08-12-2003, 02:52 PM
|
#1
|
Co-Founder
Join Date: Jul 2002
Server: Xegony
Posts: 2,145
|
Nasty Virus on the Loose!
W32.Blaster.Worm is a nasty little virus that is attacking systems all over the country. The effected OS's seem to be Windows XP, NT, 2000, 2003 Server. The only un-affected OS at the moment is Windows ME. If your using XP or any other NT platformed Windows OS Read below. (please note EQInterface.com/EQGui.com and our files do not have this virus, we are sharing info to help stop the virus)
You can read Symantec's write up on the Virus including symtoms and removal here. If you know you have picked up this virus they have released a worm removal tool you can download here
Microsoft has updated thier window's patcher to fix the hole that this virus is coming in through. To download the stand-alone patch to fix this you can go to Microsoft's site here. Please read the whole page, you will find specific information about how to apply the patch and links to the patch files.
As I said, this is a nasty little bug. To be clear the virus is not hiding in any of our files. We are sharing this with you out of concern, as always our files are checked for virus regularly.
And a special thanks to Fazzelan, Scottpero, and Kuthbert from my Guild Stone for the information and links they provided. The were quick to find all the info needed to prevent/cure/fix this virus.
- Kudane
Last edited by Kudane : 08-12-2003 at 03:03 PM.
|
|
|
08-12-2003, 09:59 PM
|
#2
|
___
Join Date: Oct 2002
Server: None
Posts: 285
|
posted that earlier here
|
|
|
08-12-2003, 11:14 PM
|
#3
|
Lord Dolby of Veeshan
Join Date: Jul 2002
Server: Veeshan
Posts: 2,397
|
Re: posted that earlier here
Thanks tinkfu. I think Kudane just wanted something on the front page so more people would see it.
|
|
|
08-12-2003, 11:46 PM
|
#4
|
Bad Ass Kitty
Join Date: Aug 2002
Server: if you know me you know =P
Posts: 695
|
k what i want to know is where did you guys pick this virus up from?? did you get it from EQ or a webpage some where??
|
|
|
08-13-2003, 12:05 AM
|
#5
|
___
Join Date: Oct 2002
Server: None
Posts: 285
|
I know that dolby, just wanted to give another source :-)
it came from the evil gnomes, you know the Dark Reflection...
|
|
|
08-13-2003, 01:44 AM
|
#6
|
Lord Dolby of Veeshan
Join Date: Jul 2002
Server: Veeshan
Posts: 2,397
|
Quote:
Originally posted by kenney
k what i want to know is where did you guys pick this virus up from?? did you get it from EQ or a webpage some where??
|
I didn’t get a virus. Kudane didn’t get a virus. Eqinterface/Eqgui didn’t get the virus. Kudane just wanted to share information on a large scale worm that’s floating around incase you didnt hear about it on TV or the million other computer news sites. Like he said in his news posts none of our files are infected because the worm doesn’t get contracted through zipfiles.
|
|
|
08-13-2003, 02:11 AM
|
#7
|
A Wooly Rhino
Join Date: Aug 2002
Server: Erollisi Marr
Posts: 74
|
I got this from some kazaa downloads, but i've gone through norton's information and got it cleared up.. and patched XP.
man, what a pain that was
|
|
|
08-13-2003, 02:52 AM
|
#8
|
___
Join Date: Oct 2002
Server: None
Posts: 285
|
seems only people running P2P and messengers have been getting the virus from all the people I have talked to around here..
EQinterface/EQGUI are clean sites... Aside from the FU infection, but no anti-virus can clean that off /evillaugh
|
|
|
08-13-2003, 05:17 PM
|
#9
|
Co-Founder
Join Date: Jul 2002
Server: Xegony
Posts: 2,145
|
Re: posted that earlier here
Sorry Tink, I didnt see your post when I was gathering the information. I saw it later when someone replied to it..
/bow
And Kenney I even said in the post
Quote:
(please note EQInterface.com/EQGui.com and our files do not have this virus, we are sharing info to help stop the virus)
|
I just want to see this virus stopped..
And Tink, I know several people who have gotten it, one while his mule was in EQ (no SOE doesnt have the virus, EQ Just opens the port).. sooo if your doing something that opens the ports it uses, and you have not run the patch.. you could get it.
__________________
.: Have a question? Read this :.
|
|
|
08-13-2003, 05:22 PM
|
#10
|
Bad Ass Kitty
Join Date: Aug 2002
Server: if you know me you know =P
Posts: 695
|
ohh i didnt mean this site had it, was just wondering where this was picked up from ?? I know i had one way back when and i can tell where i got it from..was it tho email or chat sites those kinda things..
|
|
|
08-13-2003, 07:23 PM
|
#11
|
A Treant
Join Date: Oct 2002
Server: veeshan
Posts: 21
|
Ms-blast Worm?
I've run several checks and i just recently got an email from zone alarm stating this is a wide spread problem. It also said that this worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site. Now im no computer buff but it sounds like it puts a stop to letting you go to windows update. Which is what im having a problem with. If i don't have the worm then i should be able to get to the site. I have updated my pc with the latest security updates but am i te only one having this problem?
__________________
Elekros Delekros
56 Necromancer
Veeshan
|
|
|
08-13-2003, 07:46 PM
|
#12
|
A Treant
Join Date: May 2003
Server: E'Ci
Posts: 29
|
What the worm does is cause a shutdown after you're online for a while.
Shouldn't cause you to have problems with window's update.
__________________
Baron Vishuz Angrypants
65 Deciever of Crimson Legacy
E'Ci
|
|
|
08-13-2003, 07:59 PM
|
#13
|
A Treant
Join Date: Oct 2002
Server: veeshan
Posts: 21
|
MS-BLAST WORM, First documented exploit of the July 16, 2003 Microsoft Windows RPC vulnerability
Risk: High. All unprotected Internet-connected PCs with vulnerable versions of the Windows operating system could be affected.
Vulnerability: The MS-Blast worm exploits a vulnerability of the RPC (Remote Procedure Call) process built into Windows. The RPC process facilitates sharing resources like files and printers over a network. The MS-Blast worm scans the local network for PCs that have UDP port 135 open. If the worm finds such a target, it exploits the RPC vulnerability and infects the PC with a copy of itself. Once on a PC, the worm attempts to spread further and interfere with normal OS operation. The worm also attempts to use infected computers in a distributed denial-of-service attack against Microsoft's Windows Update site.
Harm: Loss of user productivity, IT/Helpdesk calls and intervention required, and potential business continuity issues. Infected machines may experience performance problems and users may not be able to use their Internet connections. Network bandwidth usage could affect Quality of Service (QOS) and disrupt operation of critical business and network services.
Thats the exact email i got from zone labs about this worm.
TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
This worm has been observed to continuously scan random IP addresses and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against windowsupdate.com:
On the 16th to the 31st day of the following months:
January
February
March
April
May
June
July
August
Any day in the months of September to December.
This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.
This is what i've leard at the trend website too.
Both state that this worm could cause you not to be able to run windows update. Hence you will not be able to get this fixxed.
|
|
|
08-13-2003, 08:08 PM
|
#14
|
Manaetic Prototype IX
Join Date: Aug 2002
Server: Bristlebane, The Nameless, Xegony, Veeshan, Firiona Vie, Vallon Zek, and Venril Sathir
Posts: 764
|
Well much like the War of the Worlds announcement, mass hysteria was created and everyone is running to MS site to get the patch... so getting there now is like pouring molasses in the dead of winter. So don't expect the site to load quickly any time soon, so if you can get on, great otherwise you might as well keep trying for a bit due to the flood of people there trying to download the patch.
__________________
Zantaklawz
Proud to be an at EQ Roleplayers! Join us and spread the word!
Come and sit for a while and listen to the Tales of Zantaklawz! Tell one! Tell all!
|
|
|
08-13-2003, 08:54 PM
|
#15
|
A Weathered Clockwork
Join Date: Aug 2002
Server: Tholuxe Paells
Posts: 341
|
Quote:
This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.
|
Any chance it can get into a Windows 98SE system? I know next to nothing about virus's, worms, or any of that. I don't know if I've got it or not. My PC hasn't shut down by itself but earlier I did get a strange "Not enough memory to use this program" error, and all I was running was Avant Browser(an IE add-on pretty much). The error seems to have gone but it was pretty strange. I've got 256mb ram, but I'll be getting another 256 soon. (Would get a 512mb stick but I was told by a friend that windows 98 has a problem sometimes with having more than 512mb ram or something. Will have to upgrade to xp then I guess.)
I was looking stuff up about the virus earlier after the memory problem and it said to look for a file call Msblaster.exe or something so I did but nothing came up. Think I'm safe?
__________________
They have taken the bridge and the second hall.. We have barred the gates but cannot hold them for long. The ground shakes, drums... drums in the deep. We cannot get out. A shadow lurks in the dark. We can not get out... they are coming......
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|