I just had a worm on my computer and it drove me mad, it took me about 1 hour to get it deleted. And that aint fun when the weather is this hot, if something annoys me i have to get it done.

So i'm just posting this around forums i use so i can prevent this from happening to anyone else.

 

 

 

The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP.

 

heres the news:

http://reuters.com/newsArticle.jhtml?type=technologyNews&storyID=3259106

 

and heres the cure:

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

 

some of you may also have msblast.exe in your system32 dir. the patch wont remove this. But to remove it, do this...

 

1) Click Start, and then click Run. (The Run dialog box appears.)

Type regedit

 

2) Then click OK. (The Registry Editor opens.)

 

 

3) Navigate to the key:

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

 

 

4) In the right pane, delete the value:

 

"windows auto update"="msblast.exe"

 

 

5) Exit the Registry Editor.

 

 

hope this helps some of you.

Don't some "viruses" work by getting you to manually delate important files yourself, thus screwing up your pc? ;)

They do - the jdbgmgr.exe hoax, for one..

 

This one isn't a hoax, though..

 

See;

 

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

 

or for straight-from-the-horses-mouth information from CERT;

 

http://www.cert.org/advisories/CA-2003-20.html

Oh Shit! It infected my home PC last night!!! Even though I had the latest VirusScan update from McAfee!!!

 

My PC brings up a 'System' error to do with RPC and automatically shuts down my PC after about 5 minutes! There is no way that I will be able to download that patch from the microsoft site in that time as I am on a dial-up at home. There is no way to stop the re-start as the 'X' is greyed out.

 

Any ideas how to fix? I am on XP Pro by the way.

 

Cheers!

My other half works for Vodafone and they had a virus/worm that took down the whole of there head office 10,000 people at 10am this morning and there systems are all still down:( I wonder if it's the same one :confused:

A colleague got this at work today, thanks to bverplak it is sorted :D

 

Here is the error/warning message you get:

 

Pete

Originally posted by x-biker

 

Any ideas how to fix? I am on XP Pro by the way.

 

 

 

 

 

 

 

 

i believe the patch is about 1.2 MB, download it somewhere else and put it onto a floppy. Then copy it to your HD and install it.

Originally posted by pete shrimp

A colleague got this at work today, thanks to bverplak it is sorted :D

 

Here is the error/warning message you get:

 

Pete

 

 

Yup, thats the evil ba5tard!!!

 

Thanks for the tip bverplak! I'll do that now and install it when I get home. CHEERS!

Originally posted by pete shrimp

A colleague got this at work today, thanks to bverplak it is sorted :D

 

Here is the error/warning message you get:

 

Pete

Have a look at the word directly above the message box. What's your "colleague" been up to? :D

LOL A few "home-movie" stills for me ;) - I wondered if anyone would notice!!

 

Nah, nothing that exciting - a request for a wallpaper steamer thingy, boooring!

to stop reboot...

 

Windows XP

Right click My Computer

Select MANAGE

Click on the plus sign next to Services and Application to expand this list

Highlight SERVICES and you see a list of double cog icons.

These are in alphabetical order and you are looking for

Remote Procedure Call (RPC)

Once located in the list double click

Select the RECOVERY TAB

 

Drop down the RESTART THE COMPUTER and select RESTART THE SERVICE on all three options then click the APPLY button at the bottom.

 

This should stop the workstation rebooting

 

might be better off downloading the patch rather than running windows update.

 

Oh look I did it already. :)

 

2000 http://www.swan.ac.uk/lis/network/Windows2000-KB823980-x86-ENU.exe

 

XP http://www.swan.ac.uk/lis/network/WindowsXP-KB823980-x86-ENU.exe

Mutha Funster!!!!! I wondered why my PC kept shutting down this morning!!!

Cheers for the fix guys!!! I was in great fear of missing an all night Battlefield sesh on Wednesday night!!

Um, how do I know if I've got 32-bit or 64-bit Windows XP?

(I'm running XP-Pro)

 

Sorry, but I'm a bit of a techno-knob'ead :D

Unless you happen to own a high-end server, or a pre-release AMD chip.. it's 32 bit.. :D

Ahhhhh thanks ;)

wow i was got by this last night too, eventually got a patch installed stopping this windows xp vulnerability and luckily been ok since.

i got this as well. Fortunatley my bro's sh1te hot at computers and he told me to stop the PC from shuting down go to the regedit, local machine, microsoft, ole and then on the ENABLE DCOM modify to N instead of Y. The problems still there but it doesn't restart, enabling you to download the patch. Remember to turn it back to Y once finished tho or you'll never know if it comes back.

 

Also a decent firewall will stop this. He directed me to:

 

http://download.com.com/3120-20-0.html?qt=firewall&tg=dl-2001