|
RPC Exploit Warning
Yes, I know we don't need another thread about this but I wanted to point something out. This exploit does give users the ability to install programs on your system (as well as many, many other abilities).
While at work, my home PC reboot itself over 50 times. I get home to find that over 7 different spyware programs, some bizarre internet explorer plugins, several worms, and some weird looking programs have been installed on my system. So, I recommend everyone run windows update as soon as possible : ) I may have to format c: just to get rid of all the stuff that was installed. |
Yup. I cleaned that bitch, fired up my Symantec warez, 3 trojans and 15 worms later I think all is well.
|
ROFL :1orglaugh
m4tt, seems like norton server is gonna have shitload of work during the night lol. |
the RPC shutdown thing was on my puter for two days - but I can't find any worms or trojans - i ran my virus scan and nothing showed up.
|
well, as long as you got your windows patched up, the registry key and the msblast.exe removed.. you wont get any NEW shit... just gotta find what happened when you were actually infected... wait for some updates of your AV software :)
|
piece of shit. now im gonna have to spend all my day tomorrow again checking computers for spyware bullshit :mad:
|
If you don't want to run wimdows update... for whatever reason:winkwink: heres the patch
http://www.eu.microsoft.com/technet/...n/MS03-026.asp |
lol, windows update doesn't even work with windows 2000 when you got that exploit running on your computer :1orglaugh
|
Here are some of the files I found in msconfig (startup).. not sure what they do but I have never seen them before and shutting them down only helped (a lot)
mscache.exe, "C:\mscache.exe" msbb.exe, "C:\WINDOWS\msbb.exe" win32us.exe, "C:\windows\system32\win32us.exe /noconnect" bargains.exe, "C:\Program Files\Bargain Buddy\bin\bargains.exe" winnet.exe, "C:\Program Files\CommonName\Toolbar\winnet.exe" FMSZGMTZ.exe, "C:\WINDOWS\FMSZGMTZ.exe" winservn.exe, "C:\WINDOWS\system32\winservn.exe" msblast.exe |
wow. i cant believe i'm the first person to post this.
http://www.apple.com/switch/ you mac addicts are getting slow :D |
mscache.exe, "C:\mscache.exe" .. not any .exe in root of c drive
msbb.exe, "C:\WINDOWS\msbb.exe" ? win32us.exe, "C:\windows\system32\win32us.exe /noconnect" bargains.exe, "C:\Program Files\Bargain Buddy\bin\bargains.exe" prolly that GAIN shit or some third party shit installed by KaZaA or something else freeware o_O winnet.exe, "C:\Program Files\CommonName\Toolbar\winnet.exe" alexa or something like that? FMSZGMTZ.exe, "C:\WINDOWS\FMSZGMTZ.exe" ? winservn.exe, "C:\WINDOWS\system32\winservn.exe" sounds like a server, do some searches on it |
|
Quote:
this thing's covered buddy heh |
I can't get rid of that fucking box..
|
Quote:
|
Quote:
damn right no worries about exploits for mac users |
Quote:
|
Quote:
|
you can't repair since this file IS the worm.. there's no use to that file, so it can't be repaired, it has to be deleted. (read plz thx)
|
Tried your walk thru already.. Isn't working..
This fucking bites..:mad: |
you have win2000? did you follow the 2000 part of tried the XP part ?....
|
Quote:
|
xp bro.
|
Quote:
|
I have norton too, I did it on 10 computers this morning, helped like 20 friends getting rid of it... and it worked perfectly, what part doesnt work?
|
Quote:
why don't you chill i got infected also, jesus, who didn't |
Quote:
Got the patch the second day it came out. What I would like to know is how you guys got infected? E-mail or did it come from some malicious site. |
actually the guy can just send packets to your ip on port 135 and its done, can get a script in there or something, do not know exactly how he send it.
|
Quote:
Anyway, j3ff I think I got it here dude. Just took a couple of times.. Thanks for your help. Peace. |
Quote:
|
just found out that when i got to 'Empty Recycle Bin' it asks if I want to delete 'WINDOWS'.. the bin is empty!
btw.. I clicked yes and it says "Cannot read from the source file or disk" http://www.jasonandalex.com/images/delete_windows.jpg |
hump chump clump pump rump dump bump
|
| All times are GMT -7. The time now is 06:07 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123