A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Worm never seen before



 
 
Thread Tools Display Modes
  #16  
Old December 30th 04, 10:12 PM
Jason Edwards
external usenet poster
 
Posts: n/a
Default Worm never seen before

"Bart Bailey" wrote in message
...
In posted on Thu, 30 Dec
2004 19:09:25 -0000, Jason Edwards wrote: Begin

Some DSL modems (which use telephone lines) have built in NAT routers but
I've yet to come across a cable (which uses a TV cable) modem that does.


Efficient Networks SpeedStream 5100 here via POTS,
but I don't know if it qualifies as a contained NAT or not.


A quick Google suggests it doesn't but I have not read the manual in detail
so it is possible I missed one or more of its capabilities.


I've heard much talk of the necessity of a stand alone router, laced
with exhagerated comments about the insecurity of an onboard software
firewall, yet I've never been able to find anyone that could
successfully demonstrate this insecurity.


Try setting up unpatched RTM Windows 2000 or Windows XP and see what
happens.
When I last tried it for demonstration reasons it took less than 1 minute
for a worm to spread to the demonstration PC. The PC was then disconnected
and reformatted.

In fact one blowhard once
claimed to be able to "own" any 9x system on the net, but was
predictably unable to back up his spew.


Yeah well I can understand that it is sometimes difficult to distinguish
between spew and facts.


If there exists some sploit for my setup,
I'd sure like to know about it.


If you are fully patched (have all critical or high priority Windows
updates) then if I were you I would not worry.

...and no, not something I have to authorize, like a tooleaky tool,
but a real "stranger on the net" attack.


Attacks by real people are rare as far as the average home user is
concerned. Most 'attacks' come from other compromised Windows PCs. There are
exceptions; such as if you're running unpatched IIS, but you're not doing
that, are you?

Jason


System he
OS: Win98SE
FW: EZ Firewall v4.5.585
Current IP#: 68.124.218.29

good luck

--

Bart



Ads
  #17  
Old December 30th 04, 11:42 PM
Duane Arnold
external usenet poster
 
Posts: n/a
Default Worm never seen before

Bart Bailey wrote in :

In posted on Thu, 30 Dec
2004 19:09:25 -0000, Jason Edwards wrote: Begin

Some DSL modems (which use telephone lines) have built in NAT routers but
I've yet to come across a cable (which uses a TV cable) modem that does.


Efficient Networks SpeedStream 5100 here via POTS,
but I don't know if it qualifies as a contained NAT or not.

I've heard much talk of the necessity of a stand alone router, laced
with exhagerated comments about the insecurity of an onboard software
firewall, yet I've never been able to find anyone that could
successfully demonstrate this insecurity. In fact one blowhard once
claimed to be able to "own" any 9x system on the net, but was
predictably unable to back up his spew.


There go your delusions again. You must have been smoking the pot when we
had our little conversation and read into it what you wanted. You stupid
*clown* prove it to yourself one way or the other and stop whining.

You are an absolute jackass Bart. I should have never snatched your
worthless *heart* from you that day as you have been a fool from that
point.

I am in your face about it.

Duane

  #18  
Old December 30th 04, 11:44 PM
J. S. Jackson
external usenet poster
 
Posts: n/a
Default How I solved this...

Jason Edwards wrote:


Yes. You need to patch it BEFORE you reinstall it.

http://www.google.com/search?&q=xp+sp2+slipstream

Jason

It begins to make strange things just
installed and it needs to be "servicepacked" ASAP !!!


You know Microsoft offers SP2 on a CD for free. But I suppose I will
be scolded by the MS haters for providing MS my home address.
  #19  
Old December 31st 04, 12:17 AM
Jason Edwards
external usenet poster
 
Posts: n/a
Default How I solved this...

"J. S. Jackson" wrote in message
...
Jason Edwards wrote:


Yes. You need to patch it BEFORE you reinstall it.

http://www.google.com/search?&q=xp+sp2+slipstream

Jason

It begins to make strange things just
installed and it needs to be "servicepacked" ASAP !!!


You know Microsoft offers SP2 on a CD for free.


But what they don't offer, as far as I'm aware, is a replacement XP install
CD for those people who want to reinstall XP.

Jason

But I suppose I will
be scolded by the MS haters for providing MS my home address.



  #20  
Old December 31st 04, 02:07 AM
DevilsPGD
external usenet poster
 
Posts: n/a
Default How I solved this...

In message "Jason Edwards"
wrote:

But what they don't offer, as far as I'm aware, is a replacement XP install
CD for those people who want to reinstall XP.


IIRC you can buy it for $5-$10. However, it is media only, you need to
provide your own license.


--
If at first you do succeed, try not to look astonished.
  #21  
Old December 31st 04, 03:51 AM
Duane Arnold
external usenet poster
 
Posts: n/a
Default Worm never seen before

One other thing here Bart. When you started talking about your Internet
sister, I should have known right then and there that you were gone.

Duane
  #22  
Old December 31st 04, 11:46 AM
Greg Hennessy
external usenet poster
 
Posts: n/a
Default How I solved this...

On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards"
wrote:



But what they don't offer, as far as I'm aware, is a replacement XP install
CD for those people who want to reinstall XP.


For anyone who owns a cd burner and the original media, creating a new
slipstreamed sp2 install cd is trivial.


greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
  #23  
Old December 31st 04, 12:36 PM
jasee
external usenet poster
 
Posts: n/a
Default How I solved this...

Jason Edwards wrote:
But what they don't offer, as far as I'm aware, is a replacement XP
install CD for those people who want to reinstall XP.


You should have at least been provided with a recovery disk with your
computer.
(Save all data before using it) as recovery disks revert the machine to 'as
first received condition'.


  #24  
Old December 31st 04, 12:55 PM
Cyber-Hun
external usenet poster
 
Posts: n/a
Default Worm never seen before

Seems this exploit needed the attack surface created by the service running
on port 445, this is why it's good to shut these services down in addition
to blocking to blocking the incoming port 445 traffuc with a router.
Especially if you're just running a standalone, home system that doesn't
need to talk to other domain members.
"I.L.B." wrote in message
...
Hi all ;

I am just experiencing a strange kind of infection I don't know wether is
a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound
packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some
strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!





  #25  
Old December 31st 04, 03:00 PM
Jason Edwards
external usenet poster
 
Posts: n/a
Default How I solved this...

"Greg Hennessy" wrote in message
...
On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards"
wrote:



But what they don't offer, as far as I'm aware, is a replacement XP

install
CD for those people who want to reinstall XP.


For anyone who owns a cd burner and the original media, creating a new
slipstreamed sp2 install cd is trivial.


Only for some people.
Most people will never find out how to do it, never mind be able to.
Even if they can, they won't know where to find their license key or how to
back up data they want to keep.

Jason



greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone



  #26  
Old December 31st 04, 05:28 PM
boo
external usenet poster
 
Posts: n/a
Default Easy Solution

Go to http://www.sysinternals.com and download tcpview
and process explorer.If you run
"I.L.B." wrote in message
...
Hi all ;

I am just experiencing a strange kind of infection I don't know wether is

a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound

packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some

strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!





  #27  
Old December 31st 04, 08:32 PM
Gabriele Neukam
external usenet poster
 
Posts: n/a
Default Worm never seen before

On that special day, Bart Bailey, ) said...

Try setting up unpatched RTM Windows 2000 or Windows XP and see what
happens.


My XP-Pro box doesn't get connected to the net,
it's for the extra multimedia capabilities (audio, digicam) only.


Good idea. If I (ever?) get one, it will be behind a broadband router
with NAT (already there), and I'll never browse with IE, or mail with
OE. Remember how it was announced: "The safest Windows ever". Now it is
the most often(ly?) attacked and corrupted one.

I wonder why I, when hearing this "safest ever" burble, immediately
thought: "I'd better wait and see; I can't believe it is *that* safe.
I'd better wait until it is fixed and tightened well enough, so that it
will live up to its standards". I only know that I am still waiting.


Gabriele Neukam




--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
  #28  
Old December 31st 04, 08:52 PM
Jason Edwards
external usenet poster
 
Posts: n/a
Default Worm never seen before

"Gabriele Neukam" wrote in message
...
On that special day, Bart Bailey, ) said...

[...]

Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.


Now there's a true statement

Jason


  #29  
Old January 1st 05, 07:22 PM
Gabriele Neukam
external usenet poster
 
Posts: n/a
Default Worm never seen before

On that special day, Bart Bailey, ) said...

...und ein glückliches neues Jahr zu Ihnen, Gaby!


Of course, a Happy New Year to you, too. And to all here, be them
regulars or lurkers.


Gabriele Neukam




--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
  #30  
Old January 1st 05, 07:39 PM
cquirke (MVP Win9x)
external usenet poster
 
Posts: n/a
Default How I solved this...

On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy
On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards"


But what they don't offer, as far as I'm aware, is a replacement XP install
CD for those people who want to reinstall XP.


For anyone who owns a cd burner and the original media, creating a new
slipstreamed sp2 install cd is trivial.


Not as trivial as it should be. If an SP breaks the installation CD,
as SP2 does, it should include a skippable step in the installation
process to create that slipstreamed replacement CDR.

If it's so trivial, perhaps you can explain exctly how to make a
slipstreamed OS CDR in your reply? Or is it non-trivial enough that
you'd rather point to a URL rather than type it out?



---------- ----- ---- --- -- - - - -

"He's such a character!"
' Yeah - CHAR(0) '
---------- ----- ---- --- -- - - - -

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What is connected to which? kiadau New Users to Windows XP 7 February 14th 07 09:02 PM
E-mail worm or mother-in-law worm Buckus General XP issues or comments 2 October 23rd 04 03:10 AM
blaster worm Olga Security and Administration with Windows XP 7 September 17th 04 02:55 AM
Korgo.R worm! won't go away! Johannes Enstad General XP issues or comments 2 August 8th 04 10:02 PM
win32bagel worm revtkc Performance and Maintainance of XP 2 July 22nd 04 06:58 AM






All times are GMT +1. The time now is 02:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.