On Tue, 20 Jan 2004 11:10:37 -0600, "Carey Frisch [MVP]"
Apparently, your computer is now infected with the W32.Blaster.Worm or one of its variants.
This happened because you have not been using an internet connection firewall and have
apparently neglected to install the critical updates available at the Windows Update website.
And the reason you have to pull updates is because MS neglected to
find and fix a code defect within the RPC/DCOM system from NT4 through
to XP SP1, having documented it for the first time in July 2003.
By August 2003, Lovesan/Blaster and several other RPC attackers were
attempting to penetrate this hole, causing PCs to crash when the
attack packet's offsets were mis-aligned (Win2000 and XP require
different offsets, so what infects one crashes the other).
By September 2003, MS had discovered a number of defects in the
original July 2003 patch, and re-issued a new fix - the one you need++
Meantime:
1) Activate your firewall (XP's built-in one will do for this)
2) Stop the PC from resetting on all system errors
3) Stop the PC from resetting on all RPC service failures
4) Get offline, and clean active malware off the system
5) Get and apply the patch to repair the RPC/DCOM defects
It is (2) and (3) that cause every love-tap from an RPC attacker
anywhere in the 'net to reset the PC.
On (2), XP is set by duhfault to "Restart on system errors"; find that
setting in System Properties, Advanced and turn it off.
On (3), XP is set by duhfault to "Restart the computer" every time the
RPC service falls on its ass. Admin Tools, Services, go into
Properties for RPC, Recovery tab, set to "Restart the service".
It is these two stupid defaults that are causing a large part of the
grief caused by RPC attackers. Code defects will always be with us,
but spare us these brain-dead design decisions please!
--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
