I've seen that too, but usually after an svchost.exe error (generally attributed to the virus). So far, it has stopped appearing once the system is cleaned up. Also, I'm ensuring that XP has SP1 onboard, and Win2K has SP3. Make sure you're getting the MSBLASTxxxxxsomething file out of the Prefetch. Alot of people I have talked to have been missing that one, and think the system is cleaned. ----- Original Message ----- From: "Micheal Patterson" <michealat_private> To: <incidentsat_private> Sent: Wednesday, August 13, 2003 8:44 AM Subject: MSBlast and other known exploits.. > I've got reports of msblast infection that I've checked and they indeed do > have msblast. Also, these systems all have what appears to be a corrupted > control panel applet. The normal control panel shows up in a left hand frame > and the contents of add/remove programs is missing. Also, various popup > windows simply will not open. I've read that there was a known root kit > that utilized the same dcom exploit called khat2 (spelling) but I'm not > having much luck in locating the symptoms of systems that have been rooted > in this manner. Any information would be appreciated. I will be recommending > that these systems be blown away and reinstalled from clean media, I'm just > looking for some info to verify what's eaten away at these things. > > Thank you. > > -- > > Micheal Patterson > Network Administration > Cancer Care Network > 405-733-2230 > > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:39:22 PDT