Re: WORM from MS Update Site
From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: 09/18/03
- Next message: rob: "Administrator account disappeared- new user created suddenly"
- Previous message: Peter: "Scripting Laptops to turn on personal firewall"
- In reply to: RJ: "WORM from MS Update Site"
- Next in thread: Lloyd Hayes: "Re: WORM from MS Update Site"
- Reply: Lloyd Hayes: "Re: WORM from MS Update Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Sep 2003 13:39:40 -0600
RJ;
You are not getting the Blaster worm from Windows Update.
That is similar to "I used the phone from home and called McDonalds,
my house caught fire while I was on the phone. Who do I call at
McDonalds to prevent this from happening again?"
You may be at Windows Update when the worm gets to your computer but
Microsoft did not deliver the worm.
Once you are connected to the internet, the computer is not limited to
the single site you are surfing.
In fact your computer can be doing other things.
As well other computers can be searching for your computer and
infecting the computer with Blaster.
You need to have a properly configured firewall.
******************************
DISCONNECT the subject computer from any network IMMEDIATELY.
If necessary to stop the reboot process:
Start/Run
Type "shutdown -a" ENTER
Install or enable a firewall IMMEDIATELY, before connecting to the
internet:
http://support.microsoft.com/?kbid=283673
VERY IMPORTANT to follow ALL steps, closing ports or installing the
patch is NOT enough.
Download the patch and regedit referenced in the article below.
You may need to do this at an uninfected computer and burn to CD or
save on floppies.
Each file is small enough to fit on a floppy.
Follow this to clean and protect your computer:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.
See also:
http://support.microsoft.com/?kbid=826955
http://www.microsoft.com/security/incident/blast.asp
-- Jupiter Jones [MVP] An easier way to read newsgroup messages: http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp http://dts-l.org/index.html "RJ" <support@wabbii.net> wrote in message news:0dd701c37e1a$bf402f50$a001280a@phx.gbl... > In the past few weeks after completing a fresh install on > a new PC and after the customers requests doing all the > critical updates from the MS UPDATE site we have on 3 > seperate occasions got the MBLAST worm installed. > This was checked and verified as NO other applications was > installed, no email address or accounts installed, just > the O/S ( WinXP-Pro) and Microsoft Critical Updates. > > This morning I had a associate from the West Coast phone > me and he has now encountered the same exact problem. > > I am not sure if somebody is monitoring connections to the > MS UPDATE site and using a BNC connection and placing the > worm virus on pc when connecting to the MS UPDATE site or > what. BUT, this needs to be looked at immediately. > . > >
- Next message: rob: "Administrator account disappeared- new user created suddenly"
- Previous message: Peter: "Scripting Laptops to turn on personal firewall"
- In reply to: RJ: "WORM from MS Update Site"
- Next in thread: Lloyd Hayes: "Re: WORM from MS Update Site"
- Reply: Lloyd Hayes: "Re: WORM from MS Update Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
