The MagicBox Forums  

Go Back   The MagicBox Forums > General Topics > PC / Games / Internets Discussion

Reply
 
Thread Tools Display Modes
Old 08-12-2003, 09:15 AM   #1
Seska
Guest
 
Posts: n/a
XP and W2k machines being massively atacked

Connected to the net? You use Win XP or 2000? Well then check the following:

Alt-ctrl-del ONCE and check in your processes tab to see if you have a running process called msblast.exe running. If you do, you have been hit by the latest worm to target security failures in win xp/2k.

If you dont have the running process, I suggest you install the following security patch: http://microsoft.com/technet/treevie...n/MS03-026.asp

If you DO have the process running, here is how you get rid of it:

1. Disable your network.

2. Stop the process /msblast.exe/ from your Task Manager (ctrl-alt-del to make it pop up).

3. Delete the following registry key created by the worm:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"windows auto update"="msblast.exe"

4. Delete the binary archive (msblast.exe) and the packeted archive (MSBLAST.EXE-09FF84F2.pf) from your system.

5. Enable a firewall (the default one in Xp should be enough - check network properties).

6. Install the security patch linked above.


Among other nasty things, this worm causes your system to reboot on its own over and over again, as well as preparing your system and all other affected systems connected online to launch a simultaneous attack on the 16th against the Microsoft Windows Update service.

Nasty.
  Reply With Quote
Connect With Facebook to "Like" This Thread

Old 08-12-2003, 09:39 AM   #2
Nindalf
Registered User
 
Nindalf's Avatar
 
Join Date: Aug 2002
Posts: 11,905
Quickly! CLICK HERE!

And no, its not crickets.

Good think I dont use XP or 2000.
Nindalf is offline   Reply With Quote
Old 08-12-2003, 09:45 AM   #3
Drunken Savior
Mahjikbahks is dying.
 
Drunken Savior's Avatar
 
Join Date: Sep 2002
Posts: 18,553
(Pets his G4)

Seriously, use a firewall. It's like a condom for the internet.
__________________

Steam ID: drunkensavior
TwitchTV: Mr. Orthoclase
Games I'm hyped for
The Witcher 3, Batman: Arkham Kight, Star Citizen, Destiny, Alien: Isolation,
The Division, Borderlands: The Pre-Sequel, Metal Gear Solid V
Drunken Savior is offline   Reply With Quote
Old 08-12-2003, 02:46 PM   #4
Bad1
Nintend......OH!
 
Bad1's Avatar
 
Join Date: Dec 2002
Posts: 998
Once agian I'm glad I use Windows ME! It doest get attacked nearly as much as 2000 or XP. Seriously though, I think my next computer is going to be an Apple.
Bad1 is offline   Reply With Quote
Old 08-12-2003, 03:19 PM   #5
Seska
Guest
 
Posts: n/a
*cracks up*

You realize that Win ME is the buggiest and unstable piece of crap Microsoft has ever put out? Id seriously consider changing to 2k or xp, and if you are worried about the "security" of your system, dont worry, there are plenty of security flaws in ME just as in any Win system from NT onwards.

The current worm is targeted only at 2k and XP, but you can be pretty sure other ones will pop up soon enough.
  Reply With Quote
Old 08-12-2003, 03:54 PM   #6
SpaceManSpiff
Spiff to the Rescue!!
 
SpaceManSpiff's Avatar
 
Join Date: Jun 2003
Location: Washington State
Posts: 3,635
I warned people about this over a week ago!
__________________
Steam, Xbox Live, PSN, and Apple Gamecenter: xSpacemanspiff
SpaceManSpiff is offline   Reply With Quote
Old 08-12-2003, 05:10 PM   #7
Rubeus
Registered User
 
Rubeus's Avatar
 
Join Date: Apr 2002
Posts: 4,287
I don't have this MSBlast thing on my machine, but I am keep getting this "HTTP IIS ISAPI Extension" attack from a couple of IP addresses, it is very annoying!

How do you stop these fools?
Rubeus is offline   Reply With Quote
Old 08-13-2003, 01:17 AM   #8
SpaceManSpiff
Spiff to the Rescue!!
 
SpaceManSpiff's Avatar
 
Join Date: Jun 2003
Location: Washington State
Posts: 3,635
My Aunt and Unlce got this virus, lol. They are brother and sister so its two different houses.
__________________
Steam, Xbox Live, PSN, and Apple Gamecenter: xSpacemanspiff
SpaceManSpiff is offline   Reply With Quote
Old 08-13-2003, 01:45 AM   #9
Black Ace
Watching liek a Hwak
 
Black Ace's Avatar
 
Join Date: Apr 2002
Posts: 2,971
I don't know about this ISAPI Extension thing, but here's some info on it.
http://www.microsoft.com/technet/tre...n/MS01-033.asp
http://www.ciac.org/ciac/bulletins/l-078.shtml
http://www.internetnews.com/dev-news....php/10_756411

When you get some unknown crap errors, it may be wise to write it down and do a search at google.com for any info behind it.
Black Ace is offline   Reply With Quote
Old 08-13-2003, 03:30 AM   #10
Sinful Sam
gnarf! gnarf!
 
Sinful Sam's Avatar
 
Join Date: Nov 2002
Location: Five min away from SavedFromSin
Posts: 8,611
I also have Windows Me but I have a running proces called MSBB. I sould check on this, just in case.
Sinful Sam is offline   Reply With Quote
Old 08-13-2003, 01:45 PM   #11
Rubeus
Registered User
 
Rubeus's Avatar
 
Join Date: Apr 2002
Posts: 4,287
Quote:
Originally posted by Ikaruga
I don't know about this ISAPI Extension thing, but here's some info on it.
http://www.microsoft.com/technet/tre...n/MS01-033.asp
http://www.ciac.org/ciac/bulletins/l-078.shtml
http://www.internetnews.com/dev-news....php/10_756411

When you get some unknown crap errors, it may be wise to write it down and do a search at google.com for any info behind it.

Thanks for the info! It's good that this ISAPI attack only affects IIS, and I don't even have it running on my machine. So it's not a matter even if the attack gets through the firewall?
Rubeus is offline   Reply With Quote
Old 08-13-2003, 03:57 PM   #12
insteefy
I create dead bodies
 
insteefy's Avatar
 
Join Date: Mar 2003
Location: Oz
Posts: 593
i have 3 firewalls + ad/spyware scanners, lol..
__________________
D-D-D-D-D-DREAMTEAM!!!!
http://www.zdnet.co.jp/games/gsnews/...ages/sam02.jpg
insteefy is offline   Reply With Quote
Old 08-13-2003, 04:37 PM   #13
Bad1
Nintend......OH!
 
Bad1's Avatar
 
Join Date: Dec 2002
Posts: 998
Quote:
Originally posted by Seska
*cracks up*

You realize that Win ME is the buggiest and unstable piece of crap Microsoft has ever put out?
I never said it wasn't a peice of Microsoft crap. Most of their OS are, which is why this attack seems to be happening. I just pointed out that the ME usually gets ignored by these things. Besides, none of this stuff usually bothers me, I got firewalls and adware/spyware detection.
Bad1 is offline   Reply With Quote
Old 08-14-2003, 08:43 AM   #14
Seska
Guest
 
Posts: n/a
Well, adware/spyware dosnt really help, and firewalls do very little but block direct attacks. MSblast sneaks into your computer exploiting a security failure in your system. If the security failure is in IE, for example, malicious code can be run and installed on your PC through the port IE uses to connect to the net, thus allowing the code to slip THROUGH the firewall.

But yeah, I think the reason ME gets ignored so much is because so few people bother using the buggy thing.
  Reply With Quote
Old 08-14-2003, 09:31 AM   #15
mackensie
Wise Fool.
 
mackensie's Avatar
 
Join Date: Dec 2002
Location: live free or die
Posts: 409
and the point for multiple firewalls is what? one properly configured firewall is all you need (look at ANY corporation's firewall setup). anymore than one is pretty damned useless. Do you also have two front doors on your house?
__________________
Molder of today's tomorrow.
"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us." - Bill Watterson
Love can sweep you off your feet and carry you along in a way you've never known before. But the ride always ends, and you end up feeling lonely and bitter. Wait. It's not love I'm describing. I'm thinking of a monorail.
mackensie is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 03:35 PM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.