Virus



Status
Not open for further replies.
N

Nelson Binch

Guest
I suspect somebody on this group has been infected with a virus. I received an email containing a
worm with the subject speaking of Disk Brakes, which was caught and killed by my antivirus. It came
via my [email protected] address, which is only used for newsgroups.

Time to update and scan, folks, especially with this Lovesan bug going around.

---
__o _`\(,_ Cycling is life, (_)/ (_) all the rest, just details. Nelson Binch =^o.o^=
http://intergalax.com

Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 -
Release Date: 8/12/2003
 
Nelson Binch <[email protected]> spoke thusly...
> I suspect somebody on this group has been infected with a virus. I received an email containing a
> worm with the subject speaking of Disk Brakes, which was caught and killed by my antivirus. It
> came via my [email protected] address, which is only used for newsgroups.
>
> Time to update and scan, folks, especially with this Lovesan bug going around.
>

And let us not forget the worm that exploits an RPC leak.

anybody happen to have a process running called msblast? how about unexplained restarts?

http://www.bigblackglasses.com/Article.aspx?Article=342

i just got over a hit from it last night on two of my workstations. cleaver little worm. without
network/internet isolation, it is nearly impossible to stop it long enough to patch the system.

I actually found the challenge quite entertaining. while doing research online about it, it
restarted my internet gateway system 50something times. at least it was nice enough to give me a
minute to bookmark the pages i was reading.

and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
(with the addition of the patch).
--
~Travis

http://www.megalink.net/~farmers/
 
"Merlin" <[email protected]> wrote in message news:[email protected]...

>
> And let us not forget the worm that exploits an RPC leak.
>
> anybody happen to have a process running called msblast? how about unexplained restarts?
>
> http://www.bigblackglasses.com/Article.aspx?Article=342
>
> i just got over a hit from it last night on two of my workstations. cleaver little worm. without
> network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
>
> I actually found the challenge quite entertaining. while doing research online about it, it
> restarted my internet gateway system 50something times. at least it was nice enough to give me a
> minute to bookmark the pages i was reading.
>
> and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
> good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
> (with the addition of the patch).
> --
> ~Travis
>
> http://www.megalink.net/~farmers/
>

I had the same restart problem when connecting, called the ISP and was told it was a Windows
problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS recommended the
firewall. I enabled it, and well, it works so far.

I can't find msblast.exe on my box anywhere...is there a patch/fix somewhere that you know of?

Chris
 
"Chris" <[email protected]> wrote in message
news:[email protected]...

> I had the same restart problem when connecting, called the ISP and was
told
> it was a Windows problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS
> recommended the firewall. I enabled it, and well, it works so far.
>
> I can't find msblast.exe on my box anywhere...is there a patch/fix
somewhere
> that you know of?
>
> Chris
>

Nevermind...I looked at your link, as I should have done in the first place, at all is well.

Chris
 
Chris <[email protected]> spoke thusly...
>
> "Chris" <[email protected]> wrote in message
> news:[email protected]...
>
> > I had the same restart problem when connecting, called the ISP and was
> told
> > it was a Windows problem...so, in the forty-odd seconds I had before a restart initiated, I saw
> > MS recommended the firewall. I enabled it, and well, it works so far.
> >
> > I can't find msblast.exe on my box anywhere...is there a patch/fix
> somewhere
> > that you know of?
> >
> > Chris
> >
>
> Nevermind...I looked at your link, as I should have done in the first place, at all is well.
>
> Chris
>
>
>

the file would be located in your c:\windows\system32 folder (maybe it is hidden. i always have my
files set to show all). a simple file search will find it if it is there. if it is not there,
could be another variation of the worm (or another one completely). the patch and firewall should
fix it anyway.
--
~Travis

http://www.megalink.net/~farmers/
 
Originally posted by Merlin
Chris <[email protected]> spoke thusly...
>
> "Chris" <[email protected]> wrote in message
> news:[email protected]...
>
> > I had the same restart problem when connecting, called the ISP and was
> told
> > it was a Windows problem...so, in the forty-odd seconds I had before a restart initiated, I saw
> > MS recommended the firewall. I enabled it, and well, it works so far.
> >
> > I can't find msblast.exe on my box anywhere...is there a patch/fix
> somewhere
> > that you know of?
> >
> > Chris
> >
>
> Nevermind...I looked at your link, as I should have done in the first place, at all is well.
>
> Chris
>
>
>

the file would be located in your c:\windows\system32 folder (maybe it is hidden. i always have my
files set to show all). a simple file search will find it if it is there. if it is not there,
could be another variation of the worm (or another one completely). the patch and firewall should
fix it anyway.
--
~Travis

I went into Admin Tools, services and changed the RPC's recovery to Restart Protocol on first failure and no action in any either instance... worked for me to keep the connection alive until I could go to Microsoft and DL the patch.



Jimbo(san)

http://www.megalink.net/~farmers/
Click to expand...
 
"Nelson Binch" <[email protected]> wrote in message
news:[email protected]...
> I suspect somebody on this group has been infected with a virus. I
received
> an email containing a worm with the subject speaking of Disk Brakes, which was caught and killed
> by my antivirus. It came via my [email protected] address, which is only used for newsgroups.
>
> Time to update and scan, folks, especially with this Lovesan bug going around.
>
>
> ---
> __o _`\(,_ Cycling is life, (_)/ (_) all the rest, just details. Nelson Binch =^o.o^=
> http://intergalax.com
>
> Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306
> - Release Date: 8/12/2003
>

I started to get frequent messages today "svchost.exe has generated errors ...", after that copy,
paste, some GUI actions where disabled etc. I found following post and at the and there is a patch
for it. Just install it, will se if everything is OK.

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20621670.html#85 55880

D'amir
 
And someone was bad mouthing web tv. Ha ha we don.t get sick from Viruses

Fire up MTB 03
 
On Tue, 12 Aug 2003 19:40:56 -0400, Merlin <[email protected]> wrote:

>[email protected] <[email protected]> spoke thusly...
>> And someone was bad mouthing web tv. Ha ha we
don.t
>> get sick from Viruses
>>
>> Fire up MTB 03
>>
>>
>
>Ahh, nothing like the pleasure of full dolby digital audio while i
play
>my 3D video games. and the screen resolution is unbelievable.

Ah, the only problem with building a new 3 ghz system from scratch.

I forgot to import my kill files.

Shame on me.
 
P e t e F a g e r l i n <[email protected]> spoke thusly...
> On Tue, 12 Aug 2003 19:40:56 -0400, Merlin <[email protected]> wrote:
>
> >[email protected] <[email protected]> spoke thusly...
> >> And someone was bad mouthing web tv. Ha ha we
> don.t
> >> get sick from Viruses
> >>
> >> Fire up MTB 03
> >>
> >>
> >
> >Ahh, nothing like the pleasure of full dolby digital audio while i
> play
> >my 3D video games. and the screen resolution is unbelievable.
>
> Ah, the only problem with building a new 3 ghz system from scratch.
>
> I forgot to import my kill files.
>
> Shame on me.
>
>

nice to see you too. but of course, the irony is blinding.
--
~Travis

http://www.megalink.net/~farmers/
 
"Chris" <[email protected]> wrote in message
news:<[email protected]>...
> "Merlin" <[email protected]> wrote in message news:[email protected]...
>
> >
> > And let us not forget the worm that exploits an RPC leak.
> >
> > anybody happen to have a process running called msblast? how about unexplained restarts?
> >
> > http://www.bigblackglasses.com/Article.aspx?Article=342
> >
> > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
> > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
> >
> > I actually found the challenge quite entertaining. while doing research online about it, it
> > restarted my internet gateway system 50something times. at least it was nice enough to give me a
> > minute to bookmark the pages i was reading.
> >
> > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
> > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for
> > now (with the addition of the patch).
> > --
> > ~Travis
> >
> > http://www.megalink.net/~farmers/
> >
>
> I had the same restart problem when connecting, called the ISP and was told it was a Windows
> problem...so, in the forty-odd seconds I had before a restart initiated, I saw MS recommended the
> firewall. I enabled it, and well, it works so far.
>
> I can't find msblast.exe on my box anywhere...is there a patch/fix somewhere that you know of?
>
> Chris

http://www.symantec.com They have the removal tool .

M&M
 
<Originally posted by Bomba
> http://www.symantec.com They have the removal tool .

Which is fine if you already have the virus, but will not prevent you from getting infected in the
first place. Prevention is always best, so for those of you with XP or W2k, get the RPC patch from
the M$ website

bomba - who's spent all day helping the LAN admin to cure the network...>

Actually the cool thing Symantec did was offer the Microsoft link for the patch at the end of the scan. So it is right there for you.

---> Hundreds of clueless e/u all calling at once... "I got worms"


Jimbo(san)
 
"Merlin" <[email protected]> wrote in message news:[email protected]...
> Nelson Binch <[email protected]> spoke thusly...
> > I suspect somebody on this group has been infected with a virus. I
received
> > an email containing a worm with the subject speaking of Disk Brakes,
which
> > was caught and killed by my antivirus. It came via my [email protected] address, which is
> > only used for newsgroups.
> >
> > Time to update and scan, folks, especially with this Lovesan bug going around.
> >
>
> And let us not forget the worm that exploits an RPC leak.
>
> anybody happen to have a process running called msblast? how about unexplained restarts?
>
> http://www.bigblackglasses.com/Article.aspx?Article=342
>
> i just got over a hit from it last night on two of my workstations. cleaver little worm. without
> network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
>
> I actually found the challenge quite entertaining. while doing research online about it, it
> restarted my internet gateway system 50something times. at least it was nice enough to give me a
> minute to bookmark the pages i was reading.
>
> and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
> good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for now
> (with the addition of the patch).
> --
> ~Travis
>
> http://www.megalink.net/~farmers/

while it is shutting the system down does it give a window stating something about remote procedure
or something? If so then I think a friend of mine has
it.
 
T_Blood <[email protected]> spoke thusly...
>
> "Merlin" <[email protected]> wrote in message news:[email protected]...
> > Nelson Binch <[email protected]> spoke thusly...
> > > I suspect somebody on this group has been infected with a virus. I
> received
> > > an email containing a worm with the subject speaking of Disk Brakes,
> which
> > > was caught and killed by my antivirus. It came via my [email protected] address, which is
> > > only used for newsgroups.
> > >
> > > Time to update and scan, folks, especially with this Lovesan bug going around.
> > >
> >
> > And let us not forget the worm that exploits an RPC leak.
> >
> > anybody happen to have a process running called msblast? how about unexplained restarts?
> >
> > http://www.bigblackglasses.com/Article.aspx?Article=342
> >
> > i just got over a hit from it last night on two of my workstations. cleaver little worm. without
> > network/internet isolation, it is nearly impossible to stop it long enough to patch the system.
> >
> > I actually found the challenge quite entertaining. while doing research online about it, it
> > restarted my internet gateway system 50something times. at least it was nice enough to give me a
> > minute to bookmark the pages i was reading.
> >
> > and BTW, i was running the XP Internet Connection Firewall at the time. guess it doesn't work as
> > good as MS thinks it does. i lost my copy of ZoneAlarm Pro so the ICF will have to suffice for
> > now (with the addition of the patch).
> > --
> > ~Travis
> >
> > http://www.megalink.net/~farmers/
>
> while it is shutting the system down does it give a window stating something about remote
> procedure or something? If so then I think a friend of mine has
> it.
>
>
>

that would be the one. the worm name may be different, but the leak in the RPC service is the same.
have your friend download the patch (there is a link to the M$ website for the patch within that
other link i gave).
--
~Travis

http://www.megalink.net/~farmers/
 
bomba <[email protected]> wrote in message news:<[email protected]>...
> M&M wrote:
>
> > http://www.symantec.com They have the removal tool .
>
> Which is fine if you already have the virus, but will not prevent you from getting infected in the
> first place. Prevention is always best, so for those of you with XP or W2k, get the RPC patch from
> the M$ website
>
> bomba - who's spent all day helping the LAN admin to cure the network...

Got it on my most recent XP update patch ( tonight ) . Double checked on the M$ site and the patch
is already in my system .

M&M
 
Status
Not open for further replies.

Similar threads

articlebot
Velonews: Fabio Aru Out Of Trentino With Stomach Virus
Replies
0
Views
400
Cycling News Headlines
articlebot
articlebot
articlebot
Velonews: Kittel Pulls Out Of Tirreno-adriatico With Virus
Replies
0
Views
409
Cycling News Headlines
articlebot
articlebot
64Paramount
What anti virus software do you use on your personal computer?
Replies
30
Views
4K
Bike Cafe
Robfactory
Robfactory
kdelong
Virus Alert On This Forum!!!!
Replies
1
Views
1K
Bike Cafe
cyberlegend1994
cyberlegend1994
J
ED DOLAN I WILL SEND YOU SOME EBOLA VIRUS TO KILL YOUR 20 CATS! HELL NO, I AM THE KING OF TROLLS***
Replies
0
Views
404
Recumbent bicycles
jimmymac
J
S
Virus/trojon
Replies
6
Views
701
Australia and New Zealand
gplama
gplama
articlebot
Suspected virus could impact racing at Meadowlands (Los Angeles Daily News)
Replies
0
Views
305
Cycling News Headlines
articlebot
articlebot
S
Apparent virus claiming to come from cyclingforums
Replies
1
Views
254
UK and Europe
jd
J
G
Re: New Windows virus you can get just by looking at a picture = ********
Replies
3
Views
525
Road Cycling
Just zis Guy, you know?
J
L
Re: New Windows virus you can get just by looking at a picture, info in here
Replies
0
Views
350
Road Cycling
landotter
L
Top Bottom Back