Blaster guessed wrong I think !!!

  • Thread starter Thread starter APH
  • Start date Start date
A

APH

Hi

On a W2k stand alone machine I strated to get the "svchost.exe has generated
.... 2 messages and had problems if I hooked to to the Internet, and also
with copying files from folders.

W2k is patched to Sp3 but not 03-026.

1. Looked for registry entry and msblast.exe files couldn't find them
anywhere.
2. Downloaded removal tool and ran that - didn't find anything
3. Applied Patch 03-026 that I had downloaded using another machine
4. Ran removal tool again - still not found.

Perplexed read up some more and found that the worm guesses which operating
system you are running. Apparently there is an 80% chance it will attempt
to exploit XP, and a 20% chance it will attempt to exploit W2k.

If it guess wrong, then the process svchost.exe on the target machine will
crash and the system become unstable, BUT THE INFECTION WILL FAIL.

This is what i think has happended on my machine - but what I cannot
establish (without running the machine), is if now having applied the patch,
the machine is secure?

Anyone any ideas on this p[lease

Thanks

Alex
 
Indeed. Too many people are focusing on this specific worm, whereas the worm
is not the issue - there will be a million more attempted exploits of the
vulnerability.

Basic responsibility of the computer owner:

Patch at least once a month at Windows Update
Frequent AV scans, regular updates of antivirus software
Good firewall that blocks all inbound ports except those needed (which=none
Just make sure that all W2K's and XP's have this patch installed.

Marina

APH said:
Hi

On a W2k stand alone machine I strated to get the "svchost.exe has
generated ... 2 messages and had problems if I hooked to to the
Internet, and also with copying files from folders.

W2k is patched to Sp3 but not 03-026.

1. Looked for registry entry and msblast.exe files couldn't find them
anywhere.
2. Downloaded removal tool and ran that - didn't find anything
3. Applied Patch 03-026 that I had downloaded using another machine
4. Ran removal tool again - still not found.

Perplexed read up some more and found that the worm guesses which
operating system you are running. Apparently there is an 80% chance
it will attempt to exploit XP, and a 20% chance it will attempt to
exploit W2k.

If it guess wrong, then the process svchost.exe on the target
machine will crash and the system become unstable, BUT THE INFECTION
WILL FAIL.

This is what i think has happended on my machine - but what I cannot
establish (without running the machine), is if now having applied
the patch, the machine is secure?

Anyone any ideas on this p[lease

Thanks

Alex
 
Back
Top