Author |
Message |
tyranus
Emperor
Joined: Tue Apr 01, 2003 3:42 am Posts: 2005 Location: Under my wife AND son's thumbs.. in essex! chavs! everywhere!!
|
yeah, a box popped up saying something like '45 seconds until your computer shuts down'. only happened like twice, and that was it, didn't keep doing it enough to mess anything up, but still damn annoying.
yeah, trouble is it was someone i know from college sending a picture to me along with about 10 others, so you tend to get lazy and just open it.
thankfully nortons update sorted it out straight away.
_________________ Sleep deprivation for teh lose
|
Fri Aug 22, 2003 10:50 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Blaster's a worm, not an email virus. It propogates itself by doing port scans and exploiting a buffer overflow vulnerability in DCOM RPC. Nothing to do with email. Unless there's a new variety, but it would have to be a complete re-write of the code.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Fri Aug 22, 2003 1:03 pm |
|
|
tyranus
Emperor
Joined: Tue Apr 01, 2003 3:42 am Posts: 2005 Location: Under my wife AND son's thumbs.. in essex! chavs! everywhere!!
|
then thats a bit worrying. the firewall really should have kept it out. any ideas why it didn't?
_________________ Sleep deprivation for teh lose
|
Fri Aug 22, 2003 2:08 pm |
|
|
Arathorn
Minor Diety
Joined: Tue Apr 01, 2003 10:23 am Posts: 3956 Location: Amsterdam
|
I haven't followed the whole topic, what firewall are you using?
I'm using Sygate Personal Firewall, it's free and I'm very content with it, except for the fact that sometimes it stops working and I have to reinstall it, but that is said to hapen only at a limited amount of users.
_________________ Melchett: As private parts to the gods are we: they play with us for their sport!
|
Fri Aug 22, 2003 2:13 pm |
|
|
Rinox
Minor Diety
Joined: Mon Mar 31, 2003 7:23 am Posts: 14878 Location: behind a good glass of Duvel
|
Cos it's a sophisticated worm. I repeat, firewalls are the biggest load of crap ever.
_________________ "I find a Burger Tank in this place? I'm-a be a one-man cheeseburger apocalypse."
- Coach
|
Fri Aug 22, 2003 2:45 pm |
|
|
tyranus
Emperor
Joined: Tue Apr 01, 2003 3:42 am Posts: 2005 Location: Under my wife AND son's thumbs.. in essex! chavs! everywhere!!
|
lol, i'll take your word for it.
arathorn: zonealarm pro.
_________________ Sleep deprivation for teh lose
|
Fri Aug 22, 2003 4:55 pm |
|
|
Peltz
Stranger
Joined: Sat Apr 12, 2003 1:14 pm Posts: 6312 Location: Estonia
|
Id suggest also scanning your computer for w32Sobig.F@mm virus, we had a major trouble with that here in estonia, hell it even made it into the local newspaper
If you get any email containing .pif files or .scr then delete it immediatly. theres a 85% chance its the virus. Also the key text inside the email is: Please see the file attached or See the file attached.
_________________ When someone asks how rich you are, quote Rinox " I don't even have a rusty nail to scratch my butt with...!"
Be well or Get Help!!
|
Fri Aug 22, 2003 5:03 pm |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
If your firewall is worth a crap, it should block it. If not, well....that's your problem. You need to be blocking TCP ports 135 and 4444. And supposedly also UDP port 69.
TCP port 135 is one of the file and printer sharing ports... 4444 is RPC DOM (which is the biggest problem) and UDP port 69 if TFTP, which is how the virus transfers itself to a new computer. The reason to kill TCP 135 is because it also attacks open shares, I believe. But if you don't have a network, you shouldn't have any shares anyway... and if you do, you'd be a moron not to kill access to those ports with a router or something.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Fri Aug 22, 2003 5:34 pm |
|
|
tyranus
Emperor
Joined: Tue Apr 01, 2003 3:42 am Posts: 2005 Location: Under my wife AND son's thumbs.. in essex! chavs! everywhere!!
|
yeah, that was one of the things i've done since, blocked those ports, hopefully it won't happen again.
_________________ Sleep deprivation for teh lose
|
Sat Aug 23, 2003 7:08 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
don't feel bad, my girlfriend brought home a friend's laptop that was spontaneously rebooting itself. I had no clue what was going on until I checked mconfig... msblast.exe. heheh. I thought that was pretty funny. So I manually cleaned it, removed a bunch of startup crap (starts in like 30 seconds now instead of 5 minutes) and even patched it for her. Patched my own machine too, just for the hell of it.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Sat Aug 23, 2003 7:31 am |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
nice, i'm gunna have to go in to that config and see what i can get rid off, but i'll do it using ur help me thinks, check the site and all. This comuter takes .. well last time I timed it, 2 mins 40 to start up, So gotta fix that.
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Sat Aug 23, 2003 8:11 am |
|
|
Arathorn
Minor Diety
Joined: Tue Apr 01, 2003 10:23 am Posts: 3956 Location: Amsterdam
|
Satis, the ports you mentioned, wich ones are local and wich ones are remote?
_________________ Melchett: As private parts to the gods are we: they play with us for their sport!
|
Sun Aug 24, 2003 8:03 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
eh? Those are the incoming ports you need to close. Actually, you can close those ports inbound and outbound, I doubt you're using any of the services.
Yea, Mole, check my walkthroughs. I forget which O/S you're running. oh, btw, it's mSconfig, not mconfig... typo on my part.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Sun Aug 24, 2003 10:04 pm |
|
|
Arathorn
Minor Diety
Joined: Tue Apr 01, 2003 10:23 am Posts: 3956 Location: Amsterdam
|
Sygate Personal Firewall makes a difference between local and remote ports, dunno what that is, but I've blocked everything remote and local.
You do not have the required permissions to view the files attached to this post.
_________________ Melchett: As private parts to the gods are we: they play with us for their sport!
|
Mon Aug 25, 2003 8:18 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
ok, it's talking about inbound and outbound. Local would be inbound, I'm sure, while remote it outbound. Kind of a wierd way to write it, but whatever. That's fine. Inbound is actually all you need to worry about, but having both doesn't matter either.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Mon Aug 25, 2003 12:37 pm |
|
|