AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Hardware > CRASHED!

CRASHED! A topic for SEVERE and immediate Hardware and Operating System FAILURES. We will try to get you up again. NOT for Optimization questions!


Reply
 
LinkBack Thread Tools Rate Thread
  #21 (permalink)  
Old 14th August, 2003, 06:45 AM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

unless Compaq has changed you should have a install CD that wipes the HD and reinstalls Compaq's software package. He probably knew less about it than your gas station attendant Betty.
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #22 (permalink)  
Old 14th August, 2003, 07:10 AM
BigRed's Avatar
Member
 
Join Date: September 2002
Location: Seattle, WA
Posts: 1,356
Send a message via ICQ to BigRed Send a message via AIM to BigRed Send a message via Yahoo to BigRed

Quote:
Originally Posted by Betty
Okay, when I had to stop working on her machine to go to work I had run compaq's own stupid system recovery thing and apparently the services are re-enabled, but...it's still all buggy....I'm picking the machine up to take home to fix tomorrow after work.
I'll keep you all updated and holler for help some more, I'm sure.

*side note*
I did try nothing for the password...no go. when I talked to the guy that worked at the store that sold her the pos, he was very reluctant to give advice or tell me how to run comcrap's system recovery.
Make sure your in safe mode when you run the program to axe the worm otherwise it still hides in there somewhere
__________________
"Get busy living or get busy dying, Thats god damn right." -Red
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #23 (permalink)  
Old 14th August, 2003, 09:04 AM
Betty's Avatar
Member/Contributer
 
Join Date: September 2001
Location: Port Alberni, B.C., Canada
Posts: 3,668
Send a message via ICQ to Betty Send a message via MSN to Betty

Quote:
Originally Posted by Daniel ~
unless Compaq has changed you should have a install CD that wipes the HD and reinstalls Compaq's software package. He probably knew less about it than your gas station attendant Betty.
Compaq does not include an install cd any longer....at least not in Canada....when the salesman sold my friend this computer, she specifically asked if it came with an install cd because she didn't want to buy a system that didn't have one. (she'd been nailed on that one before) The salesman assured her that it did indeed come with an xp install cd.
bleh. I hate salesmen & prefab crap.
__________________
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming... Boy, What a ride!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #24 (permalink)  
Old 14th August, 2003, 10:40 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

The worm will kill RPC when it tries to infect the machine. Restarting the machine will restart RPC, until the worm next tries to reinfect. Hence, it's necessary to physically disconnect the machine from any network to ensure you can apply the patch. Otherwise the worm may try to reinfect whilst you're waiting to get to the desktop!

There's also tools that can be used to reset the admin password, although I've sometimes had wierd problems with the recovery console and passwords.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #25 (permalink)  
Old 14th August, 2003, 07:58 PM
Betty's Avatar
Member/Contributer
 
Join Date: September 2001
Location: Port Alberni, B.C., Canada
Posts: 3,668
Send a message via ICQ to Betty Send a message via MSN to Betty

Quote:
Originally Posted by Áedán
The worm will kill RPC when it tries to infect the machine. Restarting the machine will restart RPC, until the worm next tries to reinfect. Hence, it's necessary to physically disconnect the machine from any network to ensure you can apply the patch. Otherwise the worm may try to reinfect whilst you're waiting to get to the desktop!

There's also tools that can be used to reset the admin password, although I've sometimes had wierd problems with the recovery console and passwords.
Yes, machine was disconnected from the internet and is not part of a network, cleaned, and I tried to install the patch on it, it wouldn't go. rpc could not be re-enabled at all.
I did the comcrap system recovery thing and it's re-enabled now and I instructed her to stay disconnected from the internet (I installed zonealarm, but I figured she should stay off until I'm sure she's good to go)
__________________
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming... Boy, What a ride!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #26 (permalink)  
Old 16th August, 2003, 02:00 AM
prat's Avatar
Member
 
Join Date: September 2002
Location: Rice University!
Posts: 218
Send a message via AIM to prat Send a message via Yahoo to prat

Quote:
Originally Posted by Betty
Okay, when I had to stop working on her machine to go to work I had run compaq's own stupid system recovery thing and apparently the services are re-enabled, but...it's still all buggy....I'm picking the machine up to take home to fix tomorrow after work.
I'll keep you all updated and holler for help some more, I'm sure.

*side note*
I did try nothing for the password...no go. when I talked to the guy that worked at the store that sold her the pos, he was very reluctant to give advice or tell me how to run comcrap's system recovery.
Other common passwords you might try: admin, tech, nimda, (yes, like the worm).
By the way, current news reports are saying that Microsoft's patch (released months ago, actually) is NOT fully protecting users from this attack. Apparently, their RPC code is just WAY to buggy. I have, however, found a fix for this particular problem, available at:

http://www.redhat.com/

and also at:

http://www.debian.org/
__________________
AOA Team fah
Athlon XP 1900+ @ stock, 512MB DDR RAM, ASUS A7S333 MB running Gentoo
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #27 (permalink)  
Old 16th August, 2003, 08:33 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by prat
By the way, current news reports are saying that Microsoft's patch (released months ago, actually) is NOT fully protecting users from this attack. Apparently, their RPC code is just WAY to buggy.
The patch for the DCOM issue was released about a month ago now. In any case, leaving NetBIOS ports open to the internet is a bad idea, in just the same way that leaving portmapper and friends open to the internet isn't a great idea on Linux.

As far as Linux goes... Found a hole in a peice of open source software yesterday that allows an attacker to gain shell on the machine. Couple that with the ptrace vulnerability that exists in slightly less recent kernels running on machines, and it's just as bad a DCOM.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #28 (permalink)  
Old 18th August, 2003, 08:34 AM
robbie's Avatar
AOA Staff
 
Join Date: November 2001
Location: Out in the desert of Ca.
Posts: 12,548
Send a message via AIM to robbie Send a message via MSN to robbie Send a message via Yahoo to robbie Send a message via Skype™ to robbie

Ya know I was talking to a friend of mine about this "virus" that's going around, we might be wrong (and probably are) but some of use were under the idea that "MAYBE" just maybe window's XP is designed to automatically go and do an update (regardless if you have it set that way or not) just so MS can keep "track" of things and MAYBE just maybe MS realized that they might be in hot water with WAY too many boxes trying to "update" themselfs on there servers all at once. So they make something up about a worm which "forces" people to (well some thus lowering the load) to update before that date.

Just a thought.
Rob
__________________
Taking each day as it comes
Grow, learn and OVERCLOCK. Need help?? Ask me.
Your Mommy!! (Aug/02) Welcome to the fold.
Buy it, Sell it, or Trade it in the AoA classifieds!!
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #29 (permalink)  
Old 18th August, 2003, 09:53 AM
BigRed's Avatar
Member
 
Join Date: September 2002
Location: Seattle, WA
Posts: 1,356
Send a message via ICQ to BigRed Send a message via AIM to BigRed Send a message via Yahoo to BigRed

Quote:
Originally Posted by robbie
Ya know I was talking to a friend of mine about this "virus" that's going around, we might be wrong (and probably are) but some of use were under the idea that "MAYBE" just maybe window's XP is designed to automatically go and do an update (regardless if you have it set that way or not) just so MS can keep "track" of things and MAYBE just maybe MS realized that they might be in hot water with WAY too many boxes trying to "update" themselfs on there servers all at once. So they make something up about a worm which "forces" people to (well some thus lowering the load) to update before that date.

Just a thought.
Rob
/me takes the bottle away from rob

I think you have had enough.
__________________
"Get busy living or get busy dying, Thats god damn right." -Red
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #30 (permalink)  
Old 18th August, 2003, 01:36 PM
Soul99's Avatar
Member
 
Join Date: December 2002
Location: UK Portsmouth
Posts: 306
Send a message via ICQ to Soul99

Hi there, i'm a system admin for a medium sized company and a few of our remote ADSL sites and laptop users picked up this virus last week.
i usually edit the registry and remove the disguised entry from the RUN part. then search for msblast.exe and teekids.exe (new veriant).

something to keep in mind, the Virus also adds itself to the system restore as well, if you have a good virus scanner it will pick it up.
This solved the problem for me every time. you can also find some dedicated removal tools, but there dead slow and take 20 mins to complete a scan.
__________________
XP 2500 @ 2400mhz 1.76v Idle -5c, Load 9 c | Abit NF7-s V2.0 @ 218 FSB
Adata PC3200 2 x 512meg @ 218 mhz | R9700 Pro @ 415Mhz core, 355Mhz mem
Cooling is custom built TEC /Water/ Freon setup | Vapo Mk1 performance est.
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #31 (permalink)  
Old 18th August, 2003, 06:20 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Thanks Soul 99! Have you seen it appear where the patches were install last month with Auto update?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #32 (permalink)  
Old 18th August, 2003, 07:04 PM
cloasters's Avatar
Asst. BBS Administrator
 
Join Date: September 2001
Location: Location, Location
Posts: 21,871

Quote:
Originally Posted by robbie
Ya know I was talking to a friend of mine about this "virus" that's going around, we might be wrong (and probably are) but some of use were under the idea that "MAYBE" just maybe window's XP is designed to automatically go and do an update (regardless if you have it set that way or not) just so MS can keep "track" of things and MAYBE just maybe MS realized that they might be in hot water with WAY too many boxes trying to "update" themselfs on there servers all at once. So they make something up about a worm which "forces" people to (well some thus lowering the load) to update before that date.

Just a thought.
Rob
Just because you might be paranoid doesn't mean that Big Brother Billy Bully Boy isn't out to get you. IMHO.
__________________
When the world will be better.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #33 (permalink)  
Old 18th August, 2003, 07:30 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

It's a matter of methodologies. MS simply doesn't need to in order to have their will prevail. Besides they would never be able to do this and have it go unnoticed.":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #34 (permalink)  
Old 18th August, 2003, 07:52 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by Soul99
Hi there, i'm a system admin for a medium sized company and a few of our remote ADSL sites and laptop users picked up this virus last week.
Yeah, it's a real pain when you get that kind of stuff happening. There are one or two programs that will scan RPC ports on PCs and return a result telling you if the machine is vulnerable or not. However, unless you're 100% sure they're safe programs to run, they could cause as much problem as they fix!

It's never easy being an admin, as you usually get burnt from both sides. Just glad I don't do that any longer.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #35 (permalink)  
Old 18th August, 2003, 08:01 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

"Just glad I don't do that any longer.'

Says who? LOL
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #36 (permalink)  
Old 19th August, 2003, 09:04 AM
Soul99's Avatar
Member
 
Join Date: December 2002
Location: UK Portsmouth
Posts: 306
Send a message via ICQ to Soul99

Yes the patch is on windows update its patch number

''#823980 Buffer Overrun In RPC Interface Could Allow Code Execution'

I dont mind going out for a quick drive to remove a virus, gets me outa the office, plus if i'm fast i get to go home early >
__________________
XP 2500 @ 2400mhz 1.76v Idle -5c, Load 9 c | Abit NF7-s V2.0 @ 218 FSB
Adata PC3200 2 x 512meg @ 218 mhz | R9700 Pro @ 415Mhz core, 355Mhz mem
Cooling is custom built TEC /Water/ Freon setup | Vapo Mk1 performance est.
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #37 (permalink)  
Old 6th September, 2012, 11:10 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Talking

Quote:
Originally Posted by Daniel ~ View Post
Thanks and understood! How long must we wait to learn the nature of the security hole in the fix!":O}
Well dear Daniel let's put it this way: with linucs...right about...forever?
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #38 (permalink)  
Old 7th September, 2012, 12:36 AM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Right you are again Chris! Your becoming my favourite Linux groupie!

We would wait forever to find a security hole in Linux let alone trying to find one in the fix! Your my kind of guy Chris, a Linux guy. Say why don't you come over for dinner and we can try Bohdi out on your laptop!
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #39 (permalink)  
Old 9th September, 2012, 11:45 PM
cloasters's Avatar
Asst. BBS Administrator
 
Join Date: September 2001
Location: Location, Location
Posts: 21,871

A nine year leap, wow.
__________________
When the world will be better.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #40 (permalink)  
Old 14th September, 2012, 04:40 AM
robbie's Avatar
AOA Staff
 
Join Date: November 2001
Location: Out in the desert of Ca.
Posts: 12,548
Send a message via AIM to robbie Send a message via MSN to robbie Send a message via Yahoo to robbie Send a message via Skype™ to robbie

Holy cheese it's been that long!!!
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; LG-MS840 Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need virus help... Smoney22 Data Security 1 18th December, 2006 12:16 AM
Can you say...virus? Logan Data Security 5 17th November, 2005 04:47 PM
Virus Help ! way2slo Data Security 2 30th April, 2003 09:48 PM
Another virus Uncle Bob Mookydooky's Just for laughs! 7 29th June, 2002 03:55 PM


All times are GMT +1. The time now is 08:04 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0