Get your Windows 2000/XP patched up (1 Viewer)

Kevin_W · Aug 11, 2003

I know this would be better categorized under the Computers Area, but seems important enough that an exception be made.

The first major worm utilizing the RPC hole Microsoft brought to light on July 16th has reared up today infecting thousands of PC's already and I am sure it's going to get worse by tomorrow and thereafter. If you haven't been affected yet, please patch up before you do get hit. Broadband users especially affected do to the ease of downloading and propagating the worm.

Here's the Microsoft info and links to the proper patches based on your OS:
http://www.microsoft.com/technet/tre...n/MS03-026.asp

Kevin

Holadem · Aug 11, 2003

What's RPC? Sounds awfully familiar. I just got home, and within 5 minutes, I got two strange error messages with a 60 secs countdown to shutdown (it actually restarts). And yes, Unless I am being paranoid, I believe there was something about RPC in that message. I must point out that free trial of antivirus expired a couple of days ago.

It got me worried enough to start a thread in the PC area inquiring about protection for my box.

Yikes. Are we all going to die?

--
Holadem

JeremySt · Aug 11, 2003

i had the 60 second shutdown message today on 3 different computers, two at a friends house, and my moms. not mine yet though... guess ill get th patch to be safe.

Chris Derby · Aug 11, 2003

RPC is a Remote Procedure Call

Remote Procedure Call (RPC) is an interprocess communication technique to allow client and server software to communicate.

Doug R · Aug 11, 2003

http://securityresponse.symantec.com...oval.tool.html

That will remove it from your machine.

I got thrashed by it today.. took me awhile to figure out what on Earth was going on.

And dont forget to the get Windows security patch to close the hole.

Jerry Almeida · Aug 12, 2003

I got nailed by this yesterday when I got home. I'll try Doug's fix today when I get home from work.

A quick fix to get past the 60 second shut down is to go to Start>Settings>Control Panel>Administrative Tools>Services. Find the Remote Procedure Call (RPC), right-click and select properties. At the Recovery Tab you'll see fields for First, Second, and Subsequent Failures. Set these to take no action. That will give you time to work on the problem.

By the way, these are the steps I took for XP.

Kevin_W · Aug 12, 2003

What I did to stop the problem was load up regedit. Goto Local Machine Software Microsoft Ole. Edit the EnableDCOM and change the Y to N. Exit regedit and reboot.

That's something you can do within the 60 seconds countdown. Once you reboot, you'll not have the problem and should be able to now get on the internet and start patching the crap out of your system. Disclaimer: always be careful using regedit!

Kevin

[edit] forgot to mention that unplugging my network cable from the PC seemed to keep that countdown at bay as well.

Vince Maskeeper · Aug 12, 2003

Does anyone know how the machines get infected- I can't seem to find any info in the new coverage. Is this another "virus" that spreads because people run an .exe file in an email attachment?

-Vince

Lee L · Aug 12, 2003

Has this not been on Windows Update, the patch is date July 16th?

Andy Sheets · Aug 12, 2003

Does anyone know how the machines get infected- I can't seem to find any info in the new coverage. Is this another "virus" that spreads because people run an .exe file in an email attachment?

No, it's a security flaw in Windows 2000/XP. Apparently you only need to be connected to the internet to get it, although file-sharing programs probably make your computer much more vulnerable. I know this because I haven't downloaded anything in months but my home PC got nailed yesterday (mostly likely because of Kazaa. I knew I should have gotten rid of that thing. I hardly ever use it anyway...). After reading up on it this morning, I'll see if I can get it cleared up when I get home this evening.

Click to expand...

JamieD · Aug 12, 2003

Yeah, from what I've been told, if you're connected to the net, and have the ports open, they can hit it.

A few "folks" were shutting machines down all over Aliant's network here in St. John's.

chris_everett · Aug 12, 2003

A machine shutting down is a symptom of this worm
1. It does not spread via e-mail
2. Broadband users without firewalls are extremely vulnerable! If you don't have a firewall on your system, and have not installed the patch, you will probably be infected by the end of the day!
3. As far as I can tell, it's not spreading via peer to peer file servies, just a straight connection over the internet
4. If you have broadband i-net access, I highly recommend that you purchase a hardware firewall. These can be had for about $50 now (linksys, and others) for those with modems, I highly recommend a software firewall.

Michael Reuben · Aug 12, 2003

Has this not been on Windows Update, the patch is date July 16th?

Yes, it's been there. That's how I knew to install it on all three computers at home (all of them running XP).

M.

Click to expand...

MikeAlletto · Aug 12, 2003

mostly likely because of Kazaa. I knew I should have gotten rid of that thing.

Wrong. Should have kept up with your security patches. Everyone who gets this has no one to blame but themselves. If you have broadband you should also be running a firewall. They are so cheap and easy to use these days there is no excuse not to.

Click to expand...

Colin Davidson · Aug 12, 2003

I know MS is supposed to be the big bad giant but I would recommend turning on Automatic Updating. This will make sure that you get the critical updates downloaded automatically to your PC for installation.

In XP (and 2000 as I recall) to activate it go to Control Panel and double click on the Systems icon. Select the Automatic Updates tab and configure.

Michael Reuben · Aug 12, 2003

I know MS is supposed to be the big bad giant but I would recommend turning on Automatic Updating. This will make sure that you get the critical updates downloaded automatically to your PC for installation.

Agreed. And if you're concerned about receiving updates that you don't know about, just turn on notification and you'll get to review and evaluate any update before it's downloaded or installed.

M.

Click to expand...

Tom Meyer · Aug 12, 2003

holy shit ! My machine at home was nailed w/ this in the AM and kept rebooting. Didn't know what was going on so I downloaded all the latest MS patches from the windows update site. Will that fix it ? I'll also have to download the patch from Symantec. The thing is, I have a firewall (ZoneAlarm) so the only way I could probably have gotten it is thru KaZaa, though I haven't used it in a couple days.

Does it cause any real damage or is it just one of those most-likely-annoying viruses ?

MickeS · Aug 12, 2003

The thing is, I have a firewall (ZoneAlarm) so the only way I could probably have gotten it is thru KaZaa, though I haven't used it in a couple days.

Kazaa has nothing to do with this. It's port 135 on your computer that's open and vulnerable. The virus was released yesterday, that's why you weren't hit before.

There are links above about the virus and how to remove it.

Click to expand...

Kraig Lang · Aug 12, 2003

For anyone interested, the Microsoft patch that fixes this vulnerability is MS03-026. There is also a cleanup tool on the Norton site.

It propogates by executing on your system, rebooting and then scanning for open ports/Vulnerable systems.

Rob Gillespie · Aug 12, 2003

The virus itself is fairly benign and just clogs up the networks.

However future one's will probably be a little more nasty.

Kazaa has nothing to do with this. It's port 135 on your computer that's open and vulnerable. The virus was released yesterday, that's why you weren't hit before.

ZoneAlarm will by default block port 135 if the security setting is Medium or High. Unless Kazaa has opened the port I would make sure your ZA is running properly.

Click to expand...

Home Theater

Entertainment & Streaming Content

Physical Media

Home Theater Equipment and Hardware

Other Diversions

Bargains and Classifieds

Home Theater Forum

Archives

Get your Windows 2000/XP patched up (1 Viewer)

Second Unit

Screenwriter

Second Unit

Supporting Actor

Second Unit

Second Unit

Supporting Actor

Supporting Actor

Second Unit

Second Unit

Second Unit

Stunt Coordinator

Similar threads

Users who are viewing this thread

Sign up for our newsletter

and receive essential news, curated deals, and much more

Forum statistics