RPC WORM
 

If anyone has had the problem of their comp shutting of due to NT Authority System, here is the link that will remove the problem called MSBlast.exe, after it is done removing it, it will forward you to the patch for it..
http://securityresponse.symantec.co...aster.worm.html

I got hit with this last night, found some news about it at http://www.techspot.com/vb/showthrea...oto=nextnewest followed the link above and it took care of this.


David

really true my friend DKruskie!
:wink:

today my friends call me all day long about this
and from my internet service came this links
showing the dangerous RPC (Remote Procedure Call) vulnerable:

http://www.cert.org/advisories/CA-2003-19.html
http://www.microsoft.com/technet/tre...n/ms03-010.asp
http://www.cert.org/advisories/CA-2003-20.html
(in 11/08/2003)

from my internet service:
Zone Alarm: (Windows 98, Me, NT, 2000 e XP; easy to use and free)
www.zonelabs.com

Tiny Personal Firewall:
(Windows 95, 98, Me, NT e 2000; eficient and free for home users.)
http://www.tinysoftware.com/tiny2/pr...-5.00.1200.exe

Norton Personal Firewall: (Windows 98, Me, NT, 2000 e XP; muitos recursos.)
www.symantec.com.br

Windows XP
32 bits
http://microsoft.com/downloads/detai...displaylang=en
64 bits
http://microsoft.com/downloads/detai...displaylang=en

windows 2000
all exept japonese
http://microsoft.com/downloads/detai...displaylang=en
nec
http://microsoft.com/downloads/detai...displaylang=en

:!:

Hi Jorel:
Earlier today I checked into this, and the window update screen was saying that this worm should not attack W98 OS. Actually, they did not say it, they only gave the patch for other Microsoft OS. Is this correct?


Regards

Totonho

right Otto
no informations for win98 or ME!

but have some advices about "msblast"!

see what my internet service send to me....
is in portuguese but i know that you can read it all Otto:

ATENÇÃO:
Devido a um novo vírus criado para explorar a vulnerabilidade do RPC (Remote Procedure Call) divulgada na Internet desde o dia 11/08, estamos recomendando a todos os usuários Windows a aplicarem o patch de correção acessível nos seguintes endereços:

>> Windows XP
32-bit Edition
64-bit edition

>> Microsoft Windows 2000
All except Japanese
NEC

Além disso, é fortemente recomendável a instalação de "Personal Firewall" pois a eficiência deste recurso ficou comprovada para esta vulnerabilidade. Algumas versões gratuitas disponíveis para download:

>> Zone Alarm: (Windows 98, Me, NT, 2000 e XP; fácil de usar e gratuíto)
www.zonelabs.com
>> Tiny Personal Firewall: (Windows 95, 98, Me, NT e 2000; eficiente e gratuíto para uso doméstico.)
http://www.tinysoftware.com/tiny2/pr...-5.00.1200.exe
>> Norton Personal Firewall: (Windows 98, Me, NT, 2000 e XP; muitos recursos.)
www.symantec.com.br

Recomendações adicionais:

1- Automatizar o processo de update de segurança do Sistema Operacional: ativar a função "Windows Update" para aplicação de todos os patches de segurança recém-divulgados pela Microsoft;

2- Identificar com a função "busca" do Windows algum programa como "msblast.*". Este worm é responsável pela propagação de várias funções tais como "system boot" utilizando as portas exploradas através da vulnerabilidade RPC (portas TCP Netbios). Ao identificar a presença de dois arquivos com nome msblast, apagá-los imediatamente.

Maiores Informações:
http://www.cert.org/advisories/CA-2003-19.html
http://www.microsoft.com/technet/tre...n/ms03-010.asp
http://www.cert.org/advisories/CA-2003-20.html (publicado em 11/08/2003)


:!:

Muito obrigado Jorel:

I think that the thing that I now need to do, is to implement a firewall in my system. I will take a look at these sites, as well as at the site that kwag mentioned in a different post.

Thanks and best regards

Otto

After I got hit I went got the free personal firewall from Kerio and has been doing great..I couldnt believe all the things trying to access my comp since getting this 8O



David