Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

New microsoft worm patchs (W32/Blaster worm)

Comments

  • Closed Accounts Posts: 2,393 ✭✭✭Eurorunner


    If applying the patch after the fact, then you will still need to remove the worm.

    Symantecs worm removal tool here


  • Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Eurorunner
    If applying the patch after the fact, then you will still need to remove the worm.

    Symantecs worm removal tool here

    McAfee have named this virus W32 Lovsan.worm
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547


    Symantec are calling the virus W32.blaster.worm
    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html



    The second link is a removal tool and can be e-mailed to customers. It is not unusual to have different names for a virus in its early stages.

    The W32 prefix refers to the fact that it is a Windows vulnerability and is 32 bit


  • Registered Users, Registered Users 2 Posts: 2,912 ✭✭✭Washout


    god this thing is causing some major havoc


  • Moderators, Regional Midwest Moderators Posts: 11,183 Mod ✭✭✭✭MarkR


    I'm in tech support for a brand of notebook. 95% of my callers this morning are infected. Makes troubleshooting easy though!


  • Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    tell me about it serious amounts of people are having issues.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    On a 50 user n/w here, dont know if its related but services running on the server are stopping after 30 mins


  • Moderators, Regional Midwest Moderators Posts: 11,183 Mod ✭✭✭✭MarkR


    Are you getting an error message advising something about a remote procedure call and shutting down in 60 seconds? If so, then yes! There was something about w32 as well I think..

    Mark


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    It wont allow the MS Exchange Info Store to start/restart

    One of the dependencies of Info Store is RPC


  • Registered Users, Registered Users 2 Posts: 14,575 ✭✭✭✭ednwireland


    the worm alos broadcasts on port 135 and can cause services to crash you need to block port 4444 on your firewall to prevent reinfection after cleaning and apply the patches mentioned in a previous post


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Lads, this bug has been known about (and the relevant patch available) for weeks now, there's not much excuse for not having it sorted by now tbh.
    And don't forget to scan your drives after patching / running the msblaster removal tool, your machine could be trojaned.


  • Advertisement
  • Closed Accounts Posts: 418 ✭✭Zaphod B


    Er NO, there's not much excuse for the fvckers who did this. Cliched and vindictive it may be, but some stringing up by the balls is definately in order.

    And why are we saying that if we were as l337 as you we wouldn't have any problems? I ran the fix, I deleted the registry key it left behind as I was told to... and I now can't download any windows updates at all.


  • Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Sico
    Lads, this bug has been known about (and the relevant patch available) for weeks now, there's not much excuse for not having it sorted by now tbh.
    And don't forget to scan your drives after patching / running the msblaster removal tool, your machine could be trojaned.


    Since the 25th of july, not too long to be honest, worms where forcasted but not this soon, some iss reports where saying six months down the line.

    Lets remember guys the normal home user is not checking windows update every day to be honest and are not on any mailing lists.

    This is causing a lot of issues and it will remain to for weeks to come.


  • Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    I also saw on the ms knowladge base them thanking lsd for bringing the RPC flaw to them first which was nice.


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Fairly surprised myself to see MS mention LSD on the info page. I wouldn't have expected them to willingly admit that they needed outside help.


  • Closed Accounts Posts: 674 ✭✭✭Stonemason


    For those suffering from this worm and cant stay online long enough to download the patch try this

    Star /Run / and type services.msc

    Remote Procedure (RPC) Right click goto properties/ select recovery tab and select Take no action on all three.

    Now you wont be rebooted before you can download the patch.


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Or just type shutdown /a from a command prompt...


  • Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    I wasnt infected but i applied the patch in case for win2k.
    But on microsoft page it said to enable tcp/ip filtering patch page , which i did.

    And voila after reboot, nothing connects to net, only irc does, nothing outside is pingable.
    So i disable tcp/ip filtering and everything is ok again !!

    Talk about misleading advice ? :)


Advertisement