January 14th, 2009, 09:09 PM
Too much virus attack on my system
I'm using win XP SP2 and use cable broadband. But my symantec antivirus always shows lots of worm and virus activity. Due to this I just rebuild my whole system 2 days ago. But today I again got the a W32.downadup worm attack on my system 10 times in last one hour. Only activity I'm doing is Youtube or BBC Iplayer. Could anyone tell me how the worm is coming from these and how to stop it in the future.
The more one comes to know a man the more one admires a dog.
January 14th, 2009, 11:35 PM
What firewall do you have in place?
And you ONLY visit Youtube and the BBC? No other sites at all?
January 14th, 2009, 11:40 PM
Disable the service it exploits then install an entire service pack of updates you missed.
January 15th, 2009, 12:44 AM
The two posts already are good because as spec said, it's got to have something to exploit to get in normally, so I'd take his advice. And as MsMittens said, you should have some form of firewall blocking it's entry point.
In smaller terms:
If you can't get rid of it, format and reinstall Windows. I think the last time I checked, an unpatched Windows box has less than 20 minutes before something gets it.
That isn't even enough time to patch. What I do, is first off, I have two switches and a router with a hardware firewall.
If you can, get a hardware router with a firewall, they aren't expensive, and the wired ones as opposed to wireless are fairly cheap. So get one of those to block for you, while you install updates.
Also, Microsoft had SP2 on CD they would send you for free. I took advantage. So I have SP2 on CD-ROM to get those patches installed and don't need the machine connected to do so.
Your best bet is a hardware firewall in place, and as SOON as Windows loads up after installation, start updating right away and installing all the security patches as the first thing you do.
This can take a while, but it's better than trying to clean up after a worm or virus or whatever makes it's way through the many holes an unpatched system offers.
When I format a Windows machine and reinstall, the first thing I'm doing is making sure services aren't beaming rays over the net to everyone telling them they are open. And installing patches. Install as many of the critical ones up front as you can, and then from there you'll probably notice even MORE patches are available. This is ebcause Microsoft has to fix what they broke when they were fixing what they broke to begin with.
If all else fails, Linux and BSD both cave web browsers that work fine in Youtube and BBC.
January 15th, 2009, 09:32 AM
I visit other sites also, but at the time of incidence these were the only two I was accessing.
Originally Posted by MsMittens
Thanks for all of the useful responses
As It's my office laptop, I don't have much control over build. I'm sure office people put lots of services open and I don't know which one got exploited.
I discuss it with the IT team in office, they said the home connection is not secure, so I should not use that. They also disable the default windows firewall. So only hope is to try some hardware firewall. I'll give it a try soon and see what happens.
The more one comes to know a man the more one admires a dog.
January 15th, 2009, 11:22 AM
Disabale the default windows firewall?
Originally Posted by darknite
It might be wise to use ANOTHER Firewall.... but to disable it 'BEFORE' an other one is in place..... thats stupid.
I ran into a similar problem once before.. i was unable to setup the sytem correctly in time before it was exposed to any dangers. My solution back then was to get ALL software and patches i needed by downloadin them manually and putting them onto a cd/dvd. After a fresh install of windows i made sure it was NOT connected to any network. I installed all the software i wanted and i put the patches in a folder on the desktop on the machine in question. I then updated/patched all software including AV/AntiSpyware/Service Packs/etc... from the FOLDER i had put them onto locally.
Most sites offer to download patches and updates manually. After i setup all these things without going online yet (that includes disabling the win firewall but setting up another one BEFORE disabling it) i enabled/disabled the services of my choice. Only then did i connect the box to a network.
Since you see to know which infection you are dealing with... make sure you have all available antidotes for it beforehand.
Also you mention a laptop. My guess is that it has a recovery partition that will just bring the laptop back to a state as when you first got it. I also guess that its a media edition? Well.. not important. Just make sure that you GET all patches and updates and software and service packs that you need for YOUR exact OS and version. Set it all up locally.
In addition to all this. You can setup the perfect system beforehand. You can do this and that when setting it up and configuring it. But.. it will all be in vain if you DO NOT maintain it correctly afterwards. Yes.. patching is important and updating. But thats far from being enough nowadays on the internet. Its also about policy. Example: Dont Login with administrator account todo user work. Use a normal restricted user account. Make sure you are fully uptodate at ALL times. When it comes to firewalling.. dont open the gates and start patching and closing the holes. First shut the gates.. then open only what is REALLY needed. Dont open mails or attachments or downloads that you are not 100% sure of their origin and what they might contain. Setup another user account on your maching if there is ANYONE else using it. That includes family members. Read the logfiles regularly. If while your doing something and an annoying security message pops up.. dont ignore it just because you dont have the time or the nerve to deal with it right away. Read the problem.. and fix is ASAP. Also make sure you use STRONG passwords at all times and change them regularly (maybe once every couple of months).
I know that these sort of things are annoying.. especially they take away comfort and ease of use. But thats the price that has to be paid if you want you computer to function the way it is supposed to correclty. Whilst i agree that windows is NOT the easiest of OSs' to keep clean... it can be kept clean with a little bit of effort and alot of head banging on the walls.
Good luck to you.
Last edited by instronics; January 15th, 2009 at 11:40 AM.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
January 16th, 2009, 03:42 PM
Downadup exploits MS08-067, the emergency update. It also copies itself to writable shares and abuses the autorun.inf feature.
Your IT team should be fired on the spot.. They're morons.
I discuss it with the IT team in office, they said the home connection is not secure, so I should not use that. They also disable the default windows firewall.
Last edited by SirDice; January 16th, 2009 at 03:44 PM.
Experience is something you don't get until just after you need it.
January 16th, 2009, 09:54 PM
You can't do that under a normal user account. I know this thing exploits a service so privileges wouldn't be a problem for it...
They also disable the default windows firewall.
but still, check and see that you're not logged in as admin next time you use computers. Hah!
Last edited by The-Spec; January 16th, 2009 at 09:58 PM.
January 19th, 2009, 04:27 PM
I had heard that if you create a blank autorun.inf file on your thumb drive, and make it read only, it help protect it from infections.
It also copies itself to writable shares and abuses the autorun.inf feature.
Anyone else heard this? Makes sense, but I wonder how easy it would be to circumvent.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
By The Organized Resistance in forum Tech Humor
Last Post: January 12th, 2008, 11:45 PM
By Spyder32 in forum The Security Tutorials Forum
Last Post: September 3rd, 2004, 11:23 PM
By IrishKid3223 in forum Site Feedback/Questions/Suggestions
Last Post: October 5th, 2003, 01:22 AM
By sumdumguy in forum Tech Humor
Last Post: July 6th, 2002, 07:10 PM
By antihaxor in forum Non-Security Archives
Last Post: January 24th, 2002, 04:42 PM