Just spent the last 30 mins racing some cracker script loser
Moderator: Thanas
Nuts! I'll ask people on msn if they have itphongn wrote:It's a worm that automatically replicates itself.Rye wrote:Where the fuck does it come from originally? It comes back if you delete it. It's located in windows/system32 iirc, and has an accompanying .pn file. there's also a weird file called "wowpost.exe" in system. It didn't say it was made by microsoft so i deleted that too.
WOWPOST is an ASPI driver. If you experience things like CD burning or ripping applications failing, figure out a way to get it back in.
[/dumbass]EBC|Fucking Metal|Artist|Androgynous Sexfiend|Gozer Kvltist|
Listen to my music! http://www.soundclick.com/nihilanth
"America is, now, the most powerful and economically prosperous nation in the country." - Master of Ossus
Listen to my music! http://www.soundclick.com/nihilanth
"America is, now, the most powerful and economically prosperous nation in the country." - Master of Ossus
-
Alan Bolte
- Sith Devotee
- Posts: 2611
- Joined: 2002-07-05 12:17am
- Location: Columbus, OH
Yeah, I just had to deal with that. Fuckers. Did you guys see the newspost on Penny Arcade? Funny shit.
Any job worth doing with a laser is worth doing with many, many lasers. -Khrima
There's just no arguing with some people once they've made their minds up about something, and I accept that. That's why I kill them. -Othar
Avatar credit
There's just no arguing with some people once they've made their minds up about something, and I accept that. That's why I kill them. -Othar
Avatar credit
-
lukexcom
- Padawan Learner
- Posts: 365
- Joined: 2003-01-04 03:49am
- Location: Ah, Northern Virginia. The lone island of stability in an ocean of recession.
- Contact:
Removal instructions of the W32.Blaster.Worm :
http://securityresponse.symantec.com/av ... assessment
Do what they say and you'll be fine.
http://securityresponse.symantec.com/av ... assessment
Do what they say and you'll be fine.
-Luke
-
MKSheppard
- Ruthless Genocidal Warmonger
- Posts: 29842
- Joined: 2002-07-06 06:34pm
http://securityresponse.symantec.com/av ... .worm.html
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
"If scientists and inventors who develop disease cures and useful technologies don't get lifetime royalties, I'd like to know what fucking rationale you have for some guy getting lifetime royalties for writing an episode of Full House." - Mike Wong
"The present air situation in the Pacific is entirely the result of fighting a fifth rate air power." - U.S. Navy Memo - 24 July 1944
"The present air situation in the Pacific is entirely the result of fighting a fifth rate air power." - U.S. Navy Memo - 24 July 1944
Axis Kast wrote:I have Zone Alarm up and running. That should keep me covered, no?
READ THE DAMN THREAD!
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
At least they used proper terminology. My local NBC station called it a "virus"lukexcom wrote:HERE is the SOURCE to ALL of our problems:
http://www.msnbc.com/news/951168.asp?0dm=B12PT
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
-
Keevan_Colton
- Emperor's Hand
- Posts: 10355
- Joined: 2002-12-30 08:57pm
- Location: In the Land of Logic and Reason, two doors down from Lilliput and across the road from Atlantis...
- Contact:
I got hit by this the other day....my little brother fucked up the firewall while I was away and I came home to a slowly dying computer.....
Fortunately its all better now.....
Fortunately its all better now.....
"Prodesse Non Nocere."
"It's all about popularity really, if your invisible friend that tells you to invade places is called Napoleon, you're a loony, if he's called Jesus then you're the president."
"I'd drive more people insane, but I'd have to double back and pick them up first..."
"All it takes for bullshit to thrive is for rational men to do nothing." - Kevin Farrell, B.A. Journalism.
BOTM - EBC - Horseman - G&C - Vampire
"It's all about popularity really, if your invisible friend that tells you to invade places is called Napoleon, you're a loony, if he's called Jesus then you're the president."
"I'd drive more people insane, but I'd have to double back and pick them up first..."
"All it takes for bullshit to thrive is for rational men to do nothing." - Kevin Farrell, B.A. Journalism.
BOTM - EBC - Horseman - G&C - Vampire
BE aware that running the removal tool does not guarantee that you won't see this again.
For best practise removal:
1. Disconnect from internet - you won't get RPC errors when not connected.
2. Go to My Computer -> MAnage - Services - RPC - Recovery and set all three fields at the top to 'take no action'. This stops the reboots.
3. Turn off System Restore (if using XP)
4. Download and install security patch 823980
5. Run the removal tool.
6. Reverse steps 2 & 3.
Earlier today the infection rate was so high that a vulnerable system could be infected within 30 seconds of connecting to the internet
For best practise removal:
1. Disconnect from internet - you won't get RPC errors when not connected.
2. Go to My Computer -> MAnage - Services - RPC - Recovery and set all three fields at the top to 'take no action'. This stops the reboots.
3. Turn off System Restore (if using XP)
4. Download and install security patch 823980
5. Run the removal tool.
6. Reverse steps 2 & 3.
Earlier today the infection rate was so high that a vulnerable system could be infected within 30 seconds of connecting to the internet
You disable it because if the computer has made a system checkpoint (or other restore point) whilst infected, it will considerately back up the virus for you as well.
Returning to that restore point will re-infect.
Disabling System Restore in Windows XP will delete all the restore points it's created, circumventing this problem.
Turning system restore off is good practise when dealing with any virus infection.
(All you need to do is go to System Properties -> System Restore, and click Turn off system restore for all drives)
Returning to that restore point will re-infect.
Disabling System Restore in Windows XP will delete all the restore points it's created, circumventing this problem.
Turning system restore off is good practise when dealing with any virus infection.
(All you need to do is go to System Properties -> System Restore, and click Turn off system restore for all drives)
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
The patch is from Microsoft.
You can't configure port blocking on bog standard Zonealarm, you can only use the default configuration for what type of packet is allowed to communicate to what port. (which basically only incudes HTTP to port 80, and mail/news protocols to the respective ports)
This is overridden if the packet is part of an active communication session with a program that's secured as a server program on your system.
You can't configure port blocking on bog standard Zonealarm, you can only use the default configuration for what type of packet is allowed to communicate to what port. (which basically only incudes HTTP to port 80, and mail/news protocols to the respective ports)
This is overridden if the packet is part of an active communication session with a program that's secured as a server program on your system.
-
Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
Until the next bug comes out into the open, supposedly.Axis Kast wrote:I got a bunch of critical updates last night. I should be all right then?
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF