N
NDM111
I am getting a rpc message about 10 mins. after I am
online, and it knocks me off. whats up with that?
online, and it knocks me off. whats up with that?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
M
Mcploppy ©
NDM111 bashed at the keyboard and said :
*FROM A PREVIOUS POST*
You have the MSBlaster worm. To remove it, do the following:
The following instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back
Before starting make sure you have a firewall active see step 3a:
1. Stop it from running
Press Ctrl-Alt-Delete to bring up the Task Manager, then on theProcesses
tab, click msblast.exe and then "End process."
Reply "Yes" to the warning message that comes up.
This stops the worm from running, so your system will not shutdown. However,
it doesn't remove it, and if that's all you do, it will start up again the
next time you boot.
***
2. Remove it from your system
a. Download a removal tool from a link below.
But if that's all you do, you can get reinfected just as you did the first
time.
***
3. Make sure it doesn't come back
a.MAKE sure you're running a Firewall that prevents worms like this from
getting in. You can enable the built-in Windows XP firewall, or(preferred)
download and install another one such as the free version of ZoneAlarm. To
enable the built- in firewall, go to Control Panel, double-click Networking
and Internet Connections, then click Network Connections. Right-click your
connection, then click Properties, and on the Advanced tab, click the option
"Protect my computer and network...".
Note: the built in firewall only monitors incoming traffic not outgoing(ie
spyware, trojans, etc.. you may have on your system).
b.If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
That will remove the vulnerability that the worm exploits.
c.MAKE sure you are running an Anti-Virus program, and that you regularly
download the latest updated virus definitions.
----------------------------------------------------------------------------------------------------------------------------------------------
If you connected the PC to the Internet without having first installed the
KB824146 Hotfix, without having first installed an antivirus application
with current virus definition files, and before enabling a firewall, you're
very likely to get infected from any of the thousands of PCs on the Internet
that are constantly broadcasting the Blaster and/or Welchia worms. It only
takes a few seconds of exposure.
To stay on-line long enough to get the necessary updates, patches,and
removal tools, click
Start > Run, and enter "shutdown - a" when the next RPC countdown begins.
This will abort the shut down. Also, make sure you've enabled a firewall
before starting, to preclude any more intrusions while getting the
updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
--
McPloppy ©
{ Remove both MyShoes to email me }
{ Homepage: http://tinyurl.com/bbel }
{ Local Radio: http://tinyurl.com/j1vi }
{ My Alternative Site: http://tinyurl.com/rynb }
I am getting a rpc message about 10 mins. after I am
online, and it knocks me off. whats up with that?
*FROM A PREVIOUS POST*
You have the MSBlaster worm. To remove it, do the following:
The following instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back
Before starting make sure you have a firewall active see step 3a:
1. Stop it from running
Press Ctrl-Alt-Delete to bring up the Task Manager, then on theProcesses
tab, click msblast.exe and then "End process."
Reply "Yes" to the warning message that comes up.
This stops the worm from running, so your system will not shutdown. However,
it doesn't remove it, and if that's all you do, it will start up again the
next time you boot.
***
2. Remove it from your system
a. Download a removal tool from a link below.
But if that's all you do, you can get reinfected just as you did the first
time.
***
3. Make sure it doesn't come back
a.MAKE sure you're running a Firewall that prevents worms like this from
getting in. You can enable the built-in Windows XP firewall, or(preferred)
download and install another one such as the free version of ZoneAlarm. To
enable the built- in firewall, go to Control Panel, double-click Networking
and Internet Connections, then click Network Connections. Right-click your
connection, then click Properties, and on the Advanced tab, click the option
"Protect my computer and network...".
Note: the built in firewall only monitors incoming traffic not outgoing(ie
spyware, trojans, etc.. you may have on your system).
b.If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/downl...e-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
That will remove the vulnerability that the worm exploits.
c.MAKE sure you are running an Anti-Virus program, and that you regularly
download the latest updated virus definitions.
----------------------------------------------------------------------------------------------------------------------------------------------
If you connected the PC to the Internet without having first installed the
KB824146 Hotfix, without having first installed an antivirus application
with current virus definition files, and before enabling a firewall, you're
very likely to get infected from any of the thousands of PCs on the Internet
that are constantly broadcasting the Blaster and/or Welchia worms. It only
takes a few seconds of exposure.
To stay on-line long enough to get the necessary updates, patches,and
removal tools, click
Start > Run, and enter "shutdown - a" when the next RPC countdown begins.
This will abort the shut down. Also, make sure you've enabled a firewall
before starting, to preclude any more intrusions while getting the
updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
--
McPloppy ©
{ Remove both MyShoes to email me }
{ Homepage: http://tinyurl.com/bbel }
{ Local Radio: http://tinyurl.com/j1vi }
{ My Alternative Site: http://tinyurl.com/rynb }
B
Bruce Chambers
Greetings --
If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB824146 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH