Re: Virus in microsoft Patch

From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: 08/12/03 

Date: Tue, 12 Aug 2003 13:37:05 -0600

Alan;
You already had the virus (worm).
That is what was causing your issue.
Now you can blame Microsoft for your troubles or you can install the
patch (should have been done a while ago.
Enable firewall (why wasn't it enabled)

Follow this carefully to fix the computer:
You most likely have a worm W32.Blaster.Worm
DISCONNECT the subject computer from any network IMMEDIATELY.

Install or enable a firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

VERY IMPORTANT to repair, closing ports is NOT enough.
Download the appropriate patch referenced in Ron Martessl article
below.
You may need to do this at an uninfected computer and burn to CD or
save on floppy.

This is the IMPORTANT fix by Ron Martell:
http://www.bigblackglasses.com/Article.aspx?Article=342

Also see:
http://isc.sans.org/diary.html?date=2003-08-11

After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall. 

-- 
Jupiter Jones  [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html
"Alan" <akendall83@hotmail.com> wrote in message
news:0d6801c360c6$df700f00$a301280a@phx.gbl...
> Last night I was having problems with the RPC shutting
> down my computer automatically if I connected to the net,
> having phoned my ISP I was directed to a patch on the
> microsoft website. Upon installing this patch I was
> informed by my antivirus software that I had contracted a
> virus from this patch. So be warned, dont assume microsoft
> files are clean.

Relevant Pages

  • Re: Do I need to be on the internet to fix Sasser??
    ... It's important to install the patch first and then run the clean up tool. ... NEW WORM: SASSER ... Microsoft has learned about a worm identified as "W32.Sasser.worm" that is ... Anti-Virus software vendor for support on the Sasser or AgoBot viruses. ...
    (microsoft.public.security.virus)
  • Re: Critical Alert Update - W32.Slammer
    ... The .net SDK 1.0 sp1 comes with a very basic SQL Server engine for testing ... >> Microsoft SQL Desktop ... >>>cumulative SQL security patch, is completely safe from ... >> may install SQL ...
    (microsoft.public.security)
  • Critical Alert Update - W32.Slammer
    ... It's not clear if SQL Server 2000 SP1/SP2 includes the ... Microsoft SQL Desktop ... and all applications that install ... >most recent cumulative SQL Server security patch, ...
    (microsoft.public.security)
  • Re: Problems installing critical update
    ... this patch (Security Update for Microsoft XML Core Services 4.0 for Service ... the message is still there when I reboot. ... Microsoft Update to require me to install both KB936181 and KB933579. ...
    (microsoft.public.windowsupdate)
  • Re: Office 2003 Updates error - ouerror.gif (0/1)
    ... it would not let me install ... attempting to install any of the individual, downloaded patch EXE?s? ... No valid sequence could be found for the set of patches. ... Office Professional Edition 2003 Version 11.0.6361.0: ...
    (microsoft.public.officeupdate)