Pages: 1

very important

(انقر هنا ان احببت مشاهدة الموضوع الاصلي بالالوان و الصور )

Posted by: hosam abdulaziz

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability. This virus was spreaded widely during few past days infecting large number of computers around the world.



Technical effect:

· Your computer O.S. will not be stable.

· Cause your computer to shutdown unexpectedly while displaying this message” This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown 00:00:xx”

· Uses Cmd.exe to create a hidden remote shell process that will listen on TCP port 4444, allowing an attacker to issue remote commands on an infected system.

· The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.



Removal instructions:

There is two steps to clean your PC, first remove the virus, then update your windows against other attack by applying a security patch from Microsoft site.

1 - Download Norton fix tool from link below:

http://securityresponse.symantec.com...r/FixBlast.exe

Note: to run this tool you should have Admin right.



2 - This tool will clean the system, but it will not prevent this worm from attacking your PC again, after cleaning your PC you have to apply a security patch from Microsoft to close this hole on the operating system.

Microsoft updates available on the link below for all windows version:

http://www.microsoft.com/technet/tre...n/MS03-026.asp



To prevent computer viruses form infecting your pc you should:

· Always be sure that you have an Antivirus software installed on your pc, also be sure that your antivirus definitions files is up to date.

· Check your windows update frequently, http://windowsupdate.microsoft.com, scan for new update and install all critical update incase on any


Posted by: shadi

it can reach you pc by a person you know well and may be your brother but not he who send the mail so take care and be cautious about your pc and delete it immediatly


name:
Win32/Sobig.F@mm

type
I_Worm

cause a damege in the system and settle in it
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
"TrayX"="C:\\WINDOWS\winppr32.exe /sinc"

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
"TrayX"="C:\\WINDOWS\winppr32.exe /sinc"
of course reach by the e-mail
the mail adress is one of the following
Subject:

"Re: That movie"
"Re: Wicked screensaver"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"

and attache to the mail one of these attachments
Attachment:
"movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif"
in the letter
Body:
"Please see the attached file for details."
أو
"See the attached file for details"

be aware of it


موقع زيدل سوريا حمص  .. خدمات تشات و دردشة  ... أرشيف المنتدى



vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Limited.
vB Easy Archive Final ©2000 - 2008 - Created by Stefan "Xenon" Kaeser