H
F
FoXeH
Guest
- Thread starter
- #2
make sticky in tech help plz
O
old.SOSAGES
Guest
- Thread starter
- #3
Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution(Q823980) was sent on 17th of last month .. 
use the auto update thing peps anyway
FYI:
TrendLabs has received several infection reports of this new worm named WORM_MSBLAST.A which exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan and send data to vulnerable systems in the network using port 135. When the system date is August 15, it performs a Distributed Denial Of Service attack against windowsupdate.com.
As of 1:54 PM, US Pacific Time, Trend has declared a yellow alert to control the spread of this malware.
Please inform us if there are any infection reports in your region.
For more information on WORM_MSBLAST.A, please visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBlast.a
and maybe swing by free virus checker
use the auto update thing peps anywayFYI:
TrendLabs has received several infection reports of this new worm named WORM_MSBLAST.A which exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan and send data to vulnerable systems in the network using port 135. When the system date is August 15, it performs a Distributed Denial Of Service attack against windowsupdate.com.
As of 1:54 PM, US Pacific Time, Trend has declared a yellow alert to control the spread of this malware.
Please inform us if there are any infection reports in your region.
For more information on WORM_MSBLAST.A, please visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBlast.a
and maybe swing by free virus checker
O
oblivion_6
Guest
- Thread starter
- #4
this little beauty has just made its way into my works network
lol theres now 600 machines infected with it
hmm me thinks a day of might be on the cards
lol theres now 600 machines infected with it
hmm me thinks a day of might be on the cards
F
FoXeH
Guest
- Thread starter
- #5
my virus scanner updated it's self today and detected it, now virus free
O
oblivion_6
Guest
- Thread starter
- #6
hmm that seems about right for here lol
single user system detects and cleans
multi national companies extreme security system detects and goes boom
lol if only u people knew what company it was u would be brickin it
single user system detects and cleans
multi national companies extreme security system detects and goes boom
lol if only u people knew what company it was u would be brickin it
A
alithiel50
Guest
- Thread starter
- #7
I had to spend my entire lunchbreak patching and fixing PC's in my office today to get rid of this damn virus...
I did 30 machines (out of 180-200 in the building) in an hour!
I did 30 machines (out of 180-200 in the building) in an hour!
W
Worm_th
Guest
- Thread starter
- #8
I spent most of the day dealing with this little monster...
Turned out to be MSBlast.exe running in the process tree, kicked off by a registry entry in the windows load section.
Kill the entry, reboot, kill the file... simple really.
Pain in the ass tho
Turned out to be MSBlast.exe running in the process tree, kicked off by a registry entry in the windows load section.
Kill the entry, reboot, kill the file... simple really.
Pain in the ass tho
O
old.SOSAGES
Guest
- Thread starter
- #9
*wonders why the peps that went round fixing it didnt prevent it in the first place =)*
L
Lomald Umilinn
Guest
- Thread starter
- #10
http://securityresponse.symantec.com/avcenter/FixBlast.exe
there is the fix
download, then update windows and keep your security updates up to date
there is the fix
download, then update windows and keep your security updates up to date
S
Sibanac
Guest
- Thread starter
- #11
Seems the NT admins pushed the patch on all clients here.
Just got off the phone with a mate who is an admin here and he is saying they found infected machines that where patched.
They are still looking at how this happend
Just got off the phone with a mate who is an admin here and he is saying they found infected machines that where patched.
They are still looking at how this happend
C
Cronn
Guest
- Thread starter
- #12
I never thought reading DAOC forums would help me in any way.
O
old.Garax
Guest
- Thread starter
- #13
The issue manifests itself by causing the PC to contunally reboot & will also stop some functionality (i.e.drag & drop, may disable the mouse or causes the screen to freeze amongst others.) If you receive a call with these symptoms please advise the customer that you are about to offer courtesy support only as we do not support virus clearance but recommend they do the following....
Do a search for msblast.exe
usually found in system32 folder
Delete it.
Start -> run > msconfig -> start-up tab
disable msblast
Reboot machine.
Enable firewall (XP's own will be fine)
Disable client for Microsoft networks
Disable file and printer sharing
...just to be on the safe side.
Connect...
go to http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
download and install the patch
Hope this helps.
Do a search for msblast.exe
usually found in system32 folder
Delete it.
Start -> run > msconfig -> start-up tab
disable msblast
Reboot machine.
Enable firewall (XP's own will be fine)
Disable client for Microsoft networks
Disable file and printer sharing
...just to be on the safe side.
Connect...
go to http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
download and install the patch
Hope this helps.
M
makgsnake
Guest
- Thread starter
- #14
Omg i thought i was the only one, i was about to format my pc until this guy on irc told me to download that.
took me a while to install because i never had enough time
took me a while to install because i never had enough time
S
Son
Guest
- Thread starter
- #15
J
JoxerTheMighty
Guest
- Thread starter
- #16
Well, a guildie told of of this tool earlier today. Sadly I already formatted and reinstalled.....ah well..a fresh new OS has its appeal aswell...the damn machine was getting a bit slow lately anyway
W
Worm_th
Guest
- Thread starter
- #17
Once MSBlast.exe is on your computer and running (if its there, its running) you cannot simply "delete" it.
You have to kill the Registry entry that tells the fiel to load on windows start-up. Then Reboot.
After the reboot the virus will be present on your PC but wont actually be running, at this point you can delete it.
We have just installed SP4 for Win2k around my office, after the machines has been checked/cleaned. This seems to have removed all the problems associated with this virus (the svchost generateing errors, the rebooting etc)
Huge file, but if youve got Win2k, download the service pack and install it... seems to have worked for us, no more reinfections (yet)
You have to kill the Registry entry that tells the fiel to load on windows start-up. Then Reboot.
After the reboot the virus will be present on your PC but wont actually be running, at this point you can delete it.
We have just installed SP4 for Win2k around my office, after the machines has been checked/cleaned. This seems to have removed all the problems associated with this virus (the svchost generateing errors, the rebooting etc)
Huge file, but if youve got Win2k, download the service pack and install it... seems to have worked for us, no more reinfections (yet)
H
Hit ^_^
Guest
- Thread starter
- #18
there are several versions of it out now.
some that you can just remove from registry and delet. or just run the fix/patch to remove some are worse.
some that you can just remove from registry and delet. or just run the fix/patch to remove some are worse.
K
kirennia
Guest
- Thread starter
- #19
sure this acts as a warning to people to look for updates on their virus programs every day....thats what I do and have had no problems at all with it even though it seems to have affected around 75% of people I have talked to 
H
hercules-df
Guest
- Thread starter
- #20
Originally posted by alithiel50
I had to spend my entire lunchbreak patching and fixing PC's in my office today to get rid of this damn virus...
I did 30 machines (out of 180-200 in the building) in an hour!
lol
H
hercules-df
Guest
- Thread starter
- #21
Its a windows exploit not a virus that caused this chaos, ppl should keep winblows up to date as well as virus checkers, the exploit lets ppl get inside and upload all sorts of things with remote tools, winvnc etc..
any1 with firewall/keeps windows up to date wouldent of been affected
any1 with firewall/keeps windows up to date wouldent of been affected
H
hercules-df
Guest
- Thread starter
- #22
oh yeh and l33t lun1x us3rs¬1!1
D
darbey
Guest
- Thread starter
- #23
LOl didnt realise this was here, anyway i put a bit in the DAOC general discussion board as its not really server specific , anyway heres link. Theres a link there to a nice little program that will purge the virus for u
http://forums.barrysworld.com/showthread.php?s=&threadid=76260
http://forums.barrysworld.com/showthread.php?s=&threadid=76260