Re: Grumble - Linux

This is a discussion on Re: Grumble - Linux ; [H]omer : > Verily I say unto thee, that Handover Phist spake thusly: > >> Windows started acting up with the "I'm shutting down in 60 seconds" > > That sounds like the Blaster worm: > > http://www.mvps.org/marksxp/WindowsXP/rpc.php > > ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: Grumble

  1. Re: Grumble

    [H]omer :
    > Verily I say unto thee, that Handover Phist spake thusly:
    >
    >> Windows started acting up with the "I'm shutting down in 60 seconds"

    >
    > That sounds like the Blaster worm:
    >
    > http://www.mvps.org/marksxp/WindowsXP/rpc.php
    >
    > MS supposedly patched that vulnerability years ago.
    > Perhaps it's a new variant.


    Blaster should have been patched around '02, IIRC. A quick scan of my
    user directory showed a few trojans in my temp dir, so I killed those
    off. I got bored of not being able to do anything so I booted Linux, got
    ClamAV and am scanning my Windows drive while using Linux.

    > Anyway, well done, you're infected.


    I'm loathe to admit that yet. I use Windows for nothing more than
    gaming, and just local games at that. This box boots to Win maybe twice
    a week and is hidinbg behind a Linux firewall (Smoothwall). If it is
    infected with anything more than the junk I found in the temp dir I'll
    be surprised.

    More likely some file got b0Rk3N by the filesystem corruption.

    > Try the Trinity Rescue Kit:
    >
    > http://trinityhome.org


    That looks like a new part of my toolkit! Thanks for the link. Very
    useful!

    > Or The Ultimate Boot CD:
    >
    > http://ultimatebootcd.com
    >



    --
    MMM-MM!! So THIS is BIO-NEBULATION!

    http://www.websterscafe.com

  2. Re: Grumble

    Handover Phist :
    > [H]omer :
    >
    >> Anyway, well done, you're infected.

    >
    > I'm loathe to admit that yet. I use Windows for nothing more than


    OK, now I'll admit it. Some trojan figured out how to turn the system
    restore 'feature' back on and hid there. Explorer didn't show the 11
    files in the temp dir, but Clamav said they were there.

    Turn off System Restore, delete and re-create temp dir, and all is
    running again.

    At $70 per hour, MS owes me $280. Those guys never pay their bills
    though. Friggin hijacking pirates.

    --
    I'm having fun HITCHHIKING to CINCINNATI or FAR ROCKAWAY!!

    http://www.websterscafe.com

  3. Re: Grumble

    [H]omer :
    > Verily I say unto thee, that Handover Phist spake thusly:
    >
    >> OK, now I'll admit it. Some trojan figured out how to turn the system
    >> restore 'feature' back on and hid there. Explorer didn't show the 11
    >> files in the temp dir, but Clamav said they were there.

    >
    > %SystemDir%\DLLCACHE is another favourite hiding place.
    >
    >> Turn off System Restore, delete and re-create temp dir, and all is
    >> running again.

    >
    > Turn off networking, and you'll keep running.


    Y'know, I think I'll take that advice to heart. I love my network to the
    point that it makes the wifey jealous, and have a new house server
    coming in. I run linux stuff myself and have several others (I rent
    rooms) running Windows though it. I think I might have been hit though
    the SMB connection or something. I just cant see where the infection
    came from.

    Sometimes my sig generator sees what I'm posting .

    --
    MINIMIZE BAD THINGS

    http://www.websterscafe.com

+ Reply to Thread