If you have Windows XP and you have automatic updates, congratulations, you now have a virus. Yay.

This website clearly explains how to remove the virus:
http://support.gateway.com/s/misc/tr...hootsu12.shtml

To get the update directly from Microsoft:
http://www.microsoft.com/downloads/d...displaylang=en


To get a free 15 day trial of Norton AntiVirus 2003:
http://nct.digitalriver.com/0001/

---->Windows XP.

 

No, you don't have a virus from automatic updates. Using the update downloads a security patch which prevents a possible virus infection.

 

Thats just what Gateway told me. Straight from the horses mouth.

The update occured on July 17th.

 

Ken's right. The virus was designed to attack the Windows update site, but you don't get it from Windows Update. The virus takes advantage of a flaw in the way Windows handles buffer overflows. You can get the patch by running Windows update. Check out this article for more info:

http://www.foxnews.com/story/0,2933,94479,00.html

 

I have received all 17,523 XP auto updates and I don't have a virus. Thanks for the warning though.

I use the AVG virus program. It has automatic updates for new viruses (viri?) and updates for new versions of AVG. It has caught quite a few viruses and I'm very happy with it. Did I mention it was free?

 

Windows worm starts its spread

By Robert Lemos
CNET News.com
August 11, 2003, 2:55 PM PT






A worm that takes advantage of what some security experts have called the most widespread Windows flaw ever has started spreading, fulfilling the predictions of many researchers.
Dubbed "MSBlast" by its author, the worm is spreading quickly, according to an initial analysis posted to the Internet Storm Center, a digital threat-tracking site. Ever since mid-July, when Microsoft announced a vulnerability in a widespread component of Windows, security experts have been waiting for some online vandal to create a worm that takes advantage of it.

"It is pretty widespread," said Johannes Ullrich, chief technology officer for the Storm Center. "It is sort of getting to the point where it is causing some slowdown."


Microsoft is investigating the worm but couldn't immediately comment on the program.

Some system administrators posting to a mailing list run by the North American Network Operators' Group, a popular forum for engineers who maintain large networks, believe that as much as 10 percent of the data coming into their networks has been created by the worm.

The worm contains two messages in its code. The first apparently is a "greet"--a message of greeting or recognition to a friend or peer--while the second takes aim at Microsoft: "billy gates why do you make this possible?" the second part of the message says. "Stop making money and fix your software!!"

Starting with a random Internet address, the worm sequentially scans for computers with the vulnerability.

MSBlast installs the Trivial File Transfer Protocol (TFTP) server, and runs the program to download its program code to the compromised server. It will also add a registry key to insure that the worm is restarted when the host computer is rebooted.

The worm attacks Windows computers via a hole in the operating system, an issue Microsoft on July 16 had warned about. Nine days after the software giant announced the flaw, hackers from the Chinese X Focus security group publicly posted a program to several security lists designed to allow an intruder to break in to Windows computers. The Windows flaw has been characterized by some security experts as the most widespread ever found in Microsoft's operating system.

The flaw is in a component of the OS that lets other computers request that the Windows system perform an action or service. The component, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use the computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to the system.

The Chinese code worked on only three variants of Windows, but other hackers have since refined it. Nine days ago, a hacker posted an attack program to a security mailing list. Many facets of the current worm seem to be similar to that program.

Experts have feared that a worm created to take advantage of the Microsoft flaw could have an effect similar to that of the Slammer worm that downed corporate networks in January.

Slammer spread to corporate networks worldwide, causing databases to go down, bank teller machines to stop working and some airline flights to be canceled. Six months earlier, a researcher had released code that exploited the major Microsoft SQL vulnerability used by the worm to spread.

Security experts and network administrators are working to identify the worm and patch their networks.

Microsoft Windows users can update their operating systems through the company's Windows Update service. More information about the flaw and workarounds are available in the advisory posted online.

 

That's why I use "me" no one bothers me with viruses

 

That's cause ME is so sorry it don't need a virus to slow it down LOL.

 

wow. that explains what happened to me last night, i kept gettin an error from the RPC, that hsut my computer down.... i just dl'd the updates, and problem solved

 

Yeah but did you get rid of the worm?

go here:

http://securityresponse.symantec.com...oval.tool.html

or here:
http://securityresponse.symantec.com...r/FixBlast*****

 

I have problems with that **** and it pises me off. I'm running the scaning tool right now.

 

I work in a computer store as a tech. So far since Monday we have seen atleast 10 machines come through with this virus and have had over a hundred phone calls on it. Couple other stores have had their networks hit with it. So far we're clean here on our machines.
The fun will come in a couple days when the virus actual unleashes its payload. Due to happen aug, 16. But from what I have read its all aimed at Microsoft. Trying to crash their servers. Could get intersting.

 

I'm sure by now Microsoft has taken steps to protect its self.

 

The attack against Microsoft will come in the form of a distributed denial of service attack. Speaking as an experienced computer security professional, this type of attack is VERY difficult to protect against.

Imagine having a store on a busy street. People constantly come in and out, which is good for business. You want these people to visit your store because they make you money.

Now imagine that someone distributed a flyer to everyone in town saying you were giving away free money, causing thousands upon thousands of people to descend upon your store. Your store would be a madhouse - you'd be far too busy telling people you weren't giving away money. Your real customers wouldn't get serviced at all. You can't shut the store down, because then you wouldn't get any business at all.

From a computer perspective, how would you differentiate between a real customer trying to download windows updates and the virus connecting to your server? Web servers can only handle so many requests at a time, and most of the people will not be able to update their computer as a result of this.

 

cool. DOWN WITH MICROSTINK!