lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001301c36097$c8a91c00$6401a8c0@navi>
From: gml at phrick.net (gml)
Subject: what to do

I've been doing this:

1. patch the machine
2. remove registry entries containing "msblast.exe"
3. reboot
4. remove msblast.exe

It's worked out so far.  Yes I agree I wish people would listen when you
tell them to patch.  I have it on good authority that firewalls can't stop
stupidity, I guess we're lucky this one wasn't also a mass mailing worm.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Calvyn
Sent: Tuesday, August 12, 2003 1:16 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] what to do

I'm was just working with my 15 year old niece in NJ, through IM, to
help her keep her WinXP PC from rebooting every minute. She had 2 copies
of msblast.e x e on her PC. One was delete-able the other we had to
reboot into safe mode to delete. After deleting the last e x e  her unit
is NOT rebooting. I have since had her update her unit and disable DCom.

Amazing how kids never listen to you when you ask them to update their
PCs.. 

-Calvyn-


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of akbara
Sent: Tuesday, August 12, 2003 1:52 AM
To: Gabe Arnold; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] what to do


has she tried booting into safe mode ?
then removing the msblast or what not program ?

-akbara



----- Original Message ----- 
From: "Gabe Arnold" <f0x@...irrelsoup.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, August 11, 2003 7:57 PM
Subject: Re: [Full-Disclosure] what to do


> Don't use windose sounds like a solution to me...
> * Justin Shin (zorkshin@...pabay.rr.com) wrote:
> > Hi All --
> >
> > My cousin recently got a nasty RPC/DCOM worm and she cannot use 
> > Windows
update because when the RPC is shutdown, SYSTEM automatically initiates
a shutdown of the computer as you are all aware of. What is the best
solution to keep data files intact while removing this worm? I have
tried going to the Registry Run, no entries ar ethere besides legitimate
startup stuff. Any suggestions?
> >
> > -- Justin
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ