g-man a new virus hitting computers

[flypitcher]

hope this helps if you are sufferin from the problem:


Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

Causes shutdowns, no right click, no copy / paste

Many people running WinXP (and other NT based O/S's) are receiving an "Authority Error" followed by a 1 min shutdown.

This is a massive hack attempt, virtually everyone I know is suffering from it.

Either install/enable a firewall or download the following patch

http://www.microsoft.com/technet/tr...in/MS03-026.asp


Remember after installing the patch, you need to stop the file MSBLAST.EXE from been loaded from HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
and then reboot.

Finally, search for the two copies of MSBLAST.EXE and delete them; emtpy the recycle bin.

Oh, and remember to clear all old restore points (and create a new one NOW if you use the system restore feature).

[hippy74]

AHHHH GOTTA LOVE "APPLE COMPUTERS" ..

[imported_Gman]

Thanks for the info. I posted about this rpc exploit before it turned into this worm. We had already patched all our machines at work back in July after some of them got hacked into.

[ August 13, 2003, 07:38 AM: Message edited by: Gman ]

[Mah'chew]

This is no joke, I can't even cut my internet connection at home & lost my right click - wish I had an English OS at this point

[And]

I don't know what's going on either. I can't right click or cut and paste. It took all night on the craptop to download the patch .. then after I did that and found the stupid msblaster, it wouldn't let me delete it. Sometimes when I come to this page, the page won't load completely so I can't see the times posts were made, links don't work, smilies don't work ... one time I had no log out buttons.
Stupid pieces of shit damn viruses and computers! [img]graemlins/cussing.gif[/img]
I'm really irritated 'cause I have no freakin' clue what the hell I'm doing with all this patch work stuff. [img]graemlins/rofl.gif[/img] but still [img]mad1.gif[/img]

[ August 14, 2003, 08:25 AM: Message edited by: 6 23 ]

[Mah'chew]

Ditto, that's the one, time to pick up a book

[Jolyon]

Two things. First, change your clock to the year 2002 from 2003. That will stop the error message from coming up.

Second, go to an anti virus site like Norton and download the programme that kills this virus. Run it, then download the patch. The patch won't kill the virus, it'll only stop the same virus from getting you again.

[Martin Red]

12 August 2003

Blaster worm exploits Microsoft security hole and targets critical update website, Sophos Anti-Virus warns


Sophos has warned computer users of a new worm spreading across the internet, which exploits a critical vulnerability in versions of Microsoft Windows.

The W32/Blaster-A worm (also known as Lovsan, MSBlaster or Poza) contains a mocking message for Microsoft's chairman Bill Gates, and attempts to launch a denial of service attack on a website run by Microsoft for the purpose of distributing important security patches.

"Blaster attempts to knock Microsoft's windowsupdate.com website off the internet," explained Graham Cluley, senior technology consultant for Sophos Anti-Virus. "By attempting a denial of service attack on the windowsupdate.com website, the virus author is deliberately trying to make it difficult for computer users to download the patch they need to secure their copies of Windows against the worm. It's an extremely devious trick by Blaster's author."

The worm contains a message for Microsoft's Bill Gates, which does not get displayed:

I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!

The Blaster worm does not spread via email, but does distribute itself via the internet looking for vulnerable computers that have not been patched against a security hole first reported by Microsoft in mid-July 2003.

"System administrators should note that Blaster doesn't spread by email - so internet email scanning services will not be able to detect this worm, and an absence of reports at your email gateway does not mean you can rest on your laurels," said Graham Cluley. "Companies should deploy the patch from Microsoft, ensure their firewall is set up correctly and update the anti-virus on their desktop and servers."

Sophos advises users of Apple Macintosh and Unix computers that they are not affected by the Microsoft security vulnerability, and are not at risk from the worm


Fixes = http://www.sophos.com/support/disinf.../blastera.html