forum.vdsworld.com

[CodeScript]

VDS user is shutting down your system ???
I was connected to internet by a dialup 15 minutes back.
Suddenly a dialog appeared that an RPC call has initiated system shutdown and a countdown of 30 sec started advising me to save all the work. I had a lot of unsaved documents and luckily I could abort this call just in time. I am sure someone has done this with a malicious intention ( I haven't setup a firewall )
What irritated me most was the message in the dialog (see heading)
If the person is a member of this forum I stongly advice him/her not to do this again.

[PGWARE]

I sincerely doubt anyone in the vds community did that. This is a worm which has been talked about on the news for a few days now:

http://msn.com.com/4520-6600_16-5062407.html?part=msn&subj=ns&tag=msn_home

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp


You need to update your version of Windows to fix this exploit(http://windowsupdate.microsoft.com)

[CodeScript]

I think you are right prakash.

I already tried several tools/manual options but could not detect W32.Blaster.Worm
This looks like a mutant of the worm and security patch has not helped either. I have already reported it to symantec. I only hope to have a better luck. My computer is going down like anything I am losing folders from desktop. May IE finctionalities gone I cannot insert emoticons here by clicking. BEWARE EVERYBODY GET THE UPDATE BEFORE THIS WORM STRIKES.

As for the message I think it(virus/worm) takes first 3 letters from a random folder in the temp directory :
E.g. I recieved "New user is shutting down your system"

New likely comes from a folder named "New England Journal of Medicine"

So nothing to do with a "VDS user" I think. Sorry if I have hurt someone

[Dr. Dread]

Surely you haven't hurt anyone, I should think. When things like this happen, one will always
get frustrated

But really, if you're connected to the Internet often and you don't wanna jeopardize confidential data
or have unknown processes using your ports then you should consider setting up a firewall. My own
firewall reports port scans etc. almost every day...

Greetz
Dread

[Dr. Dread]

BTW, another thing sprung to mind. A good site for testing your pc's online security is grc.com where
you'll find the ShieldsUp testing page. This should be the direct link:

https://grc.com/x/ne.dll?bh0bkyd2

On the main page of the site https://grc.com/default.htm, you'll find other tools to plug up some holes.

Everyone should do themselves the favor of checking this site out to ascertain whether their
computer is perhaps vulnerable.

Greetz
Dr. Dread

[FreezingFire]

Well if you look at http://grc.com/default.htm is talks exactly what to do
about this new exploitation.

[FreezingFire]

You can visit: https://grc.com/x/portprobe=135

To test for the open port used for the exploit. I think that should maybe
help.

[CodeScript]

Thanks everybody for the help. Finally I think I have been able to overcome this worm.

[Tommy]

I'm not sure how much you know about network configuration, but if you can, make
sure that "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft
Networks" are not bound/enabled for your dial-up connection. If you have no home
network besides the dial up, you may remove them altogether.

Also to prevent this particular incident from happening again, you should be able to
set a system policy to disallow remote shutdown. On XP I can find it as follows:
Control Panel->System Management->Local Security Policies->Local Policies->
Assignment of Usage Rights->Shutting down from a remote system. There I
could select the users or groups that are permitted to shut the system down. By
default this is the "Administrators" group.

[CodeScript]

Thanks Tommy for that tip