|
|
| nero64 2003-08-12, 11:34 pm |
| There is some nasty viruses circulating at the moment and thanks to my ISP i have one.
Turns out my ISP’s RAS server has a virus so each time I log on I get it and weird stuff starts to happen. When I reboot memory is erased so everything is fine- well it seems fine. I remember a time when the only way a virus was spread was via a floppy and you could surf the internet without worry. Now a days it’s so easy to get a virus.
Serves myself right for going with a cheap ISP who knows jack about security.
Anybody know off a good virus program for W2K server. | |
| nero64 2003-08-13, 12:00 am |
| I'm talking about the W32.Blaster worm. Check your system32 folder and look for msblast.exe file. There is a patch for it at the MS site. If you already have it MS say reformat and rebuild your PC...hah you can't be serious! | |
| karlisi 2003-08-13, 2:07 am |
| There are many of them in Latvia since Monday evening. I have not seen infected PC yet but in forums there are a lot of people who have this virus. Its no problem for big companies with properly closed NetBIOS ports on firewalls but small companies and home users are in trouble. | |
| nero64 2003-08-13, 4:13 am |
| I just got rid of it then. It was in system memory and even installing the MS patch and turning off the PC did nothing. I just deleted the msblast.vxe file from system32 and i think i got rid of it. My virus scanner can't detect it anymore. I also had some sort of virtual trojan virus as well.
Ms gives a whole listing of ports to close. I might try these for practise. | |
| karlisi 2003-08-13, 7:15 am |
| There are free tools from Symantec and McAfee for detecting and removal of this worm. I used McAfee's tool called 'Stinger' before for other worms and it worked nice. Just search Google for 'stinger.exe'. And of course - patching, patching... | |
| jeff_j_black 2003-08-13, 6:08 pm |
| Remember, the MS Patch will prevent you from getting it, not remove it once you do get it. | |
| Tarzanboy 2003-08-16, 4:49 pm |
| As a secondary precaution, in addition to patching your systems, if you are not using DCOM, disable it. By default Win2k/XP/2k3 all have it on and 99% of the public does not need it.
As always, verify whether you have a need for DCOM and test in a lab environment prior to implementing it into a production environment.
In Windows 2000:
1. Click Start, Run, and type: dcomcnfg
2. Press ok or the enter key
3. Click Default Properties and uncheck Enable Distributed COM on this computer.
4. Click OK.
In Windows XP/Windows Server 2003:
1. Click Start, Run, and type: dcomcnfg
2. Press ok or the enter key
3. Double Click Component Services, double click Computers, right click your computer and select Properties.
4. Click Default Properties and uncheck Enable Distributed COM on this computer.
5. Click OK.
Cheers,
TB |
|
|
|