موقع زيدل الصفحة الرئيسية  

العودة   منتديات زيدل > المنتدى الزيدلي > المنتدى التقني

 
 
أدوات الموضوع تقييم الموضوع انواع عرض الموضوع
  #1  
قديم 26th August 2003, 11:28 AM
الصورة الرمزية hosam abdulaziz
hosam abdulaziz hosam abdulaziz غير متواجد حالياً
مشرف المنتدى التقني و الرياضي
 
تاريخ التسجيل: Feb 2003
الدولة: سوريا
المشاركات: 2,166
الجنس: ذكر
hosam abdulaziz is on a distinguished road
very important

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability. This virus was spreaded widely during few past days infecting large number of computers around the world.



Technical effect:

· Your computer O.S. will not be stable.

· Cause your computer to shutdown unexpectedly while displaying this message” This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown 00:00:xx”

· Uses Cmd.exe to create a hidden remote shell process that will listen on TCP port 4444, allowing an attacker to issue remote commands on an infected system.

· The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.



Removal instructions:

There is two steps to clean your PC, first remove the virus, then update your windows against other attack by applying a security patch from Microsoft site.

1 - Download Norton fix tool from link below:

http://securityresponse.symantec.com...r/FixBlast.exe

Note: to run this tool you should have Admin right.



2 - This tool will clean the system, but it will not prevent this worm from attacking your PC again, after cleaning your PC you have to apply a security patch from Microsoft to close this hole on the operating system.

Microsoft updates available on the link below for all windows version:

http://www.microsoft.com/technet/tre...n/MS03-026.asp



To prevent computer viruses form infecting your pc you should:

· Always be sure that you have an Antivirus software installed on your pc, also be sure that your antivirus definitions files is up to date.

· Check your windows update frequently, http://windowsupdate.microsoft.com, scan for new update and install all critical update incase on any
__________________
Life Without Love is no life at all

Sponsored Links
  #2  
قديم 26th August 2003, 09:23 PM
الصورة الرمزية shadi
shadi shadi غير متواجد حالياً
مشرف منتدى لجنة أصدقاء زيدل ( زيدلنا )
 
تاريخ التسجيل: Feb 2003
الدولة: Zaidal
المشاركات: 507
الجنس: ذكر
shadi
Lightbulb addtional (important)information

it can reach you pc by a person you know well and may be your brother but not he who send the mail so take care and be cautious about your pc and delete it immediatly


name:
Win32/Sobig.F@mm

type
I_Worm

cause a damege in the system and settle in it
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
"TrayX"="C:\\WINDOWS\winppr32.exe /sinc"

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
"TrayX"="C:\\WINDOWS\winppr32.exe /sinc"
of course reach by the e-mail
the mail adress is one of the following
Subject:

"Re: That movie"
"Re: Wicked screensaver"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"

and attache to the mail one of these attachments
Attachment:
"movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif"
in the letter
Body:
"Please see the attached file for details."
أو
"See the attached file for details"

be aware of it

آخر تعديل بواسطة shadi ، 26th August 2003 الساعة 09:27 PM
 

أدوات الموضوع
انواع عرض الموضوع تقييم هذا الموضوع
تقييم هذا الموضوع:

ضوابط المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا يمكنك اضافة مرفقات
لا يمكنك تعديل مشاركاتك

BB code متاحة
كود [IMG] متاحة
كود HTML معطلة

الانتقال السريع


Sponsored Links

جميع الأوقات بتوقيت GMT +3. الساعة الآن 05:53 PM.


Powered by vBulletin V3.6.2. Copyright ©2000 - 2019
تصميم الموقع وسام عبد العزيز جميع الحقوق محفوظة, Copyright ©2001 - 2019
المنتدى | الجالري | صفحة الافراح | شبكة زيدل محادثة صوتية صور المناسبات العامة خارطة منتدى سوريا حمص