MSBlaster Virus Info
08-12-2003, 02:17 PM
#1
Registered User
Thread Starter
Join Date: Mar 2003
Location: AZ, Tucson
Posts: 177
MSBlast Virus Info
This has been affecting XP and Win2k world wide.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC-enabled ports. This interface handles DCOM object activation requests that are sent by client machines (for example, Universal Naming Convention [UNC] path requests) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.http://support.microsoft.com/?kbid=823980#
http://www.symantec.com/avcenter/ven...ster.worm.html
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC-enabled ports. This interface handles DCOM object activation requests that are sent by client machines (for example, Universal Naming Convention [UNC] path requests) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.http://support.microsoft.com/?kbid=823980#
http://www.symantec.com/avcenter/ven...ster.worm.html
Last edited by Damicci; 08-13-2003 at 10:40 AM.
08-13-2003, 12:02 AM
#4
Registered User
Join Date: Jun 2003
Location: Harrisburg, PA
Posts: 8,440
Originally posted by MJ201
????WHAT????
In english please
????WHAT???? In english please
08-13-2003, 10:39 AM
#7
Registered User
Thread Starter
Join Date: Mar 2003
Location: AZ, Tucson
Posts: 177
No problem fellas, it hit us hard here at work and we are still recovering, but i know a few people who have been affected personally and have no clue what to do b/c it can harm your system with even infecting it.
so use the first link to patch your version of win2k or xp and use the last link to clean up the virus if you don't have any a/v software, if you do update it and run a scan for MSBLAST.EXE.
so use the first link to patch your version of win2k or xp and use the last link to clean up the virus if you don't have any a/v software, if you do update it and run a scan for MSBLAST.EXE.
08-17-2003, 03:52 AM
#8
Contributing Member
Join Date: Jun 2003
Location: sactown bitch
Posts: 673
I got it on monday when it came out and i deleted it yesterday. You jus have to search ur comp for msblast and delete the files then install the patches. You will also have to do a system clean up that you can get from www.antivirus.com. ONe of the blast files will be on your start up however and you wont be able to delete it because your computer will say its in use, you will have to go to START-RUN-type msconfig-go to start up and uncheck the msblast box then you can go back and delete it. It is important that you install the patch because modified versions of the worm have been released. hope that helps!!
Thread
Thread Starter
Forum
Replies
Last Post
ALTIMA420
West Coast/Hawaii
5
02-25-2002 06:22 PM