SiDHEaD

Mods plz leave here for a bit!

Spreading like wildfire at the moment. Automatically installs itself on vulnerable machines, then sits scanning for more.

Will do an attack on windowsupdate.com after the 15th of Aug.

Please please please patch your machine's DCOM software.

See here for Windows XP and Windows 2000 here

Information on the virus is here.

Email me if you want some more comprehensive removal instructions, as i'm having to remove it from reps machines at the rate of 5 already today!!!

Andy

flat4

i know of two people aswell who have had this last night, i'll be checking mine tonight

beemerboy

all right boys,
i had 5 webservers go down last night with this ******!!!!

was in at 8am, and had them sorted by 9.28 (2 mins before opening time at the zoo)

i'm now back home supping beer!!!

basically i took the servers offline, checked the reg for HKLM/software/microsoft/windows/run for spurrious entries (and deleted them)
then i installed patch windows2000-KB823980-x86-ENU.exe
ontop of sp3

i have heard that sp4 can actually open up the vulnerability again, so do be careful.

good luck virus warriors

Dazza

ianmiller999

What does it actually do?

NACRO

NB: you will need SP2 or better installed for this to work.

PG

It doesnt sound good !
But I have a load of information stuck to the wall behind me where it flew right over my head
I downloaded and ran the XP download thingy....is that job done ??

SiDHEaD

Ian have a look at the info page in my post. Tells you all you wanna know + more!!


Andy

SiDHEaD

Everyone patch patch patch!!

For those of you that have already been hit and RPC is causing machine to reset 60secs after venturing into an internet program - here's a quick guide i knocked together for removing it.

Andy

scoob_babe

got my mcafee nicely updated!

SiDHEaD

Yes but it doesn't come in as a file on an email or website. Its due to a remote vulnerability. You should still remove the bug.

All the machines I've seen it on had AV software running, as soon as its on it prevents updates being done i think, or hinders the AV engine..

Andy

JackClark

We - McAfee - detected it proactively. Not all Antivirus is the same.

Info here

SiDHEaD

We use mcafee on our laptops and desktops at work

Andy

AdrianFRST

Installed the patch, rebooted and now it seems to have taken out my ProtectedStorage service (Win2k Server)...

"The IIS Admin Service service depends on the following nonexistent service: ProtectedStorage"

Coincidence?

Stueyb

Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.

Any ideas

Taff107

Sh1te, got the damn thing on the other PC now!

ianmiller999

Check out symnatec or however it is spelt they got someit to deal with it now aswell

Stueyb

Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.

Any ideas

SiDHEaD

Tool for removing worm is here

Andy

Stueyb

Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.

Any ideas

ianmiller999

So in comparison to other bugs how big a threat is this, love bug scale-more less?

pugoetru

yea herbies gona get ya lol

unclebuck

patch patch patch!!

done, done, done!!

Seems to have rebooted with everything still working.

Cheers chaps.

BTW would Zone Alarm (free not Pro) be man enough to stop the virus?

UB

pugoetru

i got 4 wierd emails today didnt open them could that be how it gets in?

Andrewza

If you're having trouble staying on the net to get the patch and get it installed, disconnect from the net (even unplugging the cable), get up the properties of your net connection, be that dialup or network card and click the advanced tab, then tick the box "Protect my computer and network by limiting..." under "internet connection firewall" it's not good, but it's sufficient to stop this work exploiting your machine and crashing it while you install the patch and run the removal tool.

Scoobydick

Is there a patch for Windows 98
Cheers

SiDHEaD

I dont think it sufers from the problem.??? Anyone know?

Andy

markr1963

No, just Win2k annd XP according to symantec

Mark

PG

So I shouldnt have a prob with my Laptop running ME????.........well other than the fact it is running ME

Will this cause an XP machine to tell you to save all your stuff 'cos it is about to close the connection ?

If so my mate has it

SiDHEaD

Yes PG, he has it!!!

Andy

PG

so I have the patch download on my desktop can I burn this file take it to him, patch it then get online to run the removal ??