Virus

Discussion in 'Mountain Bikes' started by Nelson Binch, Aug 12, 2003.

Thread Status:
Not open for further replies.
  1. Nelson Binch

    Nelson Binch Guest

    I suspect somebody on this group has been infected with a virus. I received an email containing a
    worm with the subject speaking of Disk Brakes, which was caught and killed by my antivirus. It came
    via my [email protected] address, which is only used for newsgroups.

    Time to update and scan, folks, especially with this Lovesan bug going around.

    ---
    __o _`\(,_ Cycling is life, (_)/ (_) all the rest, just details. Nelson Binch =^o.o^=
    http://intergalax.com

    Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 -
    Release Date: 8/12/2003
     
    Tags:


  2. Merlin

    Merlin Guest

    Nelson Binch <[email protected]> spoke thusly...
    > I suspect somebody on this group has been infected with a virus. I received an email containing a
    > worm with the subject speaking of Disk Brakes, which was caught and killed by my antivirus. It
    > came via my [email protected] address, which is only used for newsgroups.
    >
    > Time to update and scan, folks, especially with this Lovesan bug going around.
    >

    And let us not forget the worm that exploits an RPC leak.

    anybody happen to have a process running called msblast? how about unexplained restarts?

    http://www.bigblackglasses.com/Article.aspx?Article=342

    i just got over a hit from it last night on two of my workstations. cleaver little worm. without
    network/internet isolation, it is nearly impossible to stop it long enough to patch the system.

    I actually found the challenge quite entertaining. while doing research online about it, it
    restarted my internet gateway system 50something times. at least it was nice enough to give me a
    minute to bookmark the pages i was reading.

    and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
    good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
    (with the addition of the patch).
    --
    ~Travis

    http://www.megalink.net/~farmers/
     
  3. Chris

    Chris Guest

    "Merlin" <[email protected]> wrote in message news:[email protected]...

    >
    > And let us not forget the worm that exploits an RPC leak.
    >
    > anybody happen to have a process running called msblast? how about unexplained restarts?
    >
    > http://www.bigblackglasses.com/Article.aspx?Article=342
    >
    > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
    > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
    >
    > I actually found the challenge quite entertaining. while doing research online about it, it
    > restarted my internet gateway system 50something times. at least it was nice enough to give me a
    > minute to bookmark the pages i was reading.
    >
    > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
    > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
    > (with the addition of the patch).
    > --
    > ~Travis
    >
    > http://www.megalink.net/~farmers/
    >

    I had the same restart problem when connecting, called the ISP and was told it was a Windows
    problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS recommended the
    firewall. I enabled it, and well, it works so far.

    I can't find msblast.exe on my box anywhere...is there a patch/fix somewhere that you know of?

    Chris
     
  4. Chris

    Chris Guest

    "Chris" <[email protected]> wrote in message
    news:[email protected]...

    > I had the same restart problem when connecting, called the ISP and was
    told
    > it was a Windows problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS
    > recommended the firewall. I enabled it, and well, it works so far.
    >
    > I can't find msblast.exe on my box anywhere...is there a patch/fix
    somewhere
    > that you know of?
    >
    > Chris
    >

    Nevermind...I looked at your link, as I should have done in the first place, at all is well.

    Chris
     
  5. Merlin

    Merlin Guest

    Chris <[email protected]> spoke thusly...
    >
    > "Chris" <[email protected]> wrote in message
    > news:[email protected]...
    >
    > > I had the same restart problem when connecting, called the ISP and was
    > told
    > > it was a Windows problem...so, in the forty-odd seconds I had before a restart initiated, I saw
    > > MS recommended the firewall. I enabled it, and well, it works so far.
    > >
    > > I can't find msblast.exe on my box anywhere...is there a patch/fix
    > somewhere
    > > that you know of?
    > >
    > > Chris
    > >
    >
    > Nevermind...I looked at your link, as I should have done in the first place, at all is well.
    >
    > Chris
    >
    >
    >

    the file would be located in your c:\windows\system32 folder (maybe it is hidden. i always have my
    files set to show all). a simple file search will find it if it is there. if it is not there,
    could be another variation of the worm (or another one completely). the patch and firewall should
    fix it anyway.
    --
    ~Travis

    http://www.megalink.net/~farmers/
     
  6. Jimbo(san)

    Jimbo(san) New Member

    Joined:
    Jul 24, 2003
    Messages:
    302
    Likes Received:
    0
     
  7. Wanguard

    Wanguard Guest

    "Nelson Binch" <[email protected]> wrote in message
    news:[email protected]...
    > I suspect somebody on this group has been infected with a virus. I
    received
    > an email containing a worm with the subject speaking of Disk Brakes, which was caught and killed
    > by my antivirus. It came via my [email protected] address, which is only used for newsgroups.
    >
    > Time to update and scan, folks, especially with this Lovesan bug going around.
    >
    >
    > ---
    > __o _`\(,_ Cycling is life, (_)/ (_) all the rest, just details. Nelson Binch =^o.o^=
    > http://intergalax.com
    >
    > Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306
    > - Release Date: 8/12/2003
    >

    I started to get frequent messages today "svchost.exe has generated errors ...", after that copy,
    paste, some GUI actions where disabled etc. I found following post and at the and there is a patch
    for it. Just install it, will se if everything is OK.

    http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20621670.html#85 55880

    D'amir
     
  8. crazy6r54

    crazy6r54 Guest

    And someone was bad mouthing web tv. Ha ha we don.t get sick from Viruses

    Fire up MTB 03
     
  9. Merlin

    Merlin Guest

    [email protected] <[email protected]> spoke thusly...
    > And someone was bad mouthing web tv. Ha ha we don.t get sick from Viruses
    >
    > Fire up MTB 03
    >
    >

    Ahh, nothing like the pleasure of full dolby digital audio while i play my 3D video games. and the
    screen resolution is unbelievable.
    --
    ~Travis "i will never move to webtv, never"

    http://www.megalink.net/~farmers/
     
  10. On Tue, 12 Aug 2003 19:40:56 -0400, Merlin <[email protected]> wrote:

    >[email protected] <[email protected]> spoke thusly...
    >> And someone was bad mouthing web tv. Ha ha we
    don.t
    >> get sick from Viruses
    >>
    >> Fire up MTB 03
    >>
    >>
    >
    >Ahh, nothing like the pleasure of full dolby digital audio while i
    play
    >my 3D video games. and the screen resolution is unbelievable.

    Ah, the only problem with building a new 3 ghz system from scratch.

    I forgot to import my kill files.

    Shame on me.
     
  11. Merlin

    Merlin Guest

    P e t e F a g e r l i n <[email protected]> spoke thusly...
    > On Tue, 12 Aug 2003 19:40:56 -0400, Merlin <[email protected]> wrote:
    >
    > >[email protected] <[email protected]> spoke thusly...
    > >> And someone was bad mouthing web tv. Ha ha we
    > don.t
    > >> get sick from Viruses
    > >>
    > >> Fire up MTB 03
    > >>
    > >>
    > >
    > >Ahh, nothing like the pleasure of full dolby digital audio while i
    > play
    > >my 3D video games. and the screen resolution is unbelievable.
    >
    > Ah, the only problem with building a new 3 ghz system from scratch.
    >
    > I forgot to import my kill files.
    >
    > Shame on me.
    >
    >

    nice to see you too. but of course, the irony is blinding.
    --
    ~Travis

    http://www.megalink.net/~farmers/
     
  12. M&M

    M&M Guest

    "Chris" <[email protected]> wrote in message
    news:<[email protected]>...
    > "Merlin" <[email protected]> wrote in message news:[email protected]...
    >
    > >
    > > And let us not forget the worm that exploits an RPC leak.
    > >
    > > anybody happen to have a process running called msblast? how about unexplained restarts?
    > >
    > > http://www.bigblackglasses.com/Article.aspx?Article=342
    > >
    > > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
    > > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
    > >
    > > I actually found the challenge quite entertaining. while doing research online about it, it
    > > restarted my internet gateway system 50something times. at least it was nice enough to give me a
    > > minute to bookmark the pages i was reading.
    > >
    > > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
    > > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for
    > > now (with the addition of the patch).
    > > --
    > > ~Travis
    > >
    > > http://www.megalink.net/~farmers/
    > >
    >
    > I had the same restart problem when connecting, called the ISP and was told it was a Windows
    > problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS recommended the
    > firewall. I enabled it, and well, it works so far.
    >
    > I can't find msblast.exe on my box anywhere...is there a patch/fix somewhere that you know of?
    >
    > Chris

    http://www.symantec.com They have the removal tool .

    M&M
     
  13. Bomba

    Bomba Guest

  14. Jimbo(san)

    Jimbo(san) New Member

    Joined:
    Jul 24, 2003
    Messages:
    302
    Likes Received:
    0
    <Originally posted by Bomba
    > http://www.symantec.com They have the removal tool .

    Which is fine if you already have the virus, but will not prevent you from getting infected in the
    first place. Prevention is always best, so for those of you with XP or W2k, get the RPC patch from
    the M$ website

    bomba - who's spent all day helping the LAN admin to cure the network...>

    Actually the cool thing Symantec did was offer the Microsoft link for the patch at the end of the scan. So it is right there for you.

    ---> Hundreds of clueless e/u all calling at once... "I got worms"


    Jimbo(san)
     
  15. T_blood

    T_blood Guest

    "Merlin" <[email protected]> wrote in message news:[email protected]...
    > Nelson Binch <[email protected]> spoke thusly...
    > > I suspect somebody on this group has been infected with a virus. I
    received
    > > an email containing a worm with the subject speaking of Disk Brakes,
    which
    > > was caught and killed by my antivirus. It came via my [email protected] address, which is
    > > only used for newsgroups.
    > >
    > > Time to update and scan, folks, especially with this Lovesan bug going around.
    > >
    >
    > And let us not forget the worm that exploits an RPC leak.
    >
    > anybody happen to have a process running called msblast? how about unexplained restarts?
    >
    > http://www.bigblackglasses.com/Article.aspx?Article=342
    >
    > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
    > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
    >
    > I actually found the challenge quite entertaining. while doing research online about it, it
    > restarted my internet gateway system 50something times. at least it was nice enough to give me a
    > minute to bookmark the pages i was reading.
    >
    > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
    > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
    > (with the addition of the patch).
    > --
    > ~Travis
    >
    > http://www.megalink.net/~farmers/

    while it is shutting the system down does it give a window stating something about remote procedure
    or something? If so then I think a friend of mine has
    it.
     
  16. Merlin

    Merlin Guest

    T_Blood <[email protected]> spoke thusly...
    >
    > "Merlin" <[email protected]> wrote in message news:[email protected]...
    > > Nelson Binch <[email protected]> spoke thusly...
    > > > I suspect somebody on this group has been infected with a virus. I
    > received
    > > > an email containing a worm with the subject speaking of Disk Brakes,
    > which
    > > > was caught and killed by my antivirus. It came via my [email protected] address, which is
    > > > only used for newsgroups.
    > > >
    > > > Time to update and scan, folks, especially with this Lovesan bug going around.
    > > >
    > >
    > > And let us not forget the worm that exploits an RPC leak.
    > >
    > > anybody happen to have a process running called msblast? how about unexplained restarts?
    > >
    > > http://www.bigblackglasses.com/Article.aspx?Article=342
    > >
    > > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
    > > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
    > >
    > > I actually found the challenge quite entertaining. while doing research online about it, it
    > > restarted my internet gateway system 50something times. at least it was nice enough to give me a
    > > minute to bookmark the pages i was reading.
    > >
    > > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
    > > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for
    > > now (with the addition of the patch).
    > > --
    > > ~Travis
    > >
    > > http://www.megalink.net/~farmers/
    >
    > while it is shutting the system down does it give a window stating something about remote
    > procedure or something? If so then I think a friend of mine has
    > it.
    >
    >
    >

    that would be the one. the worm name may be different, but the leak in the RPC service is the same.
    have your friend download the patch (there is a link to the M$ website for the patch within that
    other link i gave).
    --
    ~Travis

    http://www.megalink.net/~farmers/
     
  17. M&M

    M&M Guest

    bomba <[email protected]> wrote in message news:<[email protected]>...
    > M&M wrote:
    >
    > > http://www.symantec.com They have the removal tool .
    >
    > Which is fine if you already have the virus, but will not prevent you from getting infected in the
    > first place. Prevention is always best, so for those of you with XP or W2k, get the RPC patch from
    > the M$ website
    >
    > bomba - who's spent all day helping the LAN admin to cure the network...

    Got it on my most recent XP update patch ( tonight ) . Double checked on the M$ site and the patch
    is already in my system .

    M&M
     
Loading...
Thread Status:
Not open for further replies.
Loading...