MedVision ad

WARNING: W32.Blaster.Worm (1 Viewer)

Huy

Active Member
Joined
Dec 20, 2002
Messages
5,240
Gender
Undisclosed
HSC
N/A
Originally posted by wogboy
Or Windows 2K/XP fully patched & up to date :D
Yep, that was exactly what I was saying before :)
Originally posted by Huy
i wasnt affected, but that's not to say i'll never be affected by anything like this.
sp1 + all pre-sp2 patches that apply to me (windows xp), or sp4 for win2k.

(see KB articles, some don't apply so i'm always safe to read all articles/docs before i apply something that clearly states: "install if you are experiencing this *particular* problem" etc ;) :)
 

saladsurgery

kicking the cack
Joined
Jul 26, 2002
Messages
943
Location
over there
Gender
Male
HSC
2002
pfft
microsoft and their patches
why not just write decent software to start with, and test it well... :p
 

MiuMiu

Somethin' special....
Joined
Nov 7, 2002
Messages
4,329
Location
Back in the USSR
Gender
Female
HSC
2003
Originally posted by saladsurgery
pfft
microsoft and their patches
why not just write decent software to start with, and test it well... :p
Cos that would take effort
 

Frigid

LLB (Hons)
Joined
Nov 17, 2002
Messages
6,208
Gender
Undisclosed
HSC
N/A
Huy, is Blaster32 a mail-based worm, or could you get blasted (excuse the pun) just by having TCP ports open?

I couldn't be bothered (actually, I don't want to) use Windows Update because... (of a few personal reasons ;)) so added a few rules to firewall to block the TCP and UDP ports concerned - will that be the end of it?

btw, I'm getting confused - a lot of friends are getting restart messages from Remote Procedure Call - I guess this is from the worm?
 

Jesus

Christ
Joined
Jun 20, 2003
Messages
102
Location
Bibble
Gender
Undisclosed
HSC
N/A
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!



haha its not 6kb
 

iambored

dum-di-dum
Joined
Apr 27, 2003
Messages
10,862
Location
here
Gender
Undisclosed
HSC
2003
if ur anti virus is updated is that ok? or do u need the windows updates?

also, with the windows updates ('security and critical updates'), at the side of my comp it always says "new updates are ready to download" and everytime i press start download it starts, but about an hour later only like 3% has downloaded and then i go offline so i dont think any updates have ever been downloaded. any thoughts?
 

anti

aww.. baby raccoon ^^
Joined
Jul 28, 2002
Messages
2,900
Location
Hurstville
Gender
Undisclosed
HSC
2002
Yes, update windows. It exploits a security hole in windows software.

Frigid, it's not sent through email - it is sent by TCP. If you close your TCP ports (135 at the very least) you'll be ok.. but you won't be able to send (or is it receive?) through this port.. also, the virus sends itself to other computers on networked connections via port 4444 - this is how it spreads throughout school systems.

Yeah, the RPC call is from the worm.. it's the thing shutting down the computers. Nice side-effect, eh?

Oh, and you don't need to use windows update to run the patch.. just download it or get a friend to burn it to cd for you and run it. It works on pirated versions of windows xp professional, anyway, not that I know or anything :D

iambored, you still need the windows update or you'll just keep getting the worm again. and as for the windows update problem.. turn off automatic windows update (somewhere in control panel) and manually update windows by going to the website and selecting only which components you want to install.
 

iambored

dum-di-dum
Joined
Apr 27, 2003
Messages
10,862
Location
here
Gender
Undisclosed
HSC
2003
Originally posted by anti
iambored, you still need the windows update or you'll just keep getting the worm again. and as for the windows update problem.. turn off automatic windows update (somewhere in control panel) and manually update windows by going to the website and selecting only which components you want to install.
ok cool i'm doing them two at a time, there r so many 2 do coz i've never been able 2 do them all!
 

Frigid

LLB (Hons)
Joined
Nov 17, 2002
Messages
6,208
Gender
Undisclosed
HSC
N/A
Originally posted by anti
Yeah, the RPC call is from the worm.. it's the thing shutting down the computers. Nice side-effect, eh?
so i guess if I go to RPC properties in Services.msc, and change the Recovery values from "restart comp" to "restart service", the virus won't affect me (in any dramatic way) and it'll still DoS windowsupdate.com? coolies.

i don't think any software (ICQ, MSN etc) i've got at the moment uses port 135, so it's all cool. i've blocked those ports so yeah, screw windows update.

*false sense of security*
 

babydoll_

wat
Joined
Oct 22, 2002
Messages
4,531
Gender
Undisclosed
HSC
N/A
Originally posted by Huy
unplug your network cable (or dialup: disconnect)
stay offline
that didnt work for me!
i d/ced my cable and it still shut down my comp when i had it
never to fear, all fixed now
 

Huy

Active Member
Joined
Dec 20, 2002
Messages
5,240
Gender
Undisclosed
HSC
N/A
Originally posted by babydoll_
that didnt work for me!
i d/ced my cable and it still shut down my comp when i had it
never to fear, all fixed now
If you've got it, then it'll remain on your system until such time as you remove it.

If you are trying to REMOVE it, then staying offline will be beneficial as you'd be able to remove it, fix your system up (offline), making sure that you don't have it and you're in the clear, and then going online, where you'll be protected and unaffected since you've already fixed the system/patched :)
 

wogboy

Terminator
Joined
Sep 2, 2002
Messages
653
Location
Sydney
Gender
Male
HSC
2002
I personally reckon all ISPs across the world (or at least as many as possible) should be forced to block port 135, to hinder the virus from spreading.

According to my firewall log, I'm getting TCP packets on port 135 being rejected by my firewall on average every 5-10 mins!!
 

Sam

samboh
Joined
Jul 8, 2002
Messages
99
Location
sydney
Gender
Male
HSC
2002
one answer...

stay away from the comp..
or at least stay away from the net...

u all should b studying :)
 

flyin'

EDIT
Joined
Aug 21, 2002
Messages
6,677
Gender
Undisclosed
HSC
N/A
Well, that explains why Computer didn't Crashed each time I was online this week... better get patch. :D
(Should've visited forum, darn.)
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top