public forum
home forum magazine gallery links about faq courtesy
It is currently Mon Apr 21, 2014 5:07 am

All times are UTC - 7 hours [ DST ]




Post new topic Reply to topic  [ 25 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Virus alert
PostPosted: Tue Aug 12, 2003 5:04 am 
Offline

Joined: Sun Oct 24, 1999 11:01 pm
Posts: 19975
Location: London, England; Tallinn, Estonia
There's a new kid on the Virus block - w.32 Blaster, which was discovered on 11th August.

Here is the background information:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

and here is the removal tool infprmation:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

I had this today and don't know how I picked it up. The symptom is a message box :

*****************

System Shutdown

blah blah Initiated by NT Authority\System

Message

Windows must restart because the RPC service terminated unexpectedly

*****************

This happens between a few seconds and 5 minutes of connecting to the Internet. There is also an MS patch to close off the attack route. In my tired and emotional state I did not run the MS patch initially and I think I was reinfected.

Anyway it seems to be OK now. The UK Dell phone line had a recorded message on this theme this morning so I suspect I was not alone.

Make sure you're up to date with your virus software - yesterday morning's release is out of date!

<small>[ 12 August 2003, 10:31 AM: Message edited by: Stuart Sweeney ]</small>


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Wed Aug 13, 2003 3:57 am 
Offline

Joined: Tue Dec 04, 2001 12:01 am
Posts: 1876
Location: New England
A Cable Modem/DSL Router (with built-in firewall) can prevent this virus. I suggest you get one, even if you have only 1 computer attached to your cable modem or DSL router.


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Wed Aug 13, 2003 12:58 pm 
Offline

Joined: Sat Nov 17, 2001 12:01 am
Posts: 566
Location: Paris
Je viens de détruire manuellement ce virus. (j'aurais dû mettre le patch Windows il y a quelques semaines. Cela aurait évité de l'attraper.)

1) j'ai éxécuté le "Manual Removal Instructions" en 4 étapes :
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

2) puis, j'ai installé le Patch de Microsoft : (utile pour réparer la faille de Windows)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

<small>[ 13 August 2003, 03:09 PM: Message edited by: * jerome * ]</small>


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Wed Aug 13, 2003 1:29 pm 
Offline

Joined: Sat Nov 17, 2001 12:01 am
Posts: 566
Location: Paris
Juste avant la réparation (j’ai fait une petite manipulation):

Avant qu'il me redémarre systématiquement mon ordinateur toutes les minutes, je suis allé dans les « services » de XP (panneau de configuration/outils d'administration) puis en sélectionnant le service "RPC". En modifiant, l'option « redémarrer » à la première défaillance, j’ai sélectionné l’option « ne rien faire ». J'ai empêché qu'il redémarre automatiquement mon ordinateur une nouvelle fois. J'ai pu alors détruire le virus en lisant les informations des sites ci-dessus et remettre le service « RPC » comme il était.

<small>[ 13 August 2003, 03:30 PM: Message edited by: * jerome * ]</small>


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sat Aug 23, 2003 6:51 am 
Offline

Joined: Sun Dec 12, 1999 12:01 am
Posts: 3663
Location: The Bronx is up; the Battery's down
Windows users, here's a way to protect yourself:

1. Run Internet Explorer.

2. Click on "Tools" and then on "Windows Update".

3. When you get the "Welcome to Windows Update" screen, click on "Scan for updates".

4. Install any "critical" or "security" updates it recommends.

NOTE: KEEPING YOUR VERSION OF WINDOWS UPDATED, WHILE IMPORTANT, DOES NOT PRECLUDE THE NEED FOR VIRUS PROTECTION SOFTWARE SUCH AS THAT PRODUCED BY MACAFEE, SYMANTEC, OR GRISOFT.COM.

_________________
Jeffrey E. Salzberg,
Dance Lighting Design
http://www.jeffsalzberg.com


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sun Aug 24, 2003 7:37 am 
Offline

Joined: Wed Jul 03, 2002 11:01 pm
Posts: 602
Location: Seattle, WA,USA
Thanks Salzberg. You know what bothers me the most about viruses. To design a computer virus must take a considerable amount of creative energy and talent, and i think it is such a shame that it is wasted on deliberately hurting people. How in the world do these peole justify themselves. What a lack of character.


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sun Aug 24, 2003 12:07 pm 
Offline

Joined: Sun Dec 12, 1999 12:01 am
Posts: 3663
Location: The Bronx is up; the Battery's down
Matthew, while I'm certainly no psychologist, I'm certainly Jung at heart and so I'm not at all a-Freud to offer my opinions....

I suspect that these folks feel powerless and underappreciated. This is their way of being in control.

_________________
Jeffrey E. Salzberg,
Dance Lighting Design
http://www.jeffsalzberg.com


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sun Aug 24, 2003 12:10 pm 
Offline

Joined: Sun Dec 12, 1999 12:01 am
Posts: 3663
Location: The Bronx is up; the Battery's down
There's one other thing you can do to protect yourself and limit the spread of viruses.

Many viruses (although not the worms we've heard of so much over the past few weeks) replicate themselves by emailing themselves to everyone in the user's Microsoft Outlook addressbook. The easy and obvious way to prevent this is...don't use Outlook or Outlook Express.

_________________
Jeffrey E. Salzberg,
Dance Lighting Design
http://www.jeffsalzberg.com


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sun Aug 24, 2003 3:34 pm 
Offline

Joined: Fri Oct 22, 1999 11:01 pm
Posts: 17498
Location: SF Bay Area
Also, I can assure you that the viruses are not originating from the criticaldance.com mail server. If you receive an infected file purportedly from someone at criticaldance.com, it is probably being sent instead from an infected Outlook or Outlook Express addressbook residing on a third party's PC.

It works like this: joeperson@mail.com has an address book that contains the following addresses: sallyfriend@yahoo.com and admin@criticaldance.com. The virus looks up the addresses and sends an email to sallyfriend@yahoo.com "signed" by admin@criticaldance.com or vice-versa. In the latter case, sallyfriend@yahoo.com may get a response from the criticaldance.com telling her she sent admin@criticaldance.com a virus even though she didn't even turn on her PC.

For example, a virus purportedly sent out by me turned out to have come from "NOKU (dt217-16.vemis.ee [212.47.217.16])" instead, which is not even in the same country as the criticaldance.com server.

The criticaldance.com server is protected from infiltration. Unfortunately, there are many others that are not.

<small>[ 24 August 2003, 05:42 PM: Message edited by: Azlan ]</small>


Top
 Profile E-mail  
 
 Post subject: Re: Virus alert
PostPosted: Sun Aug 24, 2003 5:12 pm 
Offline

Joined: Fri Oct 22, 1999 11:01 pm
Posts: 17498
Location: SF Bay Area
After some investigation, it looks the bulk of the viruses are coming from vemis.ee mail server (IP = 212.47.217.16). We are sending a message to the postmaster there. In the meantime, the criticaldance.com mail server will not accept any messages from vemis.ee or the IP 212.47.217.16.


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 25 posts ]  Go to page Previous  1, 2

All times are UTC - 7 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
The messages in this forum are posted by members of the general public and do not reflect the opinions or beliefs of CriticalDance or its staff.
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group