Users with Windows NT/2K/XP gather hither, security update

[Crayz9000]

Well, if they got full access, who knows what the hell they did to your box. Just deleting a couple files can throw Windows into complete chaos.

[lukexcom]

This all sounds suspiciously like Nimda or some other worm at work here. If you still have access to the search tool, find any file that has the extension "eml" on your hard drive. In other words, type in "*.eml" w/o quotes into the search bar. If you get a ton of them, then it means that you most likely have Nimda or a similar worm infecting your computer.

Either way, by now your system is most likely unrecoverable. If it is a worm, then you'll have to format. Hell, run fdisk and fry your partitions just to be safe.

When I discovered a worm on my network (nimda32 version E), I lost one computer's contents and my whole network got infected. The other computers recovered though.

[EmperorMing]

This bug just shut down one client network, and a big one at that. Exchange servers, produciton servers, you name it...

[TrailerParkJawa]

I should have d/l 'd the update but I have not run it yet. Im behind a firewall and sometimes a router using NAT. I should check my logs to see if anyone is probing. I just got DSL moved to this house about a week ago. Whats cool is even though Im in a different county I got to retain the same static IP.

[lukexcom]

This bug just shut down one client network, and a big one at that. Exchange servers, produciton servers, you name it...

Time to bring out the heavy artillery: Skynet. I'm looking forward to 6:18 PM tommorow. (dons NBC suit and waits)

[phongn]

This bug just shut down one client network, and a big one at that. Exchange servers, produciton servers, you name it...

Ugh. Apparently if you get infected with this thing, RPC goes down and takes down much of Windows with it - patch or no patch.

[Vertigo1]

You know what's great? The "fix" that Microsoft released DOESN'T work! I'm in still in the process of reloading everything because of it. I had to download 40MB of updates because the frelling Windows Update deletes the temp files it creates! (extremely annoying) As soon as I finish this post, I'm locking down every port with the exception of those that I need. (Good thing all the fucker did was keep my comp from loading explorer.exe. I could still use IE to access Windows Explorer to backup my data, after I scanned my machine from safe mode.)

This asshole better pray that I don't find out where he/she lives. If I do.....GALLAGHER SMASH TIME!

[His Divine Shadow]

What do you mean doesn't work?
Mine seemed to work.

[Vertigo1]

What do you mean doesn't work?

Umm....as in it failed to prevent what it was supposed to fix in the first place!

Now if you'll excuse me, I've got some games to re-install.

*pops in Freespace 2 CD*

[Faram]

Old update.

Here is a good read about it. Linky MS

Futher down in that text there is a DL location for the patch.

[Hethrir]

heh heh, and now MS Blaster takes advantage of the exploit. Symantec link here... http://securityresponse.symantec.com/av ... .worm.html

[phongn]

You know what's great? The "fix" that Microsoft released DOESN'T work! I'm in still in the process of reloading everything because of it. I had to download 40MB of updates because the frelling Windows Update deletes the temp files it creates! (extremely annoying) As soon as I finish this post, I'm locking down every port with the exception of those that I need. (Good thing all the fucker did was keep my comp from loading explorer.exe. I could still use IE to access Windows Explorer to backup my data, after I scanned my machine from safe mode.)

Did you clear out MSBLAST first? Even when you install the patch you still have to nuke it, and you need to firewall your box.

[Vertigo1]

You know what's great? The "fix" that Microsoft released DOESN'T work! I'm in still in the process of reloading everything because of it. I had to download 40MB of updates because the frelling Windows Update deletes the temp files it creates! (extremely annoying) As soon as I finish this post, I'm locking down every port with the exception of those that I need. (Good thing all the fucker did was keep my comp from loading explorer.exe. I could still use IE to access Windows Explorer to backup my data, after I scanned my machine from safe mode.)

Did you clear out MSBLAST first? Even when you install the patch you still have to nuke it, and you need to firewall your box.

Oddly enough, it is firewalled. However, I just started using a new software firewall at the time, and hadn't finished setting up the rules. (Went from AtGuard 3.22 to Norton's PF, which is just an upgraded version of Atguard that got n00bified. I'm only using this until I find something better.)

[Uraniun235]

Long since patched.

Apparently if you get infected with this thing

It's not a specific "bug"... it's an exploit in the RPC service. A lot of tools out there right now that take advantage of it have a tendency to crash RPC while they're doing it and hence the 60-second "Windows will restart now" countdown.

BUT, sometimes they get in without crashing RPC... and then they have complete, total, unrestricted access to your computer, with all the rights of SYSTEM.

Then they can do as they please. Infect you with viruses, look at your files, plant trojans on your system... there's going to be some massive DDOS attacks stemming from this, I'm sure, because a lot of people will just patch and not clean their system of viruses. I've heard there's already one supposedly going to happen against the Windows Update website (which should be known by heart to any Windows user) on the 16th or something like that.

[Trytostaydead]

You know what this is.. right?

SKYNET IS TRYING TO TAKE OVER THE WORLD!!

Damn, actually now that I'm talking to my friends and such.. it seems like a lot of people, those security patches Microsoft put up really fucked with their computers as well. What's going on?

[phongn]

Correct. Infected computers will execute a DOS attack on WindowsUpdate on the 16th.

[Uraniun235]

I've been meaning to install a firewall. Can anyone make some good recommendations?

W2K and WXP have a built-in firewall. Kerio is a good solution if you want to block outgoing stuff.

God, I took two years of high school classes involving Windows 2000, I feel like such a fool... where do I find the W2K firewall?

[phongn]

Go into your Network Connections and open up the relevant one. Fire up the properties and go into TCP/IP properties. Head into Advanced, then into the Options tab. TCP/IP Filtering (IPSEC) should be there.