|
|
|
|
08-12-2003, 09:15 AM
|
#1 |
|
Guest
Posts: n/a
|
XP and W2k machines being massively atacked
Connected to the net? You use Win XP or 2000? Well then check the following:
Alt-ctrl-del ONCE and check in your processes tab to see if you have a running process called msblast.exe running. If you do, you have been hit by the latest worm to target security failures in win xp/2k. If you dont have the running process, I suggest you install the following security patch: http://microsoft.com/technet/treevie...n/MS03-026.asp If you DO have the process running, here is how you get rid of it: 1. Disable your network. 2. Stop the process /msblast.exe/ from your Task Manager (ctrl-alt-del to make it pop up). 3. Delete the following registry key created by the worm: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "windows auto update"="msblast.exe" 4. Delete the binary archive (msblast.exe) and the packeted archive (MSBLAST.EXE-09FF84F2.pf) from your system. 5. Enable a firewall (the default one in Xp should be enough - check network properties). 6. Install the security patch linked above. Among other nasty things, this worm causes your system to reboot on its own over and over again, as well as preparing your system and all other affected systems connected online to launch a simultaneous attack on the 16th against the Microsoft Windows Update service. Nasty. |
|
|
08-12-2003, 09:39 AM
|
#2 |
|
Registered User
Join Date: Aug 2002
Posts: 11,905
|
|
|
|
|
08-12-2003, 09:45 AM
|
#3 |
|
Mahjikbahks is dying.
Join Date: Sep 2002
Posts: 17,428
|
(Pets his G4)
Seriously, use a firewall. It's like a condom for the internet.
__________________
 Steam ID: drunkensavior Windows Live: Jefferson1776 Games I'm hyped for Transistor, DayZ (Standalone), The Last of Us |
|
|
|
|
08-12-2003, 02:46 PM
|
#4 |
|
Nintend......OH!
Join Date: Dec 2002
Posts: 998
|
Once agian I'm glad I use Windows ME!
 It doest get attacked nearly as much as 2000 or XP. Seriously though, I think my next computer is going to be an Apple.
|
|
|
|
|
08-12-2003, 03:19 PM
|
#5 |
|
Guest
Posts: n/a
|
*cracks up*
You realize that Win ME is the buggiest and unstable piece of crap Microsoft has ever put out? Id seriously consider changing to 2k or xp, and if you are worried about the "security" of your system, dont worry, there are plenty of security flaws in ME just as in any Win system from NT onwards. The current worm is targeted only at 2k and XP, but you can be pretty sure other ones will pop up soon enough. |
|
|
|
08-12-2003, 03:54 PM
|
#6 |
|
Spiff to the Rescue!!
Join Date: Jun 2003
Location: Washington State
Posts: 3,630
|
I warned people about this over a week ago!
__________________
Steam, Xbox Live, PSN, and Apple Gamecenter: xSpacemanspiff Currently Playing: LOTR: War in the North, Dark Souls, Resident Evil 5, Crysis 2. |
|
|
|
|
08-12-2003, 05:10 PM
|
#7 |
|
Registered User
Join Date: Apr 2002
Posts: 3,547
|
I don't have this MSBlast thing on my machine, but I am keep getting this "HTTP IIS ISAPI Extension" attack from a couple of IP addresses, it is very annoying!
How do you stop these fools? 
|
|
|
|
|
08-13-2003, 01:17 AM
|
#8 |
|
Spiff to the Rescue!!
Join Date: Jun 2003
Location: Washington State
Posts: 3,630
|
My Aunt and Unlce got this virus, lol. They are brother and sister so its two different houses.
__________________
Steam, Xbox Live, PSN, and Apple Gamecenter: xSpacemanspiff Currently Playing: LOTR: War in the North, Dark Souls, Resident Evil 5, Crysis 2. |
|
|
|
|
08-13-2003, 01:45 AM
|
#9 |
|
Watching liek a Hwak
Join Date: Apr 2002
Posts: 2,971
|
I don't know about this ISAPI Extension thing, but here's some info on it.
http://www.microsoft.com/technet/tre...n/MS01-033.asp http://www.ciac.org/ciac/bulletins/l-078.shtml http://www.internetnews.com/dev-news....php/10_756411 When you get some unknown crap errors, it may be wise to write it down and do a search at google.com for any info behind it. |
|
|
|
|
08-13-2003, 03:30 AM
|
#10 |
|
gnarf! gnarf!
Join Date: Nov 2002
Location: Five min away from SavedFromSin
Posts: 8,463
|
I also have Windows Me but I have a running proces called MSBB. I sould check on this, just in case.
|
|
|
|
|
08-13-2003, 01:45 PM
|
#11 | |
|
Registered User
Join Date: Apr 2002
Posts: 3,547
|
Quote:
Thanks for the info! It's good that this ISAPI attack only affects IIS, and I don't even have it running on my machine. So it's not a matter even if the attack gets through the firewall? |
|
|
|
|
|
08-13-2003, 03:57 PM
|
#12 |
|
I create dead bodies
Join Date: Mar 2003
Location: Oz
Posts: 593
|
i have 3 firewalls + ad/spyware scanners, lol..
|
|
|
|
|
08-13-2003, 04:37 PM
|
#13 | |
|
Nintend......OH!
Join Date: Dec 2002
Posts: 998
|
Quote:
|
|
|
|
|
|
08-14-2003, 08:43 AM
|
#14 |
|
Guest
Posts: n/a
|
Well, adware/spyware dosnt really help, and firewalls do very little but block direct attacks. MSblast sneaks into your computer exploiting a security failure in your system. If the security failure is in IE, for example, malicious code can be run and installed on your PC through the port IE uses to connect to the net, thus allowing the code to slip THROUGH the firewall.
But yeah, I think the reason ME gets ignored so much is because so few people bother using the buggy thing. 
|
|
|
|
08-14-2003, 09:31 AM
|
#15 |
|
Wise Fool.
Join Date: Dec 2002
Location: live free or die
Posts: 409
|
and the point for multiple firewalls is what? one properly configured firewall is all you need (look at ANY corporation's firewall setup). anymore than one is pretty damned useless. Do you also have two front doors on your house?
__________________
Molder of today's tomorrow. "Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us." - Bill Watterson Love can sweep you off your feet and carry you along in a way you've never known before. But the ride always ends, and you end up feeling lonely and bitter. Wait. It's not love I'm describing. I'm thinking of a monorail. |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
