You should have an anti-virus on the boxen anyway.

Congradulations.

You have a varient of the BLASTER_WORM virus

he
yeah thats what I thought
what is the best way to get rid of it
I figured run an anti virus after I get one or what about getting the windows updates which i haven't done in a while
i downloaded and ran the symantec file that is supposed to seac for and destroy the blaster worm virus and that said that it wasn't on my drive but i'll try some other stuff
thanks

1) You should always update windows. I think it's one a month that they come out now. I know it used to be every tuesday that they did it. But, you should search atleast once a week and just make sure there are no critical patches.

2) Have a Virus Scanner on your computer and keep it up to date. If you don't have if search for automatic updates then you need to manually do it once a week.

3) Disable unneeded features on Internet Explorer and your Email, disable Active X Scripting ect...

4) Don't accept direct connections on AIM unless you are ABSOLUTELY sure these people are who they are purporting themselves to be.

5) Use some common sense, and take steps to protect yourself.
Don't open email from people you don't know, and definitely don't download items in email unless you know exactly what they are. This means, just because your friend sends you a program and say's it's a really funny gag, don't run it. For all you know, your friends system may be compromised and they are inadvertenly sending malicious programs via email to everyone in their address book.

6) If you are using a Broad Band Connection think about having a software or hardware firewall (or both). You could get one if you are on dial up, but I wouldn't be as worried about it, as if you are constantly connected to the internet.

7) If other people use the same computer as you, go over these steps with them as well.

Those of you looking for a quick and easy way to test for vulnerability/permanently disable (or reenable for some god forsaken reason, like you want to use OPC or something) the DCOM RPC service might want to check out http://www.grc.com/dcom/

There are currently four known vulnerabilities in the RPC DCOM service, the first of which was exploited by Blaster/Welchia/Nachi, the second being a similar vulnerability to the first, the third being a race condition that provides a system level exploit on Windows 2000 systems only, and the fourth being a DoS only...

alright this is really ticking me off
ok so if i disable this dcom thing it should stop it right?

Disabling DCOM will prevent the service from crashing and close a point of entry for existing and future worms. However, you will still need to determine precisely which virus/worm you have, and if it is one of the DCOM worms, you will need to download an appropriate program to remove it.

For MSBlast:
http://www.symantec.com/avcenter/FixBlast.exe

For Welchia/Nachi:
http://www.symantec.com/avcenter/FixWelch.exe

ok, so I ran the symantec one and now i should run the other one
but the thing is, I disabled dcom and i still restarted on me or will that only prevent further bugs

Listen. Listen carefully.

- PATCH YOUR MACHINE. Go to Windows Update, install the appropriate patches and hotfixes.

- RUN ANTIVIRUS. Not just now (though you should, to disinfect this and anything else that may be infesting your machine), but PERMANENTLY.

- KEEP BOTH OF THEM UP-TO-DATE. Take time from your busy AIM and LAN gaming schedule to spend five minutes a week checking for updates. Better yet, schedule them to take place automatically.

There is no excuse for any machine to still be receiving Blaster, Nimda, Code Red, DCOM, Nachi, or other infections at this stage - well, laziness perhaps, but that's more of an explanation than an excuse.

alright, thanks guys for all your help

oh, i might want to add just in case this matters, it only happens when im logged on to the internet and when i go to sites like yahoo and sometimes microsoft.


oh, and one more thing, i searched google and found out that i could get the error screen so i did that and this is what i get


A problem has been .....
DRIVER_IRQL_NO_LESS_OR_EQUAL
If this.....
Technical Information:
***SDP:0x0000000D1 (0x00000008, 0x0000000, 0xf75b4d65)
***NDIS 5, Address F25B4D65 at F751300, Date stamp 3b7dc561
Begin dump of .....
ok this is approx since i scratched it down and my handwriting ain't the greatest
does anyone konw what it means?

Re: possible virus?

wow that sucks man

Re: possible virus?

No warning because it is Thanksgiving, but do you realize you just replied to a post that is about 6 years old?

(The last time avsniperman was active was 12-15-2003 09:48 AM, he's not even likely around to read your reply.)

Thread closed.

Re: possible virus?

Wow, a reply to a 6 year old thread. Are you kidding me?

You're on notice, pal.

Re: possible virus?

FWIW, he's been put on notice once before. Well, not on notice per se, because I didn't spell it out. Let's put it this way: He's been admonished about the Rules previously.

https://forum.defcon.org/showthread.php?t=10915