not crickets.

Good think I dont use XP or 2000. :sing:

Drunken Savior
08-12-2003, 09:45 AM
(Pets his G4)

Seriously, use a firewall. It's like a condom for the internet.

Bad1
08-12-2003, 02:46 PM
Once agian I'm glad I use Windows ME!:sing: It doest get attacked nearly as much as 2000 or XP. Seriously though, I think my next computer is going to be an Apple.

Seska
08-12-2003, 03:19 PM
*cracks up*

You realize that Win ME is the buggiest and unstable piece of crap Microsoft has ever put out? Id seriously consider changing to 2k or xp, and if you are worried about the "security" of your system, dont worry, there are plenty of security flaws in ME just as in any Win system from NT onwards.

The current worm is targeted only at 2k and XP, but you can be pretty sure other ones will pop up soon enough.

SpaceManSpiff
08-12-2003, 03:54 PM
I warned people about this over a week ago!:o

Rubeus
08-12-2003, 05:10 PM
I don't have this MSBlast thing on my machine, but I am keep getting this "HTTP IIS ISAPI Extension" attack from a couple of IP addresses, it is very annoying!

How do you stop these fools? :too mad:

SpaceManSpiff
08-13-2003, 01:17 AM
My Aunt and Unlce got this virus, lol. They are brother and sister so its two different houses.

Black Ace
08-13-2003, 01:45 AM
I don't know about this ISAPI Extension thing, but here's some info on it.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
http://www.ciac.org/ciac/bulletins/l-078.shtml
http://www.internetnews.com/dev-news/article.php/10_756411

When you get some unknown crap errors, it may be wise to write it down and do a search at google.com for any info behind it.

Sinful Sam
08-13-2003, 03:30 AM
I also have Windows Me but I have a running proces called MSBB. I sould check on this, just in case.

Rubeus
08-13-2003, 01:45 PM
Originally posted by Ikaruga
I don't know about this ISAPI Extension thing, but here's some info on it.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
http://www.ciac.org/ciac/bulletins/l-078.shtml
http://www.internetnews.com/dev-news/article.php/10_756411

When you get some unknown crap errors, it may be wise to write it down and do a search at google.com for any info behind it.


Thanks for the info! It's good that this ISAPI attack only affects IIS, and I don't even have it running on my machine. So it's not a matter even if the attack gets through the firewall?

insteefy
08-13-2003, 03:57 PM
i have 3 firewalls + ad/spyware scanners, lol..

Bad1
08-13-2003, 04:37 PM
Originally posted by Seska
*cracks up*

You realize that Win ME is the buggiest and unstable piece of crap Microsoft has ever put out? I never said it wasn't a peice of Microsoft crap. Most of their OS are, which is why this attack seems to be happening. I just pointed out that the ME usually gets ignored by these things. Besides, none of this stuff usually bothers me, I got firewalls and adware/spyware detection.

Seska
08-14-2003, 08:43 AM
Well, adware/spyware dosnt really help, and firewalls do very little but block direct attacks. MSblast sneaks into your computer exploiting a security failure in your system. If the security failure is in IE, for example, malicious code can be run and installed on your PC through the port IE uses to connect to the net, thus allowing the code to slip THROUGH the firewall.

But yeah, I think the reason ME gets ignored so much is because so few people bother using the buggy thing. :D

mackensie
08-14-2003, 09:31 AM
and the point for multiple firewalls is what? one properly configured firewall is all you need (look at ANY corporation's firewall setup). anymore than one is pretty damned useless. Do you also have two front doors on your house?

Reality
08-14-2003, 08:34 PM
That's one of the best things about apple. Only about 3% of all those viruses out there effect and then that matter if they are even anything to worry about.