OK guys, this is related to the problems that alot of people are getting recently, Its another exploit thats come up relating to the RPC problems that Windows has

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

theres also the issue of installing the ms patch makes your machine random lockup and slow down to roughly half its normal speed :( "oh look ms fucked up again" ofc im not allowed to say that due to work so what i say is this "the patch was a hotfix to supress a current emergency issue due to the lack of development time and testing on the patch there are bound to be a few teething problems these will be fixed in a later patch issed with full testing behind it"

Well the thing is that the BT BB servers got hit by this so most likely if you have BT broadband your gonna have this at some point today :)

Code 1 to code 3 virus in 12 hours :lol: gotta love windows aint ya....... :wtf:

heh to be fair theres some "interesting" linux stuff been released too recently. well not really publicly released but going around in certain circles anyway.
one of which if developed properly is quite scary

Originally posted by hinch
heh to be fair theres some "interesting" linux stuff been released too recently. well not really publicly released but going around in certain circles anyway.
one of which if developed properly is quite scary µ

huh?? what you talking about, lol :confused:

Remote Procedure Call (RPC) Windows Vunerability


Some of our Windows NT, Windows 2000, Windows XP and Windows 2003 users may have experienced a problem caused by the latest vunerability in these Operating Systems.

To start with you may get a variety of errors, but all these will result in a system restart initiated by NT AUTHORITY / SYSTEM, which will happen in 60 seconds. If this sounds familiar then read on.

Microsoft originally released this bulletin and patch on July 16, 2003, to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the ?mitigating factors? and ?workarounds? discussions in the original security bulletin did not clearly identify all the ports by which the vulnerability could potentially be exploited. Microsoft has updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked and to ensure that customers who choose to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability and need take no further action.

Remote Procedure Call (RPC) is a protocol that is used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly run code on a remote computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol. The RPC protocol that is used by Windows includes some additional Microsoft-specific extensions.

There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC-enabled ports. This interface handles DCOM object activation requests that are sent by client machines (for example, Universal Naming Convention [UNC] path requests) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

To exploit this vulnerability, an attacker would have to send a specially formed request to the remote computer on specific RPC ports.

Mitigating Factors.
To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments, these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall. If these ports are not blocked, or in an intranet environment, the attacker does not have to have any additional privileges.

Best practice recommendations include blocking all TCP/IP ports that are not actually being used. By default, most firewalls, including the Windows Internet Connection Firewall (ICF), block those ports. For this reason, most computers that are attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments.

Detailed information and full removal guides can be found in the Symantec website at : http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

The worm goes by the name of msblaster or w32blaster.

I was affected by this last night, and managed to fix it, and was then asked by 10 people online how to fix their PC, and when I checked this morning it had made yahoo news. The flaw had been identified in July but has only now become widespread, acquiring a high level for being able to spread, but a low rating for damage. (I personally had graphics mess up with this prible, causing me to install graphics drivers again, and others have reported sound problems, so some damage may occur).

Below is the quick and easy fix I used to get my machine stable. Again, this is only for Windows NT, 2000, XP (Home, Pro, Media 32 and 64bit versions, and Windows 2003 Server all versions).

First change the 60 second restart time to you have a change to download and apply the patch if the error happens again.

Start>Control Pannel>Administrative Tools>Services.

There will be two entries for Remote Procedure Call (RPC). Right click on the first, and select properties. Select the Recovery Tab and then press the Computer Restart Options and change this to 500 or so.

If the error hasn't occured that will change the 60 second count down to 500. If it has occured restart and the 500 should take effect.

Once you are clear again then download the following patch based on your Operating System:

Windows NT 4.0 Server
http://microsoft.com/downloads/details.aspx?FamilyId=6C0F0160-64FA-424C-A3C1-C9FAD2DC65CA&displaylang=en

Windows NT 4.0 Terminal Server Edition
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en

Windows 2000
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

Windows XP 32 bit Edition
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en

Windows XP 64 bit Edition
http://microsoft.com/downloads/details.aspx?FamilyId=1B00F5DF-4A85-488F-80E3-C347ADCC4DF1&displaylang=en

Windows Server 2003 32 bit Edition
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en

Windows Server 2003 64 bit Edition
http://microsoft.com/downloads/details.aspx?FamilyId=2B566973-C3F0-4EC1-995F-017E35692BC7&displaylang=en

The Windows NT 4.0 patch can be installed on SP6a. The Windows NT 4.0, Terminal Server Edition patch can be installed on Windows NT 4.0, Terminal Server Edition SP6. The Windows 2000 patch can be installed on Windows 2000 SP3 or SP4. The Windows XP patch can be installed on Windows XP Gold or SP1. The Windows Server 2003 patch can be installed on systems running Windows Server 2003 Gold.

Microsoft plans to include this fix in Windows 2000 SP5, Windows XP SP2, and Windows Server 2003 SP1.

A reboot is required after installing this fix.

i have same problem on my laptop but dude i have windows xp pro and which patch do i use the 32 bit or the 64 bit thing???

Originally posted by thewarrior008
i have same problem on my laptop but dude i have windows xp pro and which patch do i use the 32 bit or the 64 bit thing???

try the 64bit one, if that fails to patch it then use the 32 bit, if it scres it up then reinstall windows :D

FYI: Symantec has released a removal tool for the W32.Blasto ...

Originally posted by \\Fényx//
try the 64bit one, if that fails to patch it then use the 32 bit, if it scres it up then reinstall windows :D


fenix i keel u ... imserious lol which one should i use ??

32 bit one

no 64bit laptops exist

weeee delete me :)

lol i can arrange tat..

EDIT: the 32 bit link is DEAD

2nd EDIT: nm :p

The 64 bit is for Itaniums, the new 64-bit processors. Use the 32-bit for Pentium class installations (P2 P3 P4).

ah ok so ill install the 32 on my pc too oki s:P ty

If you install the 64bit one on a 32bit system, you might get even more problems (crashing, slower) :P

ahh, my mate had this problem, i couldnt be assed to mess around with his system, so I just diabled the "turn off", now it just ignores it. we're gettin drunk tomorrow, yay :p

Originally posted by hinch
theres also the issue of installing the ms patch makes your machine random lockup and slow down to roughly half its normal speed :( "oh look ms fucked up again" ofc im not allowed to say that due to work so what i say is this "the patch was a hotfix to supress a current emergency issue due to the lack of development time and testing on the patch there are bound to be a few teething problems these will be fixed in a later patch issed with full testing behind it"

Oh for fucks sake. I thought that my cpu was dying of being too hot, thats why I was locking up and the computer was like a beached whale trying to run a 100m race.

Stupid microsoft.