my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » New worm going around -W32.Blaster.Worm (Page 1)

This topic comprises 2 pages: 1  2

Author Topic: New worm going around -W32.Blaster.Worm Michael Gonzalez Jedi Master Film Handler Posts: 790 From: Grand Island , NE USA Registered: Sep 2000 posted 08-12-2003 01:11 PM                     I hear that this worm had really been making the rounds lately despite the fact that a security patch has been available from Microsoft for over a month. I have my computer set up for automatic updates so I don't seem to have a problem with these but if you caught the worm, here is how you can remove it: Norton has removal tool here http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html Microsoft has a patch here (1-866-PC-Saftey) http://www.microsoft.com/security/security_bulletins/ms03-026.asp Systems affected The following operating systems are affected by this vulnerability: • Windows NT 4.0 Workstation • Windows NT 4.0 Server • Windows 2000 Professional • Windows 2000 Server • Windows 2000 Advance Server • Windows XP Home • Windows XP Professional This security threat affects Windows 2000, NT, and XP and has recently been the subject of a security bulletin released by Microsoft. It is a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface which allows an attacker to gain full access and execute any code on a target machine, leaving it compromised. Solution: Customers should install the security patch immediately and consider installing a firewall Customers with a firewall installed or who are running Operating Systems other than those listed above may see increased Internet traffic but will not be otherwise affected ADVANCED USERS: You can temporarily get around the issue by doing the following: 1.Go to administrative tools>services 2.Double click remote procedure call 3.Under the recovery tab, set all failure reactions to "Take No Action" and set "Reset failure count after" to zero [0] days. Port numbers affected you can block are tcp port 4444 tcp 135 udp 69  |  IP: Logged Adam Martin I'm not even gonna point out the irony. Posts: 3686 From: Dallas, TX Registered: Nov 2000 posted 08-12-2003 04:34 PM                     I found out about this one this past weekend when I took my desktop home from work and used it on dialup without a firewall. Switching the RPC termination to "no action" and turning on XP's dialup firewall as stated above remedied the problem until I could download the patch.  |  IP: Logged Matthew Bailey Master Film Handler Posts: 461 From: Port Arthur,TX Registered: Sep 2000 posted 08-12-2003 05:57 PM                     Once I tried to load the MS update & I had to use ctrl+alt+delete to inerrupt it because it either stalled or hung during downloading.  |  IP: Logged Ken Layton Phenomenal Film Handler Posts: 1452 From: Olympia, Wash. USA Registered: Sep 1999 posted 08-12-2003 06:04 PM                     So, Windows 98 is not affected? That's what I have.  |  IP: Logged Richard Thomas Film Handler Posts: 11 From: Trinidad, CO Registered: Aug 2003 posted 08-12-2003 06:05 PM                     This is a bad deal. I have a firewall (Zone Alarm) and it is catching and blocking over 100 probes per hour just sitting there connected to the internet. If you have a open port and this thing finds it, you are likely to get infected. It is not like a worm that comes in an email requiring clicking; this baby just gets you if you are connected and things are just right. Nasty deal.  |  IP: Logged Tim Reed Better Projection Pays Posts: 5246 From: Northampton, PA Registered: Sep 1999 posted 08-12-2003 07:27 PM                       Welcome, Richard!  |  IP: Logged John Walsh Film God Posts: 2490 From: Connecticut, USA, Earth, Milky Way Registered: Oct 1999 posted 08-12-2003 07:30 PM                     I'm behind a Sonicwall firewall router/NAT, then ZoneAlarm. I wouldn't say I'm bulletproof, but doin' OK....  |  IP: Logged Joe Redifer You need a beating today Posts: 12859 From: Denver, Colorado Registered: May 99 posted 08-12-2003 07:30 PM                        To find out if you have this worm, you must go to the TASK MANAGER and see if something called "msblast." is running. If so, you have the worm. Why don't I have the worm? I can never get this stuff and my ports are all wide open! Is this the worm that gives Microsoft hell by attacking their website somehow? Also, Michael... the link to Microsoft above does not go straight to the patch. You have to click around everywhere and suddenly you are engulfed in many many different critical updates. Which one is it? Boy, Windows sure seems to have a lot of security updates quite frequently. Every single update to their OS is to resolve a vunerability in security. Why does Microsoft program such crappy OS's with no beta testing, no debugging, and whatnot? Mac OS is BETTER than Windows OS. Period.  |  IP: Logged Adam Martin I'm not even gonna point out the irony. Posts: 3686 From: Dallas, TX Registered: Nov 2000 posted 08-12-2003 08:08 PM                     This one apparently affects NT/2000/XP/2003 OS's. The patch will not apply properly if the worm is present on your system. Download the removal tool from the Symantec link above and it will scan your system, remove the affected files, and ask you if you want to go to the Microsoft page and download the patch.  |  IP: Logged Mitchell Cope Master Film Handler Posts: 256 From: Overland Park, KS, United States Registered: Jun 99 posted 08-12-2003 08:26 PM                     According to McAfee, quote: This worm spreads by exploiting a recent vulnerability in Microsoft Windows. The worm scans random ranges of IP addresses on TCP port 135. Discovered systems are targeted. Exploit code is sent to those systems, instructing them to download and execute the file MSBLAST.EXE from a remote system via TFTP. If I'm interpreting this correctly, Microsoft may have recently added this vulnerability. Indications of Infection: * Presence of unusual TFTP files * Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory * Error messages about the RPC service failing (causes system to reboot)  |  IP: Logged Paul G. Thompson The Weenie Man Posts: 4718 From: Mount Vernon WA USA Registered: Nov 2000 posted 08-12-2003 10:36 PM                     Now you know why I get so darned angry with the computers on DSL at the radio station. We have a simple peer-to-peer network and the computers are wide open for the probes that are inward bound. When a window pops up saying basically someone is trying to bust into the machine, the guys running the computers don't know what to do so they say "let it." To add insult to injury, they don't raise the firewall to block all traffic when they are done. They are idiots!!!!  |  IP: Logged Chris Hipp Phenomenal Film Handler Posts: 1462 From: Mesquite, Tx (east of Dallas) Registered: Jul 2003 posted 08-13-2003 02:29 AM                     I got this worm yesterday I think, or at least I Started seeing symptoms of it. What would happen is about 10 minutes of being online I would get an error saying SVC Host synce error or somethign and then I couldnt load Java on any websites. I installed the patch and it fixed it, I run win2000  |  IP: Logged Adam Fraser Master Film Handler Posts: 499 From: Houghton Lake, MI, USA Registered: Dec 2001 posted 08-13-2003 11:18 AM                        I have a friend who is a computer tech and I visited him yesterday at his store. He was in the process of fixing 3 or 4 at the same time and had fixed 15-20 by 3 PM. They are loving it, kind of makes me wonder if computer repair people make up these worms so they can charge $50-100 each to fix them.  |  IP: Logged Richard Thomas Film Handler Posts: 11 From: Trinidad, CO Registered: Aug 2003 posted 08-13-2003 01:37 PM                     Thanks for the kind welcome Tim! It is great to be here.  |  IP: Logged Jack Ondracek Film God Posts: 2348 From: Port Orchard, WA, USA Registered: Oct 2002 posted 08-13-2003 04:49 PM                        Paul, don't you have some kind of router with a firewall after your DSL modem? You sure seem to get hit hard, & I'm wondering why your system has to be so open?????  |  IP: Logged

All times are Central (GMT -6:00)

This topic comprises 2 pages: 1  2

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.