Heatseeker 0 Posted August 13, 2003 I also got it , i feel so used ... im glad its gone now . Share this post Link to post Share on other sites
brgnorway 0 Posted August 13, 2003 Hmmm....I was wondering about a few things you might help me with? I suspect this virus/worm has infected my pc. It started to turn itself on ca. 30 seconds after I initially turned it off. However, after some good advices on this forum, I finally solved that problem by installing the patch from MS. Unfortunately, I have also been receiving a message when I turn off the computer when I'm logged out. It says something like "someone is logged on your computer. If you turn it off they might loose their data" - or something like that. I still have this message - regardless of the patch, updated Norton and ad-aware. My pc is connected to a router - shared by my old pc. I do not use any filesharing or printersharing. How can I solve this? Is this my problem: Quote[/b] ] "For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group . " http://www.microsoft.com/technet....026.asp Share this post Link to post Share on other sites
toadlife 3 Posted August 13, 2003 This trojan doesn't require you to download anything. It connects all by itself to your system and infects it, if the security hole isn't patched........In short, using the security hole in XP/Win2000 an attacker can run any code he wants on your machine. All he needs is your IP which he gets by contacting random ip numbers and trying the exploit on them. *sigh* It appears my IPSEC policy was flawed. Good thing I use the more restrictive granular ones at work. Share this post Link to post Share on other sites
Tex -USMC- 0 Posted August 14, 2003 Jesus Christ, we must have had a hundred calls and tech-returns today, all because of that fucking worm. Great for Norton's sales though, LOL Share this post Link to post Share on other sites
Mister Frag 0 Posted August 14, 2003 @ Aug. 13 2003,21:08)]Jesus Christ, we must have had a hundred calls and tech-returns today, all because of that fucking worm. Great for Norton's sales though, LOL Yes and no. They will certainly get additional sales from this, but they also give away free tools to clean systems when a particularly bad virus hits. I saw that LavaSoft's Ad-Aware also added a definition for the worm today. Incidentally, I used to work for Symantec's Peter Norton Group as a software engineer, and did work on AV. I still pass the office every day on the way to my current job at a much smaller company, or when I go running -- my favorite loop takes me past their office. Share this post Link to post Share on other sites
Mister Frag 0 Posted August 14, 2003 Hmmm....I was wondering about a few things you might help me with?I suspect this virus/worm has infected my pc. It started to turn itself on ca. 30 seconds after I initially turned it off. However, after some good advices on this forum, I finally solved that problem by installing the patch from MS. Unfortunately, I have also been receiving a message when I turn off the computer when I'm logged out. It says something like "someone is logged on your computer. If you turn it off they might loose their data" - or something like that. I still have this message - regardless of the patch, updated Norton and ad-aware. My pc is connected to a router - shared by my old pc. I do not use any filesharing or printersharing. How can I solve this? Is this my problem: Quote[/b] ] "For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group . " http://www.microsoft.com/technet....026.asp Open a command prompt, and use NET SESSION to get a list of open connections -- you should see a list of users and the name of the computer they logged in from. You can then use NET SESSION \\computername /DELETE to disconnect that PC from your system. You'll probably find that the connection originated from your own system, i.e. some process created a drive mapping that associated a drive letter with a directory on your system -- you can get a list of those using NET USE. Share this post Link to post Share on other sites
joltan 0 Posted August 14, 2003 Some info on firewalls, for those who still think an anti-virus programm is all they need: Technet Article (includes links to free 3rd party products like ZoneAlarm or BlackICE) Share this post Link to post Share on other sites
brgnorway 0 Posted August 14, 2003 Hmmm....I was wondering about a few things you might help me with?I suspect this virus/worm has infected my pc. It started to turn itself on ca. 30 seconds after I initially turned it off. However, after some good advices on this forum, I finally solved that problem by installing the patch from MS. Unfortunately, I have also been receiving a message when I turn off the computer when I'm logged out. It says something like "someone is logged on your computer. If you turn it off they might loose their data" - or something like that. I still have this message - regardless of the patch, updated Norton and ad-aware. My pc is connected to a router - shared by my old pc. I do not use any filesharing or printersharing. How can I solve this? Is this my problem: Quote[/b] ] "For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group . " http://www.microsoft.com/technet....026.asp Open a command prompt, and use NET SESSION to get a list of open connections -- you should see a list of users and the name of the computer they logged in from. You can then use NET SESSION \\computername /DELETE to disconnect that PC from your system. You'll probably find that the connection originated from your own system, i.e. some process created a drive mapping that associated a drive letter with a directory on your system -- you can get a list of those using NET USE. Thanks Frag, I'll try it out this evening So basically, it could be my own system giving me a headache - and hopefully nothing to worry about? Share this post Link to post Share on other sites
bn880 5 Posted August 14, 2003 Good idea Frag, but he doesn't have any File sharing at all installed, I'm not 100% sure but I don't think that it is possible for his own process to map through the net to his drive then... hmmm. Windows should really display the connection information when it gives that warning dialog. Share this post Link to post Share on other sites
Tamme 0 Posted August 14, 2003 I almost had a heart attack when I came across this anti-virus program ad. Suddenly that message box appears on my screen and the backround turns white. I had the windows patch so everything should be fine. Then i noticed a flashing text in the message box: "Theres a patch for this" So i clicked it and it turned out to be an ad. That's sick dude. Share this post Link to post Share on other sites
Mister Frag 0 Posted August 14, 2003 Thanks Frag, I'll try it out this evening   So basically, it could be my own system giving me a headache - and hopefully nothing to worry about? Yes, that's my hope. Worst case, the worm (or another nefarious program) has installed the Trivial File Transfer Protocol server or enabled the FTP server that is disabled by default, and someone's using your system for storing ripped DVD movies or porn. It sounds silly, but I've seen it happen. People wonder where their disk space went, or why their broadband connection is so slow, and it's because some idiot halfway around the world needed a couple of gigabytes of diskspace and a broadband connection to serve it. So unless you need FTP or TFTP, turn those services off through the Control Panel. Share this post Link to post Share on other sites
denoir 0 Posted August 19, 2003 New worm on the loose.. but not quite what you would expect Share this post Link to post Share on other sites
brgnorway 0 Posted August 22, 2003 Tonight's the night (no not the number one hit by Genesis) . SobigF is still "harmless" , but that can change this evening at 2000 . Specialists have cracked the viruscode and have learnt that at eight o'clock the virus will cause the infected pc's to dl new and possibly more dangerous versions from several internett adresses. They are trying to close the affected servers but it's thougt to be almost impossible - even with the help of CERT. If any of you suspect your pc are infected by SobigF, you'll better stay away from the web the next days. Good Luck! Share this post Link to post Share on other sites
Ex-RoNiN 0 Posted August 24, 2003 Tonight's the night (no not the number one hit by Genesis) .SobigF is still "harmless" , but that can change this evening at 2000 . Specialists have cracked the viruscode and have learnt that at eight o'clock the virus will cause the infected pc's to dl new and possibly more dangerous versions from several internett adresses. They are trying to close the affected servers but it's thougt to be almost impossible - even with the help of CERT. If any of you suspect your pc are infected by SobigF, you'll better stay away from the web the next days. Good Luck! Did this happen in the end? Share this post Link to post Share on other sites
Placebo 29 Posted August 24, 2003 They found and shut down 19 of the 20 servers around the world which were to be used for this. Share this post Link to post Share on other sites
Placebo 29 Posted August 25, 2003 This can be unpinned now, the moral of the story is keep your anti-virus up to date, regularly check sites like norton.com for news about such things, keep your OS patched Share this post Link to post Share on other sites
