Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.

Photo
- - - - -

Get your Windows 2000/XP patched up


This topic has been archived. This means that you cannot reply to this topic.
96 replies to this topic

#1 of 97 OFFLINE   Kevin_W

Kevin_W

    Second Unit



  • 262 posts
  • Join Date: Jun 22 2000

Posted August 11 2003 - 02:55 PM

I know this would be better categorized under the Computers Area, but seems important enough that an exception be made.

The first major worm utilizing the RPC hole Microsoft brought to light on July 16th has reared up today infecting thousands of PC's already and I am sure it's going to get worse by tomorrow and thereafter. If you haven't been affected yet, please patch up before you do get hit. Broadband users especially affected do to the ease of downloading and propagating the worm.

Here's the Microsoft info and links to the proper patches based on your OS:
http://www.microsoft....n/MS03-026.asp

Kevin

#2 of 97 OFFLINE   Holadem

Holadem

    Lead Actor



  • 8,972 posts
  • Join Date: Nov 04 2000

Posted August 11 2003 - 03:55 PM

What's RPC? Sounds awfully familiar. I just got home, and within 5 minutes, I got two strange error messages with a 60 secs countdown to shutdown (it actually restarts). And yes, Unless I am being paranoid, I believe there was something about RPC in that message. I must point out that free trial of antivirus expired a couple of days ago.

It got me worried enough to start a thread in the PC area inquiring about protection for my box.

Yikes. Are we all going to die?

--
Holadem

#3 of 97 OFFLINE   JeremySt

JeremySt

    Screenwriter



  • 1,775 posts
  • Join Date: Aug 19 2001

Posted August 11 2003 - 04:25 PM

i had the 60 second shutdown message today on 3 different computers, two at a friends house, and my moms. not mine yet though... guess ill get th patch to be safe.

#4 of 97 OFFLINE   Chris Derby

Chris Derby

    Second Unit



  • 374 posts
  • Join Date: Oct 31 2000

Posted August 11 2003 - 04:33 PM

RPC is a Remote Procedure Call

Remote Procedure Call (RPC) is an interprocess communication technique to allow client and server software to communicate.
-derby

#5 of 97 OFFLINE   Doug R

Doug R

    Supporting Actor



  • 787 posts
  • Join Date: Oct 26 2000

Posted August 11 2003 - 07:17 PM

http://securityrespo....oval.tool.html


That will remove it from your machine.

I got thrashed by it today.. took me awhile to figure out what on Earth was going on.

And dont forget to the get Windows security patch to close the hole.

#6 of 97 OFFLINE   Jerry Almeida

Jerry Almeida

    Second Unit



  • 422 posts
  • Join Date: Jun 07 1999
  • Real Name:Jerry Almeida
  • LocationTampa, FL

Posted August 11 2003 - 10:11 PM

I got nailed by this yesterday when I got home. I'll try Doug's fix today when I get home from work.

A quick fix to get past the 60 second shut down is to go to Start>Settings>Control Panel>Administrative Tools>Services. Find the Remote Procedure Call (RPC), right-click and select properties. At the Recovery Tab you'll see fields for First, Second, and Subsequent Failures. Set these to take no action. That will give you time to work on the problem.

By the way, these are the steps I took for XP.
Everybody relax, I'm here. -Jack Burton

#7 of 97 OFFLINE   Kevin_W

Kevin_W

    Second Unit



  • 262 posts
  • Join Date: Jun 22 2000

Posted August 12 2003 - 12:18 AM

What I did to stop the problem was load up regedit. Goto Local Machine Software Microsoft Ole. Edit the EnableDCOM and change the Y to N. Exit regedit and reboot.

That's something you can do within the 60 seconds countdown. Once you reboot, you'll not have the problem and should be able to now get on the internet and start patching the crap out of your system. Disclaimer: always be careful using regedit!

Kevin

[edit] forgot to mention that unplugging my network cable from the PC seemed to keep that countdown at bay as well.

#8 of 97 OFFLINE   Vince Maskeeper

Vince Maskeeper

    Lead Actor



  • 6,504 posts
  • Join Date: Jan 18 1999

Posted August 12 2003 - 12:47 AM

Does anyone know how the machines get infected- I can't seem to find any info in the new coverage. Is this another "virus" that spreads because people run an .exe file in an email attachment?

-Vince
Need an introduction to home theater? Check out our FAQ and Primer!!

#9 of 97 OFFLINE   Lee L

Lee L

    Supporting Actor



  • 868 posts
  • Join Date: Oct 26 2000

Posted August 12 2003 - 12:56 AM

Has this not been on Windows Update, the patch is date July 16th?
Revenge is like serving cold cuts-

Tony Soprano

#10 of 97 OFFLINE   Andy Sheets

Andy Sheets

    Screenwriter



  • 2,371 posts
  • Join Date: Aug 06 2000

Posted August 12 2003 - 01:56 AM

Quote:
Does anyone know how the machines get infected- I can't seem to find any info in the new coverage. Is this another "virus" that spreads because people run an .exe file in an email attachment?

No, it's a security flaw in Windows 2000/XP. Apparently you only need to be connected to the internet to get it, although file-sharing programs probably make your computer much more vulnerable. I know this because I haven't downloaded anything in months but my home PC got nailed yesterday (mostly likely because of Kazaa. I knew I should have gotten rid of that thing. I hardly ever use it anyway...). After reading up on it this morning, I'll see if I can get it cleared up when I get home this evening.

#11 of 97 OFFLINE   JamieD

JamieD

    Supporting Actor



  • 557 posts
  • Join Date: Apr 05 2002

Posted August 12 2003 - 02:09 AM

Yeah, from what I've been told, if you're connected to the net, and have the ports open, they can hit it.

A few "folks" were shutting machines down all over Aliant's network here in St. John's.
My Small (But Prized) DVD Collection!

"Actually, I am in really bad shape financially."

#12 of 97 OFFLINE   chris_everett

chris_everett

    Second Unit



  • 403 posts
  • Join Date: Jul 20 2003

Posted August 12 2003 - 02:57 AM

A machine shutting down is a symptom of this worm
1. It does not spread via e-mail
2. Broadband users without firewalls are extremely vulnerable! If you don't have a firewall on your system, and have not installed the patch, you will probably be infected by the end of the day!
3. As far as I can tell, it's not spreading via peer to peer file servies, just a straight connection over the internet
4. If you have broadband i-net access, I highly recommend that you purchase a hardware firewall. These can be had for about $50 now (linksys, and others) for those with modems, I highly recommend a software firewall.
--Chris Everett

#13 of 97 OFFLINE   Michael Reuben

Michael Reuben

    Studio Mogul



  • 21,769 posts
  • Join Date: Feb 12 1998

Posted August 12 2003 - 03:12 AM

Quote:
Has this not been on Windows Update, the patch is date July 16th?

Yes, it's been there. That's how I knew to install it on all three computers at home (all of them running XP).

M.
COMPLETE list of my disc reviews.       HTF Rules / 200920102011 Film Lists

#14 of 97 OFFLINE   MikeAlletto

MikeAlletto

    Screenwriter



  • 2,371 posts
  • Join Date: Mar 11 2000

Posted August 12 2003 - 03:16 AM

Quote:
although file-sharing programs probably make your computer much more vulnerable

Quote:
mostly likely because of Kazaa. I knew I should have gotten rid of that thing.

Wrong. Should have kept up with your security patches. Everyone who gets this has no one to blame but themselves. If you have broadband you should also be running a firewall. They are so cheap and easy to use these days there is no excuse not to.
Michael Alletto

#15 of 97 OFFLINE   Colin Davidson

Colin Davidson

    Second Unit



  • 385 posts
  • Join Date: Jan 06 1999

Posted August 12 2003 - 05:03 AM

I know MS is supposed to be the big bad giant but I would recommend turning on Automatic Updating. This will make sure that you get the critical updates downloaded automatically to your PC for installation.

In XP (and 2000 as I recall) to activate it go to Control Panel and double click on the Systems icon. Select the Automatic Updates tab and configure.

#16 of 97 OFFLINE   Michael Reuben

Michael Reuben

    Studio Mogul



  • 21,769 posts
  • Join Date: Feb 12 1998

Posted August 12 2003 - 05:16 AM

Quote:
I know MS is supposed to be the big bad giant but I would recommend turning on Automatic Updating. This will make sure that you get the critical updates downloaded automatically to your PC for installation.

Agreed. And if you're concerned about receiving updates that you don't know about, just turn on notification and you'll get to review and evaluate any update before it's downloaded or installed.

M.
COMPLETE list of my disc reviews.       HTF Rules / 200920102011 Film Lists

#17 of 97 OFFLINE   Tom Meyer

Tom Meyer

    Second Unit



  • 407 posts
  • Join Date: Feb 11 1999

Posted August 12 2003 - 06:03 AM

holy shit ! My machine at home was nailed w/ this in the AM and kept rebooting. Didn't know what was going on so I downloaded all the latest MS patches from the windows update site. Will that fix it ? I'll also have to download the patch from Symantec. The thing is, I have a firewall (ZoneAlarm) so the only way I could probably have gotten it is thru KaZaa, though I haven't used it in a couple days.

Does it cause any real damage or is it just one of those most-likely-annoying viruses ?

#18 of 97 OFFLINE   MickeS

MickeS

    Producer



  • 5,065 posts
  • Join Date: Jul 24 2000

Posted August 12 2003 - 06:34 AM

Everyone who gets this has no one to blame but themselves.

And here I thought it was the one who wrote and propagated the virus who was to blame. Posted Image

Yes, it's easy to protect from it and I agree everyone should use Windows Update, but don't blame those who rightfully assumed that Microsoft had taken care of this in the first place. But I agree that it's pretty stupid not to continually use WU.

Fortunately I never assume that so I run WU as often as possible. Posted Image

Quote:
If you have broadband you should also be running a firewall. They are so cheap and easy to use these days there is no excuse not to.

Yeah, definitely, I can't imagine running a PC without one after seeing all the stuff that tries to get in on the computer every day. I run Zone Alarm which works well.

How good is the built-in firewall in Windows XP? better than nothing I'd hope at least? Posted Image

Quote:
The thing is, I have a firewall (ZoneAlarm) so the only way I could probably have gotten it is thru KaZaa, though I haven't used it in a couple days.

Kazaa has nothing to do with this. It's port 135 on your computer that's open and vulnerable. The virus was released yesterday, that's why you weren't hit before.

There are links above about the virus and how to remove it.
/Mike

#19 of 97 OFFLINE   Kraig Lang

Kraig Lang

    Stunt Coordinator



  • 200 posts
  • Join Date: May 28 2000

Posted August 12 2003 - 06:47 AM

For anyone interested, the Microsoft patch that fixes this vulnerability is MS03-026. There is also a cleanup tool on the Norton site.

It propogates by executing on your system, rebooting and then scanning for open ports/Vulnerable systems.
MOISTURE...*Silica Absorbs It*

#20 of 97 OFFLINE   Rob Gillespie

Rob Gillespie

    Producer



  • 3,634 posts
  • Join Date: Aug 17 1998

Posted August 12 2003 - 06:53 AM

The virus itself is fairly benign and just clogs up the networks.

However future one's will probably be a little more nasty.

Quote:
Kazaa has nothing to do with this. It's port 135 on your computer that's open and vulnerable. The virus was released yesterday, that's why you weren't hit before.

ZoneAlarm will by default block port 135 if the security setting is Medium or High. Unless Kazaa has opened the port I would make sure your ZA is running properly.
No longer here.


Back to After Hours Lounge



Forum Nav Content I Follow