New Worm On The Loose

[micha]

... hm, any of you with infections run zonealarm or another firewall that would stealth your ports? As far as I understand the worm doesn't enter by mail but by a process similliar to portscans?

greetz, micha

[Firefox]

Quote:

---

Originally Posted by (E3 @ Aug 12 2003, 03:33 PM)
It apparently sets a reg key that turns off your windows update. You're right, it is a clever little bugger! I just took a look at my firewall logs and you wouldn't believe the hundreds (maybe thousands now!) of blocked attempts on port 135 from IP's everywhere. If you've got a firewall log you've got to read it to believe it (I love my ZoneAlarm Pro ).

All the best,
E3

---

Have you installed the Patch yet? I am curious if that is why your log is so full.  I am using ZA as well, but my logs are normal. 

[HotRod]

I didn't get this, Luckily, Even though I was patched I had tons of probes on 135 and 445 until about 8:30 last night.  Looks like Comcast is filtering those ports right now from what I have read at other places.  Kind of nice not having a log full of 135 & 445 probes.

[PcDad]

For anyone who hasn't done this yet (or can't)....The fix and the patch...

Near as I can tell, you should run the patch first, then the fix...

[mikeh420]

I ran the FixBlast on a friends PC that was hit, and 5 hours later it's still hasn't found anything. First time, I let it go for an hour with nothing. Don't they test these things before they release them?

P.S. Stinger from Mc Afee worked just fine, found a few other viruses too. The PC is back to normal.

[Sephiroth]

i didn't get this either, though my mom did, i just got back from fixing hers

if anybody else gets this and they have a problem with it shutting down so quick, when you get the shutdown message, quickly open a command prompt and type shutdown -a , that'll abort the shutdown and let you work

[E3]

Quote:

---

Originally Posted by (Phogphire @ Aug 13 2003, 08:27 AM)

Quote:

---

Originally Posted by (E3 @ Aug 12 2003, 03:33 PM)
It apparently sets a reg key that turns off your windows update. You're right, it is a clever little bugger! I just took a look at my firewall logs and you wouldn't believe the hundreds (maybe thousands now!) of blocked attempts on port 135 from IP's everywhere. If you've got a firewall log you've got to read it to believe it (I love my ZoneAlarm Pro ).

All the best,
E3

---

Have you installed the Patch yet? I am curious if that is why your log is so full.* I am using ZA as well, but my logs are normal.*

---

Yep... installed KB823980 about two days after it came out. ZAP has everything running in stealth per Shields Up at grc.com too. Just to give you some real numbers I looked at my latest logs... View is set to show last 500 entries, and that only spans about the last two hours now... With about 10 exceptions they're all attempts on 135/137. Most of the source's are IP's with the same first or second octet range as mine (Australia). Looks like lots of peeps down here neglected to update . Maybe that's why it's quieter up there 'North of the 45th Parallel' .

All the best,
E3

[BlackMantis]

Thanks for the fixblast pcdad... ran it on my cousin's computer and it worked like charm.. 

[darklord]

how does this virus work as soon as i logged on to isp trend found this virus on my pc being auto downloaded from ??

this happens everty time i log on

[DoG]

It's auto starting when you boot up. You need to check all your startup items and remove the altered ones. Try running the repair tool posted in this thread