22-08-2003, 10:57
|
#16
|
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Quote:
Originally posted by homealone
<snip>
- anyone had sobig.f yet?
|
I can proudly say I got it on Tuesday. The Missus opened a copy of it. Then went Oh poo I've been duped. Virus patterns updated that morning, still was not stopped.
Had to lock down zone alarm and track down the rogue program. Luckily it was not an essential ms file (like blast).
Put the file on a disk and then got restarted.
Its a powerful mailer. My 600k connection and AMD2400 managed to send about 150mails in the 2 minutes it was running.
Bit worried about this trojan thing. Is that killed off once the file is deleted and the registary updated?
I've run the Norton cleaner, and PCCillin says I'm clean, but when I start up I get some strange message still.
|
|
|
|
22-08-2003, 11:07
|
#17
|
|
Inactive
Join Date: Jun 2003
Location: NW UK
Posts: 3,546
|
Care to elaborate on the strange bootup messages? I may be able to help
|
|
|
|
|
22-08-2003, 11:39
|
#18
|
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Quote:
Originally posted by Lord Nikon
Care to elaborate on the strange bootup messages? I may be able to help
|
It looks like a PCCillin message once XP is open and the profile loaded.
A message box about 2in square - no title.
Foreign chars then w32.sobig.f.exe or something like that.
An OK box.
Press OK and it goes away.
Parts of PCCillin are also displaying in foreign chars at the mo also. I'm running the comp copy that came with my ASUS mobo. Properly registered and free updates for a year. Even with the POP2Trap it still missed it as I was an early adopter.
PCCillin and Norton say I don't have the virus, but as you can see I did a bit of a manual removal.
Dare I say I should close my internet connection, reinstall the virus and then remove it again?
Would give you a screen shot with the ox, but I am not on that PC.
|
|
|
|
|
22-08-2003, 11:48
|
#19
|
|
Inactive
Join Date: Jun 2003
Location: NW UK
Posts: 3,546
|
not a chance
Take a look in the registry though in the sections
HKey_Current_User/Software/Microsoft/Windows/Currentversion/Run
and any other Run keys in the registry, also search for w32.sobig.f.exe in the registry
assuming you are on Windows XP disable System Restore and then delete the contents of the c:\windows\prefetch folder too
|
|
|
|
|
22-08-2003, 11:52
|
#20
|
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Was nothing in the reigistarywhen I did the manual removal - will recheck tonight.
Where do you disable system restore. I've been fortunate enough not to need to use it so far so have not seen how restore / roll back works.
|
|
|
|
|
22-08-2003, 11:54
|
#21
|
|
Inactive
Join Date: Jun 2003
Location: NW UK
Posts: 3,546
|
Right click on My Computer, click on Properties then on the System Restore tab
The reason being that if the virus was there when the system created a restore point then the virus may have been backed up along with the system files 
|
|
|
|
|
22-08-2003, 12:06
|
#23
|
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
See Post 16. I've run that. It says I don't have the virus.
Which I don't I can see that there is no / limited traffic on my connection when I am not doing anything and its all inbound not outbound.
With Sobig running the red bar on ZA is maxed out permanently.
|
|
|
|
|
24-08-2003, 22:59
|
#24
|
|
Inactive
Join Date: Jun 2003
Posts: 22
|
Am I paying for ignorant userâ₠¬Ã¢â€žÂ¢s using up our bandwidth ?
Is NTL doing anything about it ?
Can I name and shame ignorant userâ₠¬Ã¢â€žÂ¢s ?
Originally posted on guess who
Sorry about this: but is the issue is being addressed.
I think NOT !
Fr4nk
|
|
|
|
|
25-08-2003, 00:27
|
#25
|
|
The Invisible Woman
Cable Forum Mod
Join Date: Jun 2003
Location: between Portsmouth and Southampton.
Age: 73
Services: VM XL TV,50 MB VM BB,VM landline, Tivo
Posts: 40,365
|
Quote:
Originally posted by Z4pp4
Am I paying for ignorant userâ₠¬Ã¢â€žÂ¢s using up our bandwidth ?
Is NTL doing anything about it ?
Can I name and shame ignorant userâ₠¬Ã¢â€žÂ¢s ?
Originally posted on guess who
Sorry about this: but is the issue is being addressed.
I think NOT !
Fr4nk
|
Apparently it is.It would seem at the other site there is a thread (Do Ntl Turn you off because of BLASTER ? )about how those NTL customers still infected by Blaster are being denied connection until they sort out their PC and remove it.
Incog. 
__________________
Hell is empty and all the devils are here. Shakespeare..
|
|
|
|
|
25-08-2003, 10:22
|
#26
|
|
Inactive
Join Date: Jun 2003
Location: Milling around Milton Keynes
Age: 48
Posts: 12,969
|
Hmm, NTL could do a network scan for the vulnerable PC's, then force them to be redirected to a page (like they do with autoreg) informing the customers that they are vulnerable and giving links/instructions on what to do about it
|
|
|
|
|
25-08-2003, 18:07
|
#27
|
|
The Invisible Woman
Cable Forum Mod
Join Date: Jun 2003
Location: between Portsmouth and Southampton.
Age: 73
Services: VM XL TV,50 MB VM BB,VM landline, Tivo
Posts: 40,365
|
Apparently that is what is happening.
Incog.
__________________
Hell is empty and all the devils are here. Shakespeare..
|
|
|
|
|
29-08-2003, 21:41
|
#28
|
|
Inactive
Join Date: Jun 2003
Posts: 22
|
Still getting hammered on port 135
see records on log1.zip & log2.zip
Fr4nk
|
|
|
|
|
29-08-2003, 21:42
|
#29
|
|
Inactive
Join Date: Jun 2003
Posts: 22
|
log2.zip
|
|
|
|
|
29-08-2003, 22:14
|
#30
|
|
Inactive
Join Date: Jun 2003
Location: Stoke-On-Heaven
Age: 39
Services: Freeview, 512k Pipex.
Posts: 1,758
|
Getting hammered here, Causing CI's (Connection inturuptions) in games (I presume).. One every 2-3 seconds or so.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 00:53.
|
Join CF
You are here: 
