Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020
From: David H. Lipman on 27 Nov 2008 06:31
From: "Baron Thener" <BaronThener(a)discussions.microsoft.com>

| One More thing Dave before I try this on. is there anyway to update this
| multiscan manualy? because the infected server cannot connect to the network
| properly so it could not get an update from the internet. an also do you have
| any suggestion to trace the source of this buffer overflow infection?
| Thanks,

| baron

Yes. Read the included PDF Help File on the use of a surrogate PC to download all files
and then transfer and run on an infected computer.

As for tracing this...
That's difficult. I personnally don't know. Is it backed upon RPC, TCP port 135 or
through SMB TCP 445 ?

Have you put a packet sniffer on any nodes ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Jez Robinson Jez on 27 Nov 2008 10:48
Hi,

This problem appears to be related to the Microsoft Vulnerability that
allows remote code execution on ports 139 and 445.

Check to make sure you have hot fix 958644 installed.

http://www.microsoft.com/technet/sec.../MS08-067.mspx

There is a large amount of activity on the web with variants of a virus
published last week.

So install the Hot Fix and reboot, hopefully that will solve your problem.

Over and out.

"David H. Lipman" wrote:

> From: "Baron Thener" <BaronThener(a)discussions.microsoft.com>
>
> | One More thing Dave before I try this on. is there anyway to update this
> | multiscan manualy? because the infected server cannot connect to the network
> | properly so it could not get an update from the internet. an also do you have
> | any suggestion to trace the source of this buffer overflow infection?
> | Thanks,
>
> | baron
>
> Yes. Read the included PDF Help File on the use of a surrogate PC to download all files
> and then transfer and run on an infected computer.
>
> As for tracing this...
> That's difficult. I personnally don't know. Is it backed upon RPC, TCP port 135 or
> through SMB TCP 445 ?
>
> Have you put a packet sniffer on any nodes ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>
From: JezRobinson on 27 Nov 2008 10:39

Hi,

This problem appears to be related to the Microsoft Vulnerability that
allows remote code execution on ports 139 and 445.

Check to make sure you have hot fix 958644 installed.

http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

There is a large amount of activity on the web with variants of a virus
published last week.

So install the Hot Fix and reboot, hopefully that will solve your
problem.

Over and out.


--
JezRobinson
------------------------------------------------------------------------
JezRobinson's Profile: http://forums.techarena.in/members/jezrobinson.htm
View this thread: http://forums.techarena.in/security-virus/1077813.htm

http://forums.techarena.in

From: bredtracer on 28 Nov 2008 15:06

Well my friends I maybe new here but this problem is not new to me.
Actually whenever I formatted my PC and installed a fresh copy of
Windows XP SP2 version this problem would surface. As Jez rightly
pointed out you need that hotfix and even then some people might
continue to experience the problem as I did too. I did a Google search
of it and got the remedy from a forum like this. It was a software
installing which the problem never troubled me.
As I said already this situation has encountered by me many times so am
sure of what I said. I guess you people can also locate the software am
talking about by searching it for some time.


--
bredtracer
------------------------------------------------------------------------
bredtracer's Profile: http://forums.techarena.in/members/bredtracer.htm
View this thread: http://forums.techarena.in/security-virus/1077813.htm

http://forums.techarena.in

From: Baron Thener on 29 Nov 2008 02:47
Dear Jez.
Thanks for the update. I've tried the hotfix. well, see in a couple of days.
and I'll report in this newsgroup again.

thanks.
Baron

"JezRobinson" wrote:

>
> Hi,
>
> This problem appears to be related to the Microsoft Vulnerability that
> allows remote code execution on ports 139 and 445.
>
> Check to make sure you have hot fix 958644 installed.
>
> http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
>
> There is a large amount of activity on the web with variants of a virus
> published last week.
>
> So install the Hot Fix and reboot, hopefully that will solve your
> problem.
>
> Over and out.
>
>
> --
> JezRobinson
> ------------------------------------------------------------------------
> JezRobinson's Profile: http://forums.techarena.in/members/jezrobinson.htm
> View this thread: http://forums.techarena.in/security-virus/1077813.htm
>
> http://forums.techarena.in
>
>
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020