Announcement

Collapse
No announcement yet.

possible virus?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • possible virus?

    Recently my box has restarted on me for no apparent reason. Usually all I am running is AIM and IE6. Has anyone heard of a virus that might be causing this. I've run adaware and spybot. Should I get something like Norton Systemworks or an anti-virus of some sort to try to find it on my box. Thanks for your help.

  • #2
    Originally posted by avsniperman
    Recently my box has restarted on me for no apparent reason. Usually all I am running is AIM and IE6. Has anyone heard of a virus that might be causing this. I've run adaware and spybot. Should I get something like Norton Systemworks or an anti-virus of some sort to try to find it on my box. Thanks for your help.

    You should have an anti-virus on the boxen anyway.

    Comment


    • #3
      Originally posted by avsniperman
      Recently my box has restarted on me for no apparent reason. Usually all I am running is AIM and IE6. Has anyone heard of a virus that might be causing this. I've run adaware and spybot. Should I get something like Norton Systemworks or an anti-virus of some sort to try to find it on my box. Thanks for your help.

      Congradulations.

      You have a varient of the BLASTER_WORM virus
      --Shatter

      "People demand freedom of speech to make up for the freedom of thought which they avoid."
      - Soren Aabye Kierkegaard (1813-1855)

      Comment


      • #4
        he
        yeah thats what I thought
        what is the best way to get rid of it
        I figured run an anti virus after I get one or what about getting the windows updates which i haven't done in a while
        i downloaded and ran the symantec file that is supposed to seac for and destroy the blaster worm virus and that said that it wasn't on my drive but i'll try some other stuff
        thanks

        Comment


        • #5
          Originally posted by avsniperman
          he
          yeah thats what I thought
          what is the best way to get rid of it
          I figured run an anti virus after I get one or what about getting the windows updates which i haven't done in a while
          i downloaded and ran the symantec file that is supposed to seac for and destroy the blaster worm virus and that said that it wasn't on my drive but i'll try some other stuff
          thanks

          1) You should always update windows. I think it's one a month that they come out now. I know it used to be every tuesday that they did it. But, you should search atleast once a week and just make sure there are no critical patches.

          2) Have a Virus Scanner on your computer and keep it up to date. If you don't have if search for automatic updates then you need to manually do it once a week.

          3) Disable unneeded features on Internet Explorer and your Email, disable Active X Scripting ect...

          4) Don't accept direct connections on AIM unless you are ABSOLUTELY sure these people are who they are purporting themselves to be.

          5) Use some common sense, and take steps to protect yourself.
          Don't open email from people you don't know, and definitely don't download items in email unless you know exactly what they are. This means, just because your friend sends you a program and say's it's a really funny gag, don't run it. For all you know, your friends system may be compromised and they are inadvertenly sending malicious programs via email to everyone in their address book.

          6) If you are using a Broad Band Connection think about having a software or hardware firewall (or both). You could get one if you are on dial up, but I wouldn't be as worried about it, as if you are constantly connected to the internet.

          7) If other people use the same computer as you, go over these steps with them as well.

          Comment


          • #6
            Those of you looking for a quick and easy way to test for vulnerability/permanently disable (or reenable for some god forsaken reason, like you want to use OPC or something) the DCOM RPC service might want to check out http://www.grc.com/dcom/

            There are currently four known vulnerabilities in the RPC DCOM service, the first of which was exploited by Blaster/Welchia/Nachi, the second being a similar vulnerability to the first, the third being a race condition that provides a system level exploit on Windows 2000 systems only, and the fourth being a DoS only...
            45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
            45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
            [ redacted ]

            Comment


            • #7
              alright this is really ticking me off
              ok so if i disable this dcom thing it should stop it right?

              Comment


              • #8
                Originally posted by avsniperman
                ok so if i disable this dcom thing it should stop it right?
                Disabling DCOM will prevent the service from crashing and close a point of entry for existing and future worms. However, you will still need to determine precisely which virus/worm you have, and if it is one of the DCOM worms, you will need to download an appropriate program to remove it.

                For MSBlast:
                http://www.symantec.com/avcenter/FixBlast.exe

                For Welchia/Nachi:
                http://www.symantec.com/avcenter/FixWelch.exe
                45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
                45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
                [ redacted ]

                Comment


                • #9
                  ok, so I ran the symantec one and now i should run the other one
                  but the thing is, I disabled dcom and i still restarted on me or will that only prevent further bugs

                  Comment


                  • #10
                    Originally posted by avsniperman
                    ok, so I ran the symantec one and now i should run the other one
                    but the thing is, I disabled dcom and i still restarted on me or will that only prevent further bugs
                    Listen. Listen carefully.

                    - PATCH YOUR MACHINE. Go to Windows Update, install the appropriate patches and hotfixes.

                    - RUN ANTIVIRUS. Not just now (though you should, to disinfect this and anything else that may be infesting your machine), but PERMANENTLY.

                    - KEEP BOTH OF THEM UP-TO-DATE. Take time from your busy AIM and LAN gaming schedule to spend five minutes a week checking for updates. Better yet, schedule them to take place automatically.

                    There is no excuse for any machine to still be receiving Blaster, Nimda, Code Red, DCOM, Nachi, or other infections at this stage - well, laziness perhaps, but that's more of an explanation than an excuse.

                    Comment


                    • #11
                      alright, thanks guys for all your help

                      oh, i might want to add just in case this matters, it only happens when im logged on to the internet and when i go to sites like yahoo and sometimes microsoft.


                      oh, and one more thing, i searched google and found out that i could get the error screen so i did that and this is what i get


                      A problem has been .....
                      DRIVER_IRQL_NO_LESS_OR_EQUAL
                      If this.....
                      Technical Information:
                      ***SDP:0x0000000D1 (0x00000008, 0x0000000, 0xf75b4d65)
                      ***NDIS 5, Address F25B4D65 at F751300, Date stamp 3b7dc561
                      Begin dump of .....
                      ok this is approx since i scratched it down and my handwriting ain't the greatest
                      does anyone konw what it means?
                      Last edited by avsniperman; December 1, 2003, 18:49.

                      Comment


                      • #12
                        Re: possible virus?

                        wow that sucks man

                        Comment


                        • #13
                          Re: possible virus?

                          Originally posted by h@ck@dy View Post
                          wow that sucks man
                          No warning because it is Thanksgiving, but do you realize you just replied to a post that is about 6 years old?

                          (The last time avsniperman was active was 12-15-2003 09:48 AM, he's not even likely around to read your reply.)

                          Thread closed.

                          Comment


                          • #14
                            Re: possible virus?

                            Wow, a reply to a 6 year old thread. Are you kidding me?

                            You're on notice, pal.

                            I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                            Comment


                            • #15
                              Re: possible virus?

                              FWIW, he's been put on notice once before. Well, not on notice per se, because I didn't spell it out. Let's put it this way: He's been admonished about the Rules previously.

                              https://forum.defcon.org/showthread.php?t=10915
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment

                              Working...
                              X