Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020
From: Baron Thener on 29 Nov 2008 02:53
Dear Dave,
You got some heavy duty antivirus there. but it doesn't find the cause of
the bo:stack buffer overflow. it capture some virus in several servers but
the virus was not the same in every servers.

The reporting about buffer overflow has been rare since I tried the hotfix
from jez robinson and other windows critical update from windows update.

We'll see for a couple days if something come out again I'll come back to
this forum. Thanks a lot for the antivirus though. It really useful.

best regards,
Baron

"David H. Lipman" wrote:

> From: "Baron Thener" <BaronThener(a)discussions.microsoft.com>
>
> | One More thing Dave before I try this on. is there anyway to update this
> | multiscan manualy? because the infected server cannot connect to the network
> | properly so it could not get an update from the internet. an also do you have
> | any suggestion to trace the source of this buffer overflow infection?
> | Thanks,
>
> | baron
>
> Yes. Read the included PDF Help File on the use of a surrogate PC to download all files
> and then transfer and run on an infected computer.
>
> As for tracing this...
> That's difficult. I personnally don't know. Is it backed upon RPC, TCP port 135 or
> through SMB TCP 445 ?
>
> Have you put a packet sniffer on any nodes ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>
From: Baron Thener on 29 Nov 2008 02:56
Dear bredtracer,
We never experince anything like this before. and the the virus / maleware
or what ever this is is attacking multiply windows platform from windows
server 2000, server 2003, server 2003 R2, and XP SP2

Thanks for your reply.

baron

"bredtracer" wrote:

>
> Well my friends I maybe new here but this problem is not new to me.
> Actually whenever I formatted my PC and installed a fresh copy of
> Windows XP SP2 version this problem would surface. As Jez rightly
> pointed out you need that hotfix and even then some people might
> continue to experience the problem as I did too. I did a Google search
> of it and got the remedy from a forum like this. It was a software
> installing which the problem never troubled me.
> As I said already this situation has encountered by me many times so am
> sure of what I said. I guess you people can also locate the software am
> talking about by searching it for some time.
>
>
> --
> bredtracer
> ------------------------------------------------------------------------
> bredtracer's Profile: http://forums.techarena.in/members/bredtracer.htm
> View this thread: http://forums.techarena.in/security-virus/1077813.htm
>
> http://forums.techarena.in
>
>
From: David H. Lipman on 29 Nov 2008 06:51
From: "Baron Thener" <BaronThener(a)discussions.microsoft.com>

| Dear Dave,
| You got some heavy duty antivirus there. but it doesn't find the cause of
| the bo:stack buffer overflow. it capture some virus in several servers but
| the virus was not the same in every servers.

| The reporting about buffer overflow has been rare since I tried the hotfix
| from jez robinson and other windows critical update from windows update.

| We'll see for a couple days if something come out again I'll come back to
| this forum. Thanks a lot for the antivirus though. It really useful.

| best regards,
| Baron

You need to do some packet sniffing and find what computers on your LAN are infected and
searching out OTHER computers through TCP ports 135 and 445.

You need to isolate your network from the WAN better with a FireWall as well.

You indicated that there were "...some virus in several servers..."
Please identify exactly what was found.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Kayman on 29 Nov 2008 21:18
On Fri, 28 Nov 2008 23:47:00 -0800, Baron Thener wrote:

> Dear Jez.
> Thanks for the update. I've tried the hotfix. well, see in a couple of days.
> and I'll report in this newsgroup again.
> thanks.
> Baron
>
> "JezRobinson" wrote:
>>
>> Hi,
>> This problem appears to be related to the Microsoft Vulnerability that
>> allows remote code execution on ports 139 and 445.

Seconfig XP 1.1
http://seconfig.sytes.net/
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
From: David H. Lipman on 29 Nov 2008 22:33
From: "Kayman" <kaymanDeleteThis(a)operamail.com>


| Seconfig XP 1.1
| http://seconfig.sytes.net/
| Seconfig XP is able configure Windows not to use TCP/IP as transport
| protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
| and 445 (the most exploited Windows networking weak point) closed.)

Kayman:

He indicated these are servers. They are not home computers and they are partipating in a
LAN.

Closing these ports could have disasterous effects on LAN communications.

Your advice is contraindicated.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020