Virus/Worm alert...VERY IMPORTANT.

Moses

Member since
February 2003
From: Long Island

Virus/Worm alert...VERY IMPORTANT.

Posted by Moses on Tuesday, August 12, 2003 12:34 PM

This is URGENT, protect yourself asap. I have had 3 people come to see me today already about this on there home PC's

Q. My computer keeps restarting after something to do with a Remote Procedure Call (RPC) terminates unexpectedly. WHAT THE HELL IS THIS?

A. You've been hit by the RPC exploit, a serious flaw in the Windows NT line of Windows products (NT, 2000, XP, and 2003 Server). If this has happened, your system has been compromised, and your only option is pretty much to reformat and reinstall all your programs from known-good sources. Any single part of your system could be infected with who-knows-what, as the RPC exploit gives a malacious user unrestricted access to your system.

So Protect your system before you have to reformat (its the only solution once it's happened), get the patch on ASAP People

What does this mean. It seems that a worldwide worm/virus is circulating. If you have Windows XP, Windows 2000 or Windows NT 4.0..you will need to download this patch. About 1/3 of home uses have been hit already in one day. This is a major worm, and could result in doing a complete reformat of your system.

If you have been infected, you will no becuase your system will reboot over and over again. If this is happening you will need to download this fix:

http://securityresponse.symantec.co...er/FixBlast.exe

All those who have not been infected and those who were infected and downloaded and installed the fix above, you will need to get the patch off of Microsofts page...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

If you are using 2000, download 2000..if you are using XP Home or Pro...download XP 32bit.

If you are not using 2000, XP or NT 4.0, you are safe.

Any problems...please feel free to get me on yahoo at rob_riviezzo or MSN Messneger at moses96thid@hotmail.com.

"ZIM FIRST, ASK QUESTIONS LATER!!"

Reply

Anonymous

Member since
November 2005

Posted by Anonymous on Tuesday, August 12, 2003 2:01 PM

I have Windows Me. Is my system at risk ? Itried the e-mail link - it doesn't work. Thanks for the warning and your time.

Reply
Edit

Moses

Member since
February 2003
From: Long Island

Posted by Moses on Tuesday, August 12, 2003 2:23 PM

Pix, as it is right now...Me users are safe. The virus attacks 2000 OS's. Me is 98.

"ZIM FIRST, ASK QUESTIONS LATER!!"

Reply

Keyworth

Member since
January 2003
From: NE Georgia

Posted by Keyworth on Tuesday, August 12, 2003 3:34 PM

This one's legit, folks. It hit our hospital today like a tornado. I was answering calls and cleaning up stand-alone systems all day today. - Ed

"There's no problem that can't be solved with a suitable application of high explosives"

Reply

David Voss

Member since
December 2002
From: Waukesha, WI

Posted by David Voss on Tuesday, August 12, 2003 5:17 PM

Thank you Moses for posting this.

It was only a matter of time before a major virus/worm hit using this exploit. Microsoft announced this back on July 16th. MS along with CERT and other have been sending out bulletins about this.

Affected Software:
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

CERT® Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface

Microsoft Security Bulletin MS03-026
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

What You Should Know About Microsoft Security Bulletin MS03-026

Although it's probably going to be slow the next couple of days due to the virus launching a DOS (Denial of Service) attack against it, another good way to update your system is to use the Windows Update Site -- http://windowsupdate.microsoft.com/ . It'll check your system for critical updates/patches that need to be applied. It's a good habit to use this site at least once a month.

David Voss Senior Web Developer Kalmbach Publishing Co. Join me on the FSM Map

Reply

David Voss

Member since
December 2002
From: Waukesha, WI

Posted by David Voss on Tuesday, August 12, 2003 6:08 PM

For more information and instructions on how to remove this, check out Symantec's website.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

David Voss Senior Web Developer Kalmbach Publishing Co. Join me on the FSM Map

Reply

Anonymous

Member since
November 2005

Posted by Anonymous on Wednesday, August 13, 2003 11:54 PM

Wow...
Now I am glad that I am still using windows 98.
I was just thinking about an upgrade.
Maybe I will wait till this blows over.

Reply
Edit

Keyworth

Member since
January 2003
From: NE Georgia

Posted by Keyworth on Wednesday, August 13, 2003 11:59 PM

Dave, thanks for posting the update links. Several of the area businesses here got whacked by this worm virus and it was costly for them. Lost time is lost revenue, not to mention the ulcer-producing aggravation that goes with it. - Ed

"There's no problem that can't be solved with a suitable application of high explosives"

Reply

Anonymous

Member since
November 2005

Posted by Anonymous on Friday, August 15, 2003 4:20 PM

I am a Network Tech for my local city government and so far we have been keeping it at bay. This is someone with to much time on their hands. They need to do soemthing like build models.