Results 1 to 7 of 7

Thread: How do these work?

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    26

    How do these work?

    Can someone explain or link-
    I built my pc this past summer, and finally brought it to school recently. I plugged in to the network, the first time the pc had a internet connection. The first thing i did was update Windows, and then after that, I got the blaster. Was the microsoft update infected, or does that virus work different?
    Here I come, I\'m droppin\' PLATES

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If I remember correctly the first patch didn't work entirely. Had you firewalled yourself from the rest of the network you would have been fine..... (ports 135, 137, 139 & 445)

    On a university type environment - if you connect your own computer - firewall it first - there are too many "idiots" out there.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    The first thing you should have done was get the program DCOMbobulator from here: http://grc.com/dcom/
    That will disable dcom which is what blaster exploits. If you ran the update, that is wierd if you still got it. Maybe you had it the whole time and it just requires a restart to kick in. Here is how to do it manually:
    Edit the Registry

    1. Start Registry Editor.
    2. Locate the following path:

    HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
    3. Change the EnableDCOM string value to N.
    4. Restart the operating system for the changes to take effect.

    Use DCOMCNFG.EXE

    1. Run Dcomcnfg.exe.
    2. If you are running Windows XP or Windows Server 2003, perform these additional steps:
    1. Click the Component Services node under Console Root.
    2. Open the Computers folder.
    3. For the local computer, right-click My Computer, and then click Properties.
    4. For a remote computer, right-click Computers folder, point to New, and then click Computer.
    5. Type the computer name.
    6. Right-click the computer name, and then click Properties.
    3. Click the Default Properties tab.
    4. Click to select (or click to clear) the Enable Distributed COM on this Computer check box.
    5. If you want to set more properties for the computer, click Apply to enable (or disable) DCOM. Otherwise, click OK to apply the changes and quit Dcomcnfg.exe.
    6. Restart the operating system for the changes to take effect.

    MORE INFORMATION
    The following registry string value is used to enable or disable DCOM on all operating systems:

    HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM
    If you change this value to N, you disable DCOM after you restart the operating system.
    If you do that just reinstall and do one of those things. Then you shouldn't have a problem. If you mess up the registry it is not my fault, it's microsoft's.

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    26
    Yeah, since that happened I've been real involved with securing my computer, I got the basics down to protect it, firewalls and such, now I just need to know how it happened.
    Here I come, I\'m droppin\' PLATES

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Basically, recent malware has been "network aware", not only will it spread itself to "mapped drives" (LAN) it will also hunt the ISP subnets and attempt to infect other connected machines.

    You connected to a network....................there was an infected machine on that network...?

    Cheers

  6. #6
    There must've been an infected machine on that network already, if you didn't have it already. Have the sysadmin of that network run a scan on all of the computers by themselves and while they are not connected to the LAN.

  7. #7
    Junior Member
    Join Date
    Oct 2003
    Posts
    26
    so without downloading, just by being on the network i got the virus? So the blaster sort of jumps from one to another- ahhhhh cuz its a worm i gotit
    Here I come, I\'m droppin\' PLATES

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •