Windows worm hits 8.9 million PCs in past week

reply to post by spitefulgod


Seriously switch to mac. Its so refreshing buying a 1000 dollar + machine that actually works and are elegant and intuitve. Ive been using macs in my field for 8 years and replaced my home pc 6 years ago.

They dont slow down, they rarely crash ( once or twice in 8 years!) No viruses, and for music and video production they are a million times more stable then a pc. when you plug an external device it just works, no hunting aound for drivers

on the downside they dont have many games.

As for the poster who said most pc users are morons and dont know how to use them right.

Not everyne is a computer genuis. An incredibly expensive piece of gear should just work the way its designed.

Originally posted by spitefulgod
And their is where the problem lies, although (in my opinion) windows is a great OS it's prodomoantly used by a bunch of morons who seem to believe that African kings want to give them $30 million or that some doctor to make their penis bigger, or maybe you need the latest smillies??

I hate to say it, but she's is right. It's not just Win users, though... the morons extend across all OS's. Alot of people buy Macs because they really are made for morons. Macs are made to be used by a 5-year old all the way to the most savvy media guru on the planet. And, YES, IT WORKSD (99% of the time). Windows is supposed to be that way, as well, but fails, unfortunately, in most cases. That is what Vista is all about... trying to be a Mac. The Vista front end works alot like popular Linux distros and OSX (which is a Unix base OS, btw).

I've had just as many problems with Macs as I did Windows, though. All the problems were completely different than in the MS enviroment... mostly relating to loading issues, broken mudules, font issues (we had a single font that would break every system in our shop... downloaded new ones, variants, and they all kept currupting our systems... wierd problem that never got fixed, so we deleted the font). Oh yeah, the networking of all the macs was about a joke, as well... at least until we started getting OSX on the putes. OSX and WinXP actually play very well together!

reply to post by drock905


No thanks, as you stated about macOS I have with WinOS, I don't get viruses, my machine doesn't crash and everything works fine, on the upside it's cheap, does everything and plays games, on the downside I have to listen to people who have macs, lol

Norton to me has the best Firewalls built in it's security software. I am a Windows user and not a moron. I just get security that I can rely on. Later on I am going to invest in a laptop for my OU studies and I will only use Norton on it.

If you have good security software then it doesn't matter your OS. Norton even tells me when somebody is trying to hack into my system and even brings up their address.

Also, I change my admin details on the welcome screen of my computer on a regular basis.

reply to post by spitefulgod


I would love to say the same but unfortunately most of my problems are
generally caused by myself -(. This being ok because lets face it I dont own
a TV out of choice and it basically keeps me amused.

I tend to stick to the range of Microsoft Os's because thats what Im comfortable with, bit like the devil you know. Several of my friends own Macs and often tell me how good they are, I usually tell them I dont feel comfortable with something too reliable because lets face it where's the challenge in that? Also I try not to upset them with middle finger jokes
or second mouse button issues.

Im using my backup PIII which is years old but is running 2003 server enterprise edition, it is extremely reliable and I dont think its crashed yet,
going to have to do something about that. Great machine for watching my
movies with VLC player.

Im using this system because my other water cooled machine ended up having a bath. interestingly enough I learned that error code 0x0000007E on
XP and 0x0000008E on vista means water is dripping through the water block
turn the damn thing off fast. Prior to that my cpu temp was running at 26 degree's C under full load. All parts were tested to be working fine afterwards. I havent the heart to use it with a conventional heatsink+fan combo...its a bit like Superman without his powers (.

Its all in the interests of science



Morgs

I got a worm/virus/trojan thingy from a microsoft support page the other day.. it crippled my comp and had to do a reformat..


All i searched for in google was.. "explorer file download limit" ... and the first link in google was a microsoft support page..
clicked on that and got a page saying searching for virus's.. and that was it.. even kaspersky couldn't stop it..

reply to post by CosmicTraveler


The only spyware or trojan if you want to call it that which is related to
microsoft that I know of is mainly related to the update software. Microsoft
can revoke your license if it feels your using an illigitimate version by
planting spyware on your system known as the genuine advantage tool.
This can pretty much cripple the performance of your system, essentially
requiring you do a re-install.

They changed the method for Vista so the idea is it pretty much prevents
you from from being allowed to download necessery updates. Though there
are methods around this ). If it isnt activated within a required time limit
then its pretty much locked down and again your left needing a re-install.

Morgs

Originally posted by CosmicTraveler
I got a worm/virus/trojan thingy from a microsoft support page the other day.. it crippled my comp and had to do a reformat..


All i searched for in google was.. "explorer file download limit" ... and the first link in google was a microsoft support page..
clicked on that and got a page saying searching for virus's.. and that was it.. even kaspersky couldn't stop it..

Your first error was using Google to search for an IE update. Your second error was not verifying the link actually went to Microsoft's update page. Your third error was obvious.



Cheers!!!!

reply to post by CosmicTraveler


you had something before you clicked that page. Some virus are activated when a certain web site is opened. This may be your case. I remember seeing a description of a virus that is activated by google searches, which is what I suspect you got (old virus if it is). Basically, it would've popped up (assuming same virus) as soon as you clicked ANY link that directed away from the Google search engine.

Sucks you had to reinstall, but at least you know you have a (hopefully) clean system.

EDIT: or you may have, as RFBurns suggested, clicked an imposter site. If you ever get a popup saying "you have a virus, download software", do an immediate CTRL+ALT+DEL and end process on IE or Firefox (works with FF... only use Internet Exploder once per install). NEVER CLICK THE WINDOW! Even the 'close button' can download the virus (I got one that way... had to do complete install). Actually, that's how my friend got his nasty screen saver virus.



[edit on 18-1-2009 by Earthscum]

Always use Microsoft's official update website and do searches from within Microsoft for updates, never through Google or Yahoo or any other search engine.

Those "BAMFED" websites also use SEO optimizations to stay on top of the rankings and page listings in the search engines, especially those scam anti-virus companies that sell you a 50 buck program to remove their own trojan, but it only stops the pop up from appearing and is not true anti-software, in fact it makes your machine even more vulnerable.

Cheers!!!!

I have a pc , I can do a google search but when i click on the subjects google brings up it directs me to advertising, i have to copy and paste the url into the browser, my computer wont even connect to the antivirus protection I have to get updates, anyone have any ideas how to fix this?

PS it runs fast when I freshly start it but by the end of the day it starts running super slow and pages take forever to upload.

reply to post by rachel07


Well you one of the few that seem to like norton. Its gotten a lot better, but I still recommend NOD32 or AVG for windows users.

Personaly I think this "worm" is a load of BS. I mean... who is controling the thing? Someone is going to have to send out a master command to this thing to make it do something and even then Im sure the virus protection companies have already come up with a solution for this if its really true.

Originally posted by 38181
I have a pc , I can do a google search but when i click on the subjects google brings up it directs me to advertising, i have to copy and paste the url into the browser, my computer wont even connect to the antivirus protection I have to get updates, anyone have any ideas how to fix this?

PS it runs fast when I freshly start it but by the end of the day it starts running super slow and pages take forever to upload.

Your already infected. You might have to use another pc, go to your anti-virus website and find the manaul removal procedure for whatever infection your system has.

A friend of mine got this type of infection after clicking on one of those irresistable too good to be true links from a google search and ended up with 20 or more browsers popping up in his face. Was hopeless after that and no matter what link, or what he typed in the address bar, the browser always went to some odd ball site and the flood of browser windows would begin.



Cheers!!!!

reply to post by Earthscum


Nah, it wasn't aimed at you, I'm just generalising. I just get a little bit annoyed when people start trying to look down on you because you use a Microsoft OS. Sure, it's not great or anything, and the only reason I have it is because it comes with my PC, but man, a lot of people try to think they're so awesome with their alternative OSs.


[edit on 18-1-2009 by Angry Potato]

reply to post by 38181


Hi, like RFburns says it does sound like your already infected.. full system compromise but theres often a way around it depending on the severity of the problem.

First off all you need to determine what it is your infected with. It sounds like possible malware. If your able to then Id suggest heading over to www.malwarebytes.org and download and install malware bytes, just make sure you update it before you run a complete scan. Its a decent piece of software and its free. I would probably go with something else too just to be sure for example - Spybot from www.download.com just make sure you pick up the free version and during the install make certain you de-select "Tea Timer" if you think nortons anoying, just install that sucker lol.

If your not able to do this then depending on how you connect to the internet you may have to boot into safe mode with networking and do the download updates and installs from there. As far as I can remember both applications dont add any actual services so you should be able to install them inside safe mode with networking.

Just F8 on normal machines at bootup and then select safe mode with networking.

Hope that helps some.

Morgs

reply to post by morg9000


Good suggestions. I think a combination of MalwareBytes, Spybot S&D, Comodo Firewall, and AVG (or Comodo+Comodo Antivirus) should keep a computer fairly secure. Plus, they're all free.

This worm is real, and I've known about it for quite some time. I actually posted about the specific security vulnerability that it uses to access systems in the thread titled "Police set to step up hacking of home PCs".

What this worm does is by sending a malformed RPC packet to a vulnerable system, you are able to create a buffer overflow resulting in the execution of injected shellcode. The shellcode most people use contains information for a port bind, which allows you to spawn a shell on any desired port on the targeted system. The worm just uses a well known vulnerability and automates it. Probably by the use of a random number generator to create ranges of IP addresses to infect. Each system infected would then try to infect thousands more.

This thing that makes this worm a bit more dangerous is the fact that you do not have to do anything in order to be infected. Even with a firewall, you usually have some ports open, such as 80 for http. If I was the person coding the worm, I would include a small function that determines what open ports are on the target system. This would allow the worm to determine by itself which port to set the port bind to. If the port scan comes back with open ports of 21, 23, 80, 110 - then it would choose one of the four. Very few systems have 100% of all ports blocked. Indeed though, without a firewall, you are at a much greater risk for many other types of penetration examples.

I used to use a zero day version of the RPC exploit a few months ago to prove to people that no matter how secure they though their systems were, someone always has an edge. There is a lot of code out there that we dont release for the sole purpose of easy access. Firewalls, while good, often in my eyes provide a false sense of security. There is many other security practices that should be followed - on top of having a sound access control policy.

This worm is most definitely real. Its quite simple, and the way it gains access to systems is painfully easy. The vulnerability was patched with its release on milw0rm in October, but many systems still find themselves comprimised due to failure to patch their systems. Also, I think the fear of Microsoft patches and updates doesn't help. I have patched Microsoft systems before and had things stop working after that, so I could see people not knowing about this exploit, failing to patch due to fear of breaking something else on their system.

Its a good thing the person who coded this worm did not make it do anything drastic. He could have easilly made the worm delete critical system files, modify partition tables, one-way encryption of your drive, and so on. I think he made the worm strictly to spread, but not so much to cause mass system chaos.

Things like this will continue happening due to Microsoft and the fact they hide their source code from public eyes. They do not practice safe programming methods, and often have serious exploitable conditions within critical system processes. With open source software the people are forced to keep security and system integrity in mind when programming, and it definitely shows.

Maybe one day i'll share the good stuff, but that sort of power corrupts absolutely.

I suggest to the infected pc member to get yourself a router, a wired router is preferable, connected to a wireless router if your using a Wi-Fi laptop or wireless adaptor/capable desktop.

That will give you two hardware lines of defense right off and will be a good addition to all the software programs suggested.

Good luck!!


Cheers!!!!

Im so happy with my new Macbook!
All people should move to Mac

reply to post by Mdv2


If you give me one (my birthday is getting closer ) I would not throw it in the trash, but I am not going to buy something that is, to me, useless.

If I want to move from Windows I can always use Linux and not pay for a new computer.