|
|
Serious Windows bug! (Community)
Serious Windows bug! // Community
Aug 12, 2003, 11:35pm
OK im posting this because a lot of ppl i know have been facing this problem
where RPC is shutting down their computer.
*note* if you are getting the RPC error you're seeing the results of a
current exploit on port 135, 139, and i believe 445, that allows a hacker to
literally run any script on your computer, with total disregard for current
antivirus software and firewalls. An easy way to tell is to hit
CTRL+ALT+DELETE and check under the "Processes" tab for a program called
msblast.exe to be running.
Here is the patch to fix it.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
Just figured i would post this So people who don't already know, know!
-Mod
Aug 12, 2003, 11:40pm
BTW: if you are getting the countdown message (you will know what i am
talking about if you get it.) First of all go to start -> run and type
"shutdown -a" This will abort the countdown. Now, to get rid of the problem
First, unplug your network (if you have cable/dsl/t1) and restart your
computer. This thing is only active with an active network connection, its
triggered remotely, something like that. Then, hit CTRL+ALT+DEL, go to
processes, end "msblast.exe" (yeah, someone put that on your computer
without you ever knowing...) Once you have msblast.exe shut down, go to
c:\windows\system32 and delete msblast.exe. Now the tricky part. Go to
start -> run and type "regedit". Then using the registry editor, go to
Hkey_local_machine -> Software -> Microsoft -> Windows -> Run. This will
show a listing of some of the stuff windows runs on your box. Go to the end,
the "windows auto update" and delete it.
Then install the patch I mentioned in the last post :)
-Mod
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3995c7$1 at server1.Activeworlds.com...
> OK im posting this because a lot of ppl i know have been facing this
problem
> where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a hacker
to
> literally run any script on your computer, with total disregard for
current
> antivirus software and firewalls. An easy way to tell is to hit
> CTRL+ALT+DELETE and check under the "Processes" tab for a program called
> msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
>
> -Mod
>
>
|
Aug 13, 2003, 1:40am
*note* I have just helped at least 30 people fix this problem completely,
this is a serious bug, and if after reading this you still can't figure it
all out, contact me someway, I will call you/you call me to get it fixed.
Always glad to be of help
-Mod
--
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3996fb$1 at server1.Activeworlds.com...
> BTW: if you are getting the countdown message (you will know what i am
> talking about if you get it.) First of all go to start -> run and type
> "shutdown -a" This will abort the countdown. Now, to get rid of the
problem
> First, unplug your network (if you have cable/dsl/t1) and restart your
> computer. This thing is only active with an active network connection, its
> triggered remotely, something like that. Then, hit CTRL+ALT+DEL, go to
> processes, end "msblast.exe" (yeah, someone put that on your computer
> without you ever knowing...) Once you have msblast.exe shut down, go to
> c:\windows\system32 and delete msblast.exe. Now the tricky part. Go to
> start -> run and type "regedit". Then using the registry editor, go to
> Hkey_local_machine -> Software -> Microsoft -> Windows -> Run. This will
> show a listing of some of the stuff windows runs on your box. Go to the
end,
> the "windows auto update" and delete it.
> Then install the patch I mentioned in the last post :)
>
> -Mod
>
> "mod" <mod at darkbirdie.com> wrote in message
> news:3f3995c7$1 at server1.Activeworlds.com...
> problem
hacker
> to
> current
>
>
|
Aug 13, 2003, 1:42am
tomas (mod) thank you, calling you was beter then using msn msger, i thnk u
and me are the only ones safe as of now, no1 seems to respond they have the
problem and cant solve it haha!!
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3996fb$1 at server1.Activeworlds.com...
> BTW: if you are getting the countdown message (you will know what i am
> talking about if you get it.) First of all go to start -> run and type
> "shutdown -a" This will abort the countdown. Now, to get rid of the
problem
> First, unplug your network (if you have cable/dsl/t1) and restart your
> computer. This thing is only active with an active network connection, its
> triggered remotely, something like that. Then, hit CTRL+ALT+DEL, go to
> processes, end "msblast.exe" (yeah, someone put that on your computer
> without you ever knowing...) Once you have msblast.exe shut down, go to
> c:\windows\system32 and delete msblast.exe. Now the tricky part. Go to
> start -> run and type "regedit". Then using the registry editor, go to
> Hkey_local_machine -> Software -> Microsoft -> Windows -> Run. This will
> show a listing of some of the stuff windows runs on your box. Go to the
end,
> the "windows auto update" and delete it.
> Then install the patch I mentioned in the last post :)
>
> -Mod
>
> "mod" <mod at darkbirdie.com> wrote in message
> news:3f3995c7$1 at server1.Activeworlds.com...
> problem
hacker
> to
> current
>
>
|
Aug 13, 2003, 9:32am
Or you could just get all the latest security patches
~John
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3995c7$1 at server1.Activeworlds.com...
> OK im posting this because a lot of ppl i know have been facing this
problem
> where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a hacker
to
> literally run any script on your computer, with total disregard for
current
> antivirus software and firewalls. An easy way to tell is to hit
> CTRL+ALT+DELETE and check under the "Processes" tab for a program called
> msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
>
> -Mod
>
>
|
Aug 13, 2003, 7:06pm
I have get one computer in to be fixed here that have another version of
this virus, thtp as a .pf file, same as msblaster have. you should only have
one single thtp file at your putter, and that is thtp.exe
msblaster does also have a msblaster as a .pl file, be sure to remove this.
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3995c7$1 at server1.Activeworlds.com...
> OK im posting this because a lot of ppl i know have been facing this
problem
> where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a hacker
to
> literally run any script on your computer, with total disregard for
current
> antivirus software and firewalls. An easy way to tell is to hit
> CTRL+ALT+DELETE and check under the "Processes" tab for a program called
> msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
>
> -Mod
>
>
|
Aug 13, 2003, 7:34pm
thank you
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3995c7$1 at server1.Activeworlds.com...
> OK im posting this because a lot of ppl i know have been facing this
problem
> where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a hacker
to
> literally run any script on your computer, with total disregard for
current
> antivirus software and firewalls. An easy way to tell is to hit
> CTRL+ALT+DELETE and check under the "Processes" tab for a program called
> msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
>
> -Mod
>
>
|
Aug 14, 2003, 6:27am
you have also this:
http://microsoft.com/downloads/search.aspx?displaylang=en&categoryid=7
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3f3995c7$1 at server1.Activeworlds.com...
> OK im posting this because a lot of ppl i know have been facing this
problem
> where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a hacker
to
> literally run any script on your computer, with total disregard for
current
> antivirus software and firewalls. An easy way to tell is to hit
> CTRL+ALT+DELETE and check under the "Processes" tab for a program called
> msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
>
> -Mod
>
>
|
Aug 14, 2003, 10:26am
"mod" <mod at darkbirdie.com> wrote in
news:3f3995c7$1 at server1.Activeworlds.com:
> OK im posting this because a lot of ppl i know have been facing this
> problem where RPC is shutting down their computer.
>
> *note* if you are getting the RPC error you're seeing the results of a
> current exploit on port 135, 139, and i believe 445, that allows a
> hacker to literally run any script on your computer, with total
> disregard for current antivirus software and firewalls. An easy way to
> tell is to hit CTRL+ALT+DELETE and check under the "Processes" tab for
> a program called msblast.exe to be running.
>
> Here is the patch to fix it.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823980#WinXP
>
> Just figured i would post this So people who don't already know, know!
Forget about the patch. Practically nobody needs DCOM anyway, just disable
it:
1) Open regedit
2) Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE.
3) Change the value of the EnableDCOM key to "N".
4) Reboot and DCOM will be disabled.
Source: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750
KAH
PS. Be carefull when editing the registry, if you do something wrong you'll
get OS malfunctions. I take no responsability for any damage you may cause
yourself.
Aug 14, 2003, 10:31am
"kah" <kah at kahnews.cjb.net> wrote in
news:Xns93D7921581712kahatkahnewsdotcjbdo at 64.94.241.201:
> Forget about the patch. Practically nobody needs DCOM anyway, just
> disable it:
>
> 1) Open regedit
> 2) Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE.
> 3) Change the value of the EnableDCOM key to "N".
> 4) Reboot and DCOM will be disabled.
>
> Source: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750
Forgot to mention that Windows 2000 users will need SP3 or later for this
to work. (You should have SP4 by now anyway).
KAH
|
