| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
MSBlast Patches and Fixes | |
|
||
| Time: 15:48 EST/20:48 GMT | News Source: ActiveWin.com | Posted By: Alex Harris | ||
|
Here is the information about the Worm and fixes and removal tools to remove the virus: PSS Security Response Team Alert - New Worm: W32.Blaster.worm [Microsoft] WHAT IS IT? The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. This virus is also known as: W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer Associates). Best practices, such as applying security patch MS03-026 should prevent infection from this worm. Customers that have previously applied the security patch MS03-026 before today are protected and no further action is required. TECHNICAL DETAILS: This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026. Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill Symptoms of the virus: Some customers may not notice any symptoms at all. A typical symptom is the system is rebooting every few minutes without user input. Customers may also see:
To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest anti-virus software signature from your anti-virus vendor and scan your machine. Here are links to the patches to stop this worm attacking again: If you already have the worm on your PC and you need to remove it then here is the information and links to the Symantec site: W32.Blaster.Worm Removal Tool [Symantec] Symantec Security Response has developed a removal tool to clean the W32.Blaster.Worm infections. What the tool does:
You can download the removal tool from here. Obtaining and running the tool
I know this is a very long post, but from work today at PC World in the UK we created discs with the removal tool and patch on it and had at least 30 people throughout the day come in saying they had this, so it is very widespread. Please note if you have already installed the patch MS03-06 then you are already protected. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
9:55:55 PM
ET.
Any comment problems? E-mail us |
| #1 By 2960 (156.80.64.105) at 8/12/2003 4:45:18 PM |
|
THIS THING IS A FREAKIN' NIGHTMARE!
TL |
| #2 By 2960 (156.80.64.105) at 8/12/2003 4:47:08 PM |
|
Oh, and FYI... It can also wreak havoc with Office 2000 installations. Watch for SVCHOST and DCOM errors.
TL |
| #3 By 20 (67.9.179.51) at 8/12/2003 5:21:37 PM |
|
Remember folks, patch early, patch often.
AND DON'T PUT BOXES DIRECTLY ON THE FRIGGIN INTERNET geez, you'd think after like 6-8 years of this stuff, people would get the hint. |
| #4 By 20 (67.9.179.51) at 8/12/2003 5:34:28 PM |
|
MS should take that $46 billion and pay 35 million (that's about how many internet users there are in the US) people from the 3rd world about $1280 (which is a small fortune to them) to go to each Internet-user's house and stand by their computer and load patches whenever they come out.
Because, that's the only thing that'll keep people patched up, because a month's warning and patches, and fixes, and alerts just don't seem to work. |
| #5 By 3 (62.253.128.7) at 8/12/2003 5:35:42 PM |
| Majority of patch reports will go un-noticed by probably 95% of users as most home users etc won't go looking for patches at all. |
| #6 By 20 (67.9.179.51) at 8/12/2003 5:40:45 PM |
|
I don't know how people ignore that globe in the systray that pops up every friggin' 5 seconds and annoys you about patches, because it drives me insane.
I apply those patches just so it'll shut the heck up. :) |
| #7 By 20 (67.9.179.51) at 8/12/2003 5:44:00 PM |
|
#7: Install the MBSA, create an automated script that runs the HFNetChk (I have one if you need it) and emails it to you daily.
When patches appear, download them and add them to a batch file which runs them all. When your lowest time of the day hits (usually 3am), run the batch file to install the patches and reboot. If you don't want to be awake at 3am, then test it a couple times on a Sunday at midnight and once you're comfortable with it, schedule it to run at 3am when you have patches to install that day. Oh yeah, one more thing, all the new patches are chainable. You can run them with certain switches so you don't have to reboot after each one. The arguments are /Z /Q (chainable, quiet). Run all your patches in ascending order from a batch file with those arguments and then do just one reboot. This post was edited by daz on Tuesday, August 12, 2003 at 18:03. |
| #8 By 415 (199.8.71.121) at 8/12/2003 6:22:45 PM |
| lol Steven |
| #9 By 12071 (203.185.215.149) at 8/12/2003 8:21:01 PM |
|
#9: "I apply those patches just so it'll shut the heck up. :)"
Maybe because those people who are annoyed with it popping up all the time do something about it other than click on it, i.e. they go and disable it so that it doesn't bother them again in the future. #13 Thanks for the heads up. Time to get the patch for the patch. |
| #10 By 9589 (68.17.52.2) at 8/12/2003 10:01:53 PM |
|
#7 - Install Windows Server 2003 Web Edition on your web server. Buy a second server. Install Windows Server 2003 Web Edition on it as well. Set them up as a Network Load Balanced cluster.
Now, whenever you have to reboot just take one of the two off the cluster and reboot it. Bring it back up and, in turn, do the same for the second one. You'll never be "off the air" again. You'll can approach 100% uptime with this technique and the cost of Web Edition is about $400 a copy. That is dirt cheap in my estimation. A bonus is that IIS 6.0 runs faster than IIS 5.0 and is more secure. Also, there is an NLB Manager utility that makes setting up, adding or subtracting from the NLB cluster and checking the status of it much easier than in Windows 2000 Advanced Server. |
| #11 By 2332 (216.41.45.78) at 8/13/2003 3:51:10 PM |
|
#6 - 35 million (that's about how many internet users there are in the US)
Actually, there are closer to 80 million people online in the US. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
9:55:55 PM
ET.
Any comment problems? E-mail us |
