|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
08-11-2003, 08:28 PM
|
#1 |
|
Member (7 bit)
Join Date: Mar 2002
Location: Gig Harbor, WA
Posts: 126
|
Eliminating the RPC exploit for good?
Hello,
Thanks all for addressing this RPC issue so well here at PCMech. I'd be lost without it. I was able to address the problem I was having with the RPC message and rebooting by first downloading the Windows update addressing the RPC exploit, then installing a firewall trial from Sygate. My question is how do I permanently erase the threat of this intrusion? I blocked the request for msblast, but it still comes up and gets blocked by the firewall. How do I permanently get rid of this? The MS update hasn't done it. And also, does anyone know how to actually block port 135 on Sygate's firewall? And is this a good firewall to invest in? Right now I'm using a trial and am wondering if this is a decent program to buy.
__________________
Latest build, DAW for recording: Core 2 Duo 6600 ASUS P5B Plus 4 gigs of Corsair 800mhz RAM Seagate Baracuda 80g system drive Seagate Baracuda 250g data drive MSI RX300HM, dual monitors Athena rackmount case Windows XP |
|
|
|
08-11-2003, 08:36 PM
|
#2 |
|
Member (8 bit)
Join Date: Jan 2002
Location: Killeen, Texas. USA
Posts: 181
 |
W32.Blaster.Worm VIRUS
It seems this is the little bugger causing all the havoc today. if your system is about to shut down, you can cancel it by going to start>run>cmd, then type "shutdown -a" once you do that the shutdown will be cancelled. Hit ctrl-alt-delete, look for a process called msblast.exe, this is the worm. kill that process. then go to c:\windows\system32. look for the file msblast.exe, and rename it to something else, ex msblast.vir or something. now got to c:\windows\prefetch and delete the file that has msblast.exe in its name. also, you must remove an entry from your registry start>run>regedit, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run find the key "windows auto update"="msblast.exe" and delete it. Also it looks like this only affects people(running XP) without windows XP SP1, if you do not have service pack 1 installed, i highly!!! reccomend it. _________________ G |
|
|
|
|
08-11-2003, 08:40 PM
|
#3 |
|
Computing Professor
Staff
Premium Member
Join Date: Jun 2001
Posts: 11,718
|
Any decent firewall should do it.
I almost missed this entirely since I use the free ZoneAlarm (after I heard about it I downloaded and installed the Windows' patch anyway) and Sygate's firewall is every bit as good. What does not seem to work in the firewall in XP. If it's still turning up gonzo's advice should do it or you need a visit to one of the on-line sites for checks and removals. Try the advice first. Last edited by pam123; 08-11-2003 at 08:45 PM. |
|
|
|
|
08-11-2003, 09:05 PM
|
#4 |
|
Member (7 bit)
Join Date: Mar 2002
Location: Gig Harbor, WA
Posts: 126
|
Great information! Thanks.
I was just doing all the steps you mentioned Gonzo, but regedit won't stay open for more than about a second. Anyone know why? |
|
|
|
|
08-11-2003, 09:18 PM
|
#5 |
|
Computing Professor
Staff
Premium Member
Join Date: Jun 2001
Posts: 11,718
|
That sounds like a viral rewrite.
Try safemode if you haven't already done so. |
|
|
|
|
08-11-2003, 09:19 PM
|
#6 |
|
Member (6 bit)
Join Date: Mar 2003
Location: Grand Rapids,MI.
Posts: 60
 |
are you using the run command, you need to use the command prompt, also in XP you use regedt32 I believe
|
|
|
|
|
08-11-2003, 09:26 PM
|
#7 |
|
Member (7 bit)
Join Date: Mar 2002
Location: Gig Harbor, WA
Posts: 126
|
hmmm. still goes away after 1 second no matter how I open it.
|
|
|
|
|
08-11-2003, 11:35 PM
|
#8 |
|
Computing Professor
Staff
Premium Member
Join Date: Jun 2001
Posts: 11,718
|
Not good.
It's like not tracing malaria to the source, it won't do. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
