Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020
From: Baron Thener on 30 Nov 2008 01:06
Dear Jez,
I tried to update the windows using this hotfix. it wen't well in the
windows 2000 server and windows 2003 r2. but one of our server using windows
2003 SP2 cannot be reach and cannot reach every network in our company. sthe
strange thing is ping, internet conection is ok. I even can do remote using
VNC to this server from other windows 2003 server. but if I use vista I could
not remote the computer.

everytime I go to run : \\computername it show:
the network connection could not be reach

this happen vise versa. is the hot fix close a port or something? if yes how
do you open it again?

Thanks

"JezRobinson" wrote:

>
> Hi,
>
> This problem appears to be related to the Microsoft Vulnerability that
> allows remote code execution on ports 139 and 445.
>
> Check to make sure you have hot fix 958644 installed.
>
> http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
>
> There is a large amount of activity on the web with variants of a virus
> published last week.
>
> So install the Hot Fix and reboot, hopefully that will solve your
> problem.
>
> Over and out.
>
>
> --
> JezRobinson
> ------------------------------------------------------------------------
> JezRobinson's Profile: http://forums.techarena.in/members/jezrobinson.htm
> View this thread: http://forums.techarena.in/security-virus/1077813.htm
>
> http://forums.techarena.in
>
>
From: Baron Thener on 9 Dec 2008 19:57
Dear Jez,
After trialing for this couple of days, we take preventive action to update
the servers. for the last server that was infected we decided to formatting
the server after we install the antivirus updating the windows update
suddently the server service is down again. but without any virus warning.
can it be the windows update contain some kind of bug? or the mcafee is the
one causing this? I already run of Idea.. please advice

Thanks

"JezRobinson" wrote:

>
> Hi,
>
> This problem appears to be related to the Microsoft Vulnerability that
> allows remote code execution on ports 139 and 445.
>
> Check to make sure you have hot fix 958644 installed.
>
> http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
>
> There is a large amount of activity on the web with variants of a virus
> published last week.
>
> So install the Hot Fix and reboot, hopefully that will solve your
> problem.
>
> Over and out.
>
>
> --
> JezRobinson
> ------------------------------------------------------------------------
> JezRobinson's Profile: http://forums.techarena.in/members/jezrobinson.htm
> View this thread: http://forums.techarena.in/security-virus/1077813.htm
>
> http://forums.techarena.in
>
>
From: Baron Thener on 9 Dec 2008 22:38
Sorry for the late reply dave. it cought sality or something like that. i
forgot cause i remove it once it detected. now it cause this in the event
viewer :

"Faulting application svchost.exe, version 5.2.3790.3959, faulting module
shell32.dll, version 6.0.3790.4184, fault address 0x0014e84e"


i already update the windows update and the antivirus also.

"David H. Lipman" wrote:

> From: "Baron Thener" <BaronThener(a)discussions.microsoft.com>
>
> | Dear Dave,
> | You got some heavy duty antivirus there. but it doesn't find the cause of
> | the bo:stack buffer overflow. it capture some virus in several servers but
> | the virus was not the same in every servers.
>
> | The reporting about buffer overflow has been rare since I tried the hotfix
> | from jez robinson and other windows critical update from windows update.
>
> | We'll see for a couple days if something come out again I'll come back to
> | this forum. Thanks a lot for the antivirus though. It really useful.
>
> | best regards,
> | Baron
>
> You need to do some packet sniffing and find what computers on your LAN are infected and
> searching out OTHER computers through TCP ports 135 and 445.
>
> You need to isolate your network from the WAN better with a FireWall as well.
>
> You indicated that there were "...some virus in several servers..."
> Please identify exactly what was found.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>
From: The Other Mike on 10 Dec 2008 13:25
On Tue, 9 Dec 2008 19:38:01 -0800, Baron Thener
<BaronThener(a)discussions.microsoft.com> wrote:

>Sorry for the late reply dave. it cought sality or something like that. i
>forgot cause i remove it once it detected. now it cause this in the event
>viewer :
>
>"Faulting application svchost.exe, version 5.2.3790.3959, faulting module
>shell32.dll, version 6.0.3790.4184, fault address 0x0014e84e"
>
>
>i already update the windows update and the antivirus also.
>

Saw this thread and we recently went through a battle with a worm that
sounds like what you have. After patching the servers/pc's that were
infected, you still have to clean up those machines. The worm we had
created a service on the servers and PC's. So even though you patch
the machine, the service still ran...which would crash other machines
it was trying to spread to that weren't patched. We deleted the
registry keys mentioned in this alert on the infected machines...


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDOWNAD%2EA&VSect=T

We also used a network sniffer to scan for port 445 requests and
usually those PC's making alot of requests had this virus service
still on them.



From: mike on 13 Dec 2008 09:56
Hi!

I had exactly the same problem on two of our 2003 servers (SP1).
It occurred 2 days ago for the first time.
I´ve found a workaround:

I installed, in order:

Hotfix KB914810 (included in SP2)
Hotfix KB932762
Security update KB958644

However the root cause is still unclear. But I suspect the auto update
service. It´s hosted by a svchost instance together with some important
networkservices.

greetings,
Michael

"Baron Thener" wrote:

> Dear Jez,
> After trialing for this couple of days, we take preventive action to update
> the servers. for the last server that was infected we decided to formatting
> the server after we install the antivirus updating the windows update
> suddently the server service is down again. but without any virus warning.
> can it be the windows update contain some kind of bug? or the mcafee is the
> one causing this? I already run of Idea.. please advice
>
> Thanks
>
> "JezRobinson" wrote:
>
> >
> > Hi,
> >
> > This problem appears to be related to the Microsoft Vulnerability that
> > allows remote code execution on ports 139 and 445.
> >
> > Check to make sure you have hot fix 958644 installed.
> >
> > http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
> >
> > There is a large amount of activity on the web with variants of a virus
> > published last week.
> >
> > So install the Hot Fix and reboot, hopefully that will solve your
> > problem.
> >
> > Over and out.
> >
> >
> > --
> > JezRobinson
> > ------------------------------------------------------------------------
> > JezRobinson's Profile: http://forums.techarena.in/members/jezrobinson.htm
> > View this thread: http://forums.techarena.in/security-virus/1077813.htm
> >
> > http://forums.techarena.in
> >
> >
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: X12-30107-DLM.EXE Virus or Hacker Hook
Next: Fatal Error TNT.11020