Another damn virus
Moderators: jelco, bert_the_turtle, Chris, Icepick, Rkiver
to the question "One should be safe if there's no msblast.exe, right?"
yes, if it is not on your hd, then you're not infected. i read that off of MS's website.
you know what's funny, no matter how popular or famous this worm gets, it will still infect thousands of computers. here's an interesting fact... about 10,000 computers are still being infected by Code Red every month.
(Edited by xluryan at 12:13 am on Aug. 14, 2003)
yes, if it is not on your hd, then you're not infected. i read that off of MS's website.
you know what's funny, no matter how popular or famous this worm gets, it will still infect thousands of computers. here's an interesting fact... about 10,000 computers are still being infected by Code Red every month.
(Edited by xluryan at 12:13 am on Aug. 14, 2003)
They can strike me down, but I will get back up.
They can try to scare me, but I am not afraid.
No matter what they do, they CANT stop me... Because I am a Freedom Fighter, and Freedom, is Forever.
They can try to scare me, but I am not afraid.
No matter what they do, they CANT stop me... Because I am a Freedom Fighter, and Freedom, is Forever.
you can use the regedit.exe or regedit32.exe for checking your registry. go to Start, Run, type 'regedit' or 'regedit32' then press Enter.
as a word of caution, if you're not sure of what you're doing, don't even think about messing. changing even just 1 value in the registry can totally screw up your system. so, since you don't even know how to view your own registry, i assume you wouldn't know what to do when you see it. so i warn you: SEE, BUT NOT TOUCH.
as a word of caution, if you're not sure of what you're doing, don't even think about messing. changing even just 1 value in the registry can totally screw up your system. so, since you don't even know how to view your own registry, i assume you wouldn't know what to do when you see it. so i warn you: SEE, BUT NOT TOUCH.
-
- level1
- Posts: 31
- Joined: Fri Jul 11, 2003 11:33 pm
- Location: Germany
- Contact:
Don't just look for msblast.exe - the two variants of the worm use different filenames. Variant .B comes as "penis32.exe" (WTF...? O_o), variant .C is namend "teekids.exe" and drops a backdoor with the filename "root32.exe".
"To see a world in a grain of sand // And Heaven in a flower
Hold infinity in the palm of your hand // And eternity in an hour."
Hold infinity in the palm of your hand // And eternity in an hour."
-
- level3
- Posts: 451
- Joined: Thu Apr 25, 2002 7:05 pm
- Contact:
just a little note to those who think that only downlading from trusted sites etc etc will keep you safe, emmm no. The worm itself carries the coding to scan a set number of IP's to detect systems that are not pacthed or vulnerable and then exploits them and then installs itself. You do not need to downlaod it or access it in anyway whatsoever.
As for the person who wants to know what registry entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run and runservices.
Look for anything that is not neccesary or you do not recognise it, i.e. msblast.
As for the person who wants to know what registry entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run and runservices.
Look for anything that is not neccesary or you do not recognise it, i.e. msblast.
I was wondering why my RPC suddenly screwed up so much. I even reinstalled XP (planning to do that anyway). But it took me less than no time to get rid of blaster manualy.
BTW, did you read what the reg key says? Something about a guy called bill IIRC. It's funny. I cant read it now, cos i deeted the key but still. I had Penis32 ánd blaster btw. (maybe I should get a firewall, god i hate those things!)
(Edited by 7h0m4z at 12:16 pm on Aug. 15, 2003)
BTW, did you read what the reg key says? Something about a guy called bill IIRC. It's funny. I cant read it now, cos i deeted the key but still. I had Penis32 ánd blaster btw. (maybe I should get a firewall, god i hate those things!)
(Edited by 7h0m4z at 12:16 pm on Aug. 15, 2003)
000 000 0000
0 0 0 0 0 0
0 000 0 0 0
0 0 0 0 0 0
0 000 0 0 0
-
- level3
- Posts: 274
- Joined: Tue Jul 15, 2003 4:47 pm
- Location: Bristol, England
- Contact:
-
- level1
- Posts: 31
- Joined: Fri Jul 11, 2003 11:33 pm
- Location: Germany
- Contact:
The DDoS attack performed by the worm is completely pointless. It's hitting windowsupdate.com now, and M$ has already taken the DNS offline, but windowsupdate.microsoft.com - the correct address for Windows Update - is still operational and not affected by the attack in any way. Nevertheless some 3rd party companies are now allowed to mirror the RPC vulnerability patches (a German publisher for IT magazines got authorized to mirror the files on it's own FTP, for example).
Finally, Goliath's mistakes have to be cleaned up by David.
(Edited by Liquid Data at 12:13 am on Aug. 16, 2003)
Finally, Goliath's mistakes have to be cleaned up by David.
(Edited by Liquid Data at 12:13 am on Aug. 16, 2003)
"To see a world in a grain of sand // And Heaven in a flower
Hold infinity in the palm of your hand // And eternity in an hour."
Hold infinity in the palm of your hand // And eternity in an hour."
-
- level3
- Posts: 451
- Joined: Thu Apr 25, 2002 7:05 pm
- Contact:
Who is online
Users browsing this forum: No registered users and 15 guests