Re: How to kill of Win32Trojan once and for all?

From: kaptain kernel (nospam_at_nospam.gov)
Date: 08/12/03


Date: Tue, 12 Aug 2003 10:49:34 +0100


©N„ikuli, Willićm© wrote:

> This was what happened, then I had to reinstall windows:
> http://tinyurl.com/jkgu
>
> However, even right now, stuff is still happening:
>
> Every 48 hours or so, my computer gives me a message that it has to
> shut-down, and then it counts down and restarts automatically. This is
> after formatting my hard-drive and reinstalling windows. This was the
> "infant" stage of the virus before, until the computer started freezing as
> soon as I started it.
>
> Avast Anti-Virus didn't detect anything, even during booting.
>
> What is this thing, where is it, and how do I kill it off once and for
> all?
>
> Interstingly, when I do ctrl-alt-delete, the tasks/processes log doesn't
> come up.

DCOM exploit - msblast worm...

best solution is to install Linux.
:-)



Relevant Pages

  • Can not successfully remove msblast on win 2000 using recommended cleaning tools
    ... I was infected by msblast which Mcafee identified as ... or worm processes where active. ... I cancel the log reports MBLAST.EXE and TFTP identified, ... downloading the SP updates for Win2K (I believe a symptom ...
    (microsoft.public.win2000.security)
  • Re: Is this blaster or sasser
    ... The time I tried to end some of these svchost.exe, a window ... | I had to do shutdown -a to abort the shutdown process. ... The Sasser worm exploits the LSASS module not the RPC/RPCSS DCOM module so that's not it. ...
    (alt.comp.anti-virus)
  • Re: DCOM Hotfix breaks our software
    ... If MSBLAST attempts to infect the ... DCOM Hotfix breaks our software ... > My guess is that it uses DCOM for some of it's functionality. ... > The problems were on a client machine, and once the hotfix had been ...
    (Security-Basics)
  • RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
    ... Yes, it does infect Windows XP machines and No, it doesn't touch NAV. ... have however seen some other exploits based on the RPC vulnerability ... Subject: ISS Security Brief: "MS Blast" MSRPC DCOM ... I had a friend infected with the worm earlier today, ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
    ... I had a friend infected with the worm earlier today, ... I hadn't seen any reports of MSBlast on FD before this point, ... was almost certain it was a worm of some sort using the DCOM RPC exploit. ... I don't know if that was the worm [as I've not seen any analyses ...
    (Full-Disclosure)