Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

New microsoft worm patchs (W32/Blaster worm)

Options

Comments

  • Options
    #2
    Eurorunner
    Closed Accounts Posts: 2,393 ✭✭✭Eurorunner


    If applying the patch after the fact, then you will still need to remove the worm.

    Symantecs worm removal tool here


  • Options
    #3
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Eurorunner
    If applying the patch after the fact, then you will still need to remove the worm.

    Symantecs worm removal tool here

    McAfee have named this virus W32 Lovsan.worm
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547


    Symantec are calling the virus W32.blaster.worm
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html



    The second link is a removal tool and can be e-mailed to customers. It is not unusual to have different names for a virus in its early stages.

    The W32 prefix refers to the fact that it is a Windows vulnerability and is 32 bit


  • Options
    #4
    Washout
    Registered Users Posts: 2,911 ✭✭✭Washout


    god this thing is causing some major havoc


  • Options
    #5
    MarkR
    Moderators, Regional Midwest Moderators Posts: 11,064 Mod ✭✭✭✭MarkR


    I'm in tech support for a brand of notebook. 95% of my callers this morning are infected. Makes troubleshooting easy though!


  • Options
    #6
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    tell me about it serious amounts of people are having issues.


  • Advertisement
  • Options
    #7
    zAbbo
    Registered Users Posts: 11,987 ✭✭✭✭zAbbo


    On a 50 user n/w here, dont know if its related but services running on the server are stopping after 30 mins


  • Options
    #8
    MarkR
    Moderators, Regional Midwest Moderators Posts: 11,064 Mod ✭✭✭✭MarkR


    Are you getting an error message advising something about a remote procedure call and shutting down in 60 seconds? If so, then yes! There was something about w32 as well I think..

    Mark


  • Options
    #9
    zAbbo
    Registered Users Posts: 11,987 ✭✭✭✭zAbbo


    It wont allow the MS Exchange Info Store to start/restart

    One of the dependencies of Info Store is RPC


  • Options
    #10
    ednwireland
    Registered Users Posts: 14,315 ✭✭✭✭ednwireland


    the worm alos broadcasts on port 135 and can cause services to crash you need to block port 4444 on your firewall to prevent reinfection after cleaning and apply the patches mentioned in a previous post

    My weather

    https://www.ecowitt.net/home/share?authorize=96CT1F



  • Options
    #11
    Cake Fiend
    Registered Users Posts: 5,335 ✭✭✭Cake Fiend


    Lads, this bug has been known about (and the relevant patch available) for weeks now, there's not much excuse for not having it sorted by now tbh.
    And don't forget to scan your drives after patching / running the msblaster removal tool, your machine could be trojaned.


  • Advertisement
  • Options
    #12
    Zaphod B
    Closed Accounts Posts: 418 ✭✭Zaphod B


    Er NO, there's not much excuse for the fvckers who did this. Cliched and vindictive it may be, but some stringing up by the balls is definately in order.

    And why are we saying that if we were as l337 as you we wouldn't have any problems? I ran the fix, I deleted the registry key it left behind as I was told to... and I now can't download any windows updates at all.


  • Options
    #13
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Sico
    Lads, this bug has been known about (and the relevant patch available) for weeks now, there's not much excuse for not having it sorted by now tbh.
    And don't forget to scan your drives after patching / running the msblaster removal tool, your machine could be trojaned.


    Since the 25th of july, not too long to be honest, worms where forcasted but not this soon, some iss reports where saying six months down the line.

    Lets remember guys the normal home user is not checking windows update every day to be honest and are not on any mailing lists.

    This is causing a lot of issues and it will remain to for weeks to come.


  • Options
    #14
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    I also saw on the ms knowladge base them thanking lsd for bringing the RPC flaw to them first which was nice.


  • Options
    #15
    Cake Fiend
    Registered Users Posts: 5,335 ✭✭✭Cake Fiend


    Fairly surprised myself to see MS mention LSD on the info page. I wouldn't have expected them to willingly admit that they needed outside help.


  • Options
    #16
    Stonemason
    Closed Accounts Posts: 674 ✭✭✭Stonemason


    For those suffering from this worm and cant stay online long enough to download the patch try this

    Star /Run / and type services.msc

    Remote Procedure (RPC) Right click goto properties/ select recovery tab and select Take no action on all three.

    Now you wont be rebooted before you can download the patch.


  • Options
    #17
    Cake Fiend
    Registered Users Posts: 5,335 ✭✭✭Cake Fiend


    Or just type shutdown /a from a command prompt...


  • Options
    #18
    gurramok
    Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    I wasnt infected but i applied the patch in case for win2k.
    But on microsoft page it said to enable tcp/ip filtering patch page , which i did.

    And voila after reboot, nothing connects to net, only irc does, nothing outside is pingable.
    So i disable tcp/ip filtering and everything is ok again !!

    Talk about misleading advice ? :)


Advertisement