PDA

View Full Version : the worm


anarion
16-08-2003, 16:22
even tho i patched my pc i have still had a visit from our friend 'the worm' any idea on where i can get something to kill it??? im running xp

darkangel
16-08-2003, 16:46
Originally posted by anarion
even tho i patched my pc i have still had a visit from our friend 'the worm' any idea on where i can get something to kill it??? im running xp you've either not patched it correctly or have an open port/no firewall

grum1978
16-08-2003, 16:51
Originally posted by anarion
even tho i patched my pc i have still had a visit from our friend 'the worm' any idea on where i can get something to kill it??? im running xp

taken from server status page
Updated 15/08/03 13:30]
ntlhome customers may currently be experiencing problems with their PC arising from a Windows vulnerability.
This looks to be related to a new internet virus/worm discovered today.

For detailed info and ways to restore service please see the following links. Alternatively, visit the ntl digital television channels 9 (ex C&W) or 120 (ntl) for a detailed walkthrough.

The following link will direct you to a Microsoft page with instructions on how to install a patch which will restore service :-

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp




Windows XP users may also want to enable the inbuilt firewall option. Please follow these steps to enable the XP Internet Connection Firewall:


Click Start
Click Control Panel
If the heading "Pick a Category" appears, then choose the "Switch to classic view" option on the left-hand-side
Next double-click Network Connections - this should give you a list of all network and internet connections on your computer, one of which will be your cable modem connection.
Click the right-mouse-button on the connection used for your cable modem, and choose Properties
Select the Advanced tab
Select the option to "protect my computer and network"
Click OK

If you have any Operating System other than Windows XP, and you have a separate firewall installed, please ensure it is enabled.

Please be aware that this is only a workaround to allow you to get online. Once you have an internet connection, we strongly advise all customers to update their computer with the latest security patches and updates from Microsoft. These can be found at windowsupdate.microsoft.com
Also bear in mind that the microsoft update does not remove the current infection from your system, it just prevents further similar intrusion.
Security specialists Symantec have released a tool which will remove the current infection from your computer.
To download this tool, go to www.symantec.com and go to the security response section. Then click the W32.Blaster.Worm link in the latest virus threats section. This page offers more information regarding the worm, and a downloadable tool to remove it. Please note ntl do not supply, endorse or support the use of this tool, and so its use is at the customer's own risk.

Further instructions regarding the XP firewall are available from Microsoft here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q283673
In order to prevent your machine from repeatedly rebooting and you are running the Windows 2000 operating system, please carry out the following:

How to Configure TCP/IP Security

To configure TCP/IP security:

Click Start, point to Settings, click Control Panel, and then double-click Network and Dial-up Connections.

Right-click the interface on which you want to configure inbound access control, and then click Properties.
In the Components checked are used by this connection box, click Internet Protocol (TCP/IP), and then click Properties.
In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced. Click the Options tab.
Click TCP/IP filtering, and then click Properties.
Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do not apply to all adapters.
There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:

Permit All. If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
Permit Only. If you want to allow only selected TCP or UDP traffic, click Permit Only, click Add, and then type the appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only, but do not add any port numbers in the UDP Ports or TCP Port column. You cannot block UDP or TCP traffic by selecting Permit Only for IP Protocols and excluding IP protocols 6 and 17.
For more information please use the following link:
http://support.microsoft.com/?id=309798

If you follow that advice it should be ok or if you have a look at this thread...

http://www.nthellworld.co.uk/forum/showthread.php?s=&threadid=1826&perpage=15&pagenumber=1

anarion
16-08-2003, 16:59
the virus says its called
'keylogger.trojan' and W32.Sobig.E@mm' have no clue if these are same but am going to symantec.com to get removal tool

darkangel
16-08-2003, 17:02
Originally posted by anarion
the virus says its called
'keylogger.trojan' and W32.Sobig.E@mm' have no clue if these are same but am going to symantec.com to get removal tool do u have a virus scanner?

anarion
16-08-2003, 17:08
i have norton antivirus 2003 p.e and norton personal firewall up and running atm

anarion
16-08-2003, 17:10
and i just ran the W32.balster.worm removal tool from symantec and it says its not on my pc....so what is this virus????

darkangel
16-08-2003, 17:15
Originally posted by anarion
and i just ran the W32.balster.worm removal tool from symantec and it says its not on my pc....so what is this virus???? then either your scanner doesn't have the latest definition files or has been damged/compromised.
the worm is here http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html

anarion
16-08-2003, 18:48
thanks darkangel it turns out i had two seperate viruses that had sat on my pc hiding since before the new virus software and firewall were put on and only just surfaced. i got the first one with your help and the second was killed with help from a friend.

thanks for the response