Well, we have been working on this since around 11am today, we have seen several corporate customers battling with this. Sometimes the fix works, sometimes it does not. Steven Nichols said he was having problems even with the ports blocked. I am experiencing the same thing now. We have removed several companies from the internet in an effort to stop further infections. We have not been hit here at my office as of yet, as we have all ports locked down as best as we can and still function. If anyone comes up with any ground breaking developments please email me direct or phone me at 3602696996 Thanks again Jim Wood MW TECHNOLOGY GROUP INC ( Restarting in 1 min) :-) -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Doug Eggert Sent: Monday, August 11, 2003 7:02 PM To: Steven Nichols; crime@private Subject: Re: CRIME XP Home edition Symantec has a lengthy write-up about W32.Blaster.Worm at: HYPERLINK "http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.wor m.html"http://securityresponse.symantec.com/avcenter/venc/data/w32.blast er.worm.html W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in HYPERLINK "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu rity/bulletin/MS03-026.asp"Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe. Their virus definitions file released late this afternoon will protect against it, but those machines already infected is another story. The write-up addresses how to remove it. Doug Ö¿Ö ----- Original Message ----- From: HYPERLINK "mailto:steven@private"Steven Nichols To: HYPERLINK "mailto:crime@private"crime@private Sent: Monday, August 11, 2003 4:37 PM Subject: CRIME XP Home edition We have had about 10-15 users call in. XP Home eddition. Dialup users PC's are up to date on all virus and microsoft patches. Customer working on pc, black screen pop's up. Says Remote server will be shutting down in 60 seconds. The pc shuts down, reboots. then tons of windows start popping up that say "Can't open document", etc. anyone else see this? Steven Nichols Sr. Network and Systems Administrator Internet and NOC Manager VALLEY INTERNET COMPANY 1709 NE 27th Street, Suite C McMinnville, Oregon 97128 503-565-5030 or 800-909-9078 (toll-free) "Pay no attention to the folks behind the curtain..." PGP: HYPERLINK "http://www.viclink.com/~steven/steven.nichols.pgp.txt"www.viclink.com/~ steven/steven.nichols.pgp.txt --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 19:41:57 PDT