RE: [Full-Disclosure] what to do
From: gml (gml_at_phrick.net)
Date: 08/12/03
- Previous message: ViLLaN: "RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)"
- In reply to: Calvyn: "RE: [Full-Disclosure] what to do"
- Next in thread: Arian J. Evans: "RE: [Full-Disclosure] what to do"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Calvyn'" <Calvyn@stny.rr.com>, <full-disclosure@lists.netsys.com> Date: Tue, 12 Aug 2003 02:05:50 -0400
I've been doing this:
1. patch the machine
2. remove registry entries containing "msblast.exe"
3. reboot
4. remove msblast.exe
It's worked out so far. Yes I agree I wish people would listen when you
tell them to patch. I have it on good authority that firewalls can't stop
stupidity, I guess we're lucky this one wasn't also a mass mailing worm.
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Calvyn
Sent: Tuesday, August 12, 2003 1:16 AM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] what to do
I'm was just working with my 15 year old niece in NJ, through IM, to
help her keep her WinXP PC from rebooting every minute. She had 2 copies
of msblast.e x e on her PC. One was delete-able the other we had to
reboot into safe mode to delete. After deleting the last e x e her unit
is NOT rebooting. I have since had her update her unit and disable DCom.
Amazing how kids never listen to you when you ask them to update their
PCs..
-Calvyn-
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of akbara
Sent: Tuesday, August 12, 2003 1:52 AM
To: Gabe Arnold; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] what to do
has she tried booting into safe mode ?
then removing the msblast or what not program ?
-akbara
----- Original Message -----
From: "Gabe Arnold" <f0x@squirrelsoup.net>
To: <full-disclosure@lists.netsys.com>
Sent: Monday, August 11, 2003 7:57 PM
Subject: Re: [Full-Disclosure] what to do
> Don't use windose sounds like a solution to me...
> * Justin Shin (zorkshin@tampabay.rr.com) wrote:
> > Hi All --
> >
> > My cousin recently got a nasty RPC/DCOM worm and she cannot use
> > Windows
update because when the RPC is shutdown, SYSTEM automatically initiates
a shutdown of the computer as you are all aware of. What is the best
solution to keep data files intact while removing this worm? I have
tried going to the Registry Run, no entries ar ethere besides legitimate
startup stuff. Any suggestions?
> >
> > -- Justin
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: ViLLaN: "RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)"
- In reply to: Calvyn: "RE: [Full-Disclosure] what to do"
- Next in thread: Arian J. Evans: "RE: [Full-Disclosure] what to do"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
