Nachi B Worm

  • Thread starter Thread starter V.Gridley
  • Start date Start date
V

V.Gridley

I have just completed a new installation of Win2000 and every time I go on
the web I get repeated pop-ups every few minutes. At or around the same time
my antivirus checker (Computer Associates eTrust Antivirus) reports a Nachi
B worm affected about four files and an entry in the registry. This has
happened repeatedly today and yesterday
I don't know whether the pop-ups are causing the problem, or whether it is
just coincidence.
I have been downloading the latest updates from Microsoft, and have been
getting constant interruptions from this problem.
I didn,t have this problem when I was on Win98.
Any suggestions please?

V.G.
 
I have just completed a new installation of Win2000 and every time I go on
the web I get repeated pop-ups every few minutes. At or around the same time
Click to expand...

There are several possible sources for popups. If you're getting any, when you're
not in a web browser, that could be either windows messenger service, or you've
managed to install some adware.

Turn off the windows messenger service (not to be confuse with msn messenger).
Go to Control Panel, Administrative Tools and then Services, and disable it.

To remove adware, get, install, download the updates, and then scan using both
Adaware http://www.lavasoft.de/support/download/ and
Spybot Search & destroy http://security.kolla.de/index.php?lang=en&page=download

If it's only happening when you visit web sites, you need to get a popup blocker, or
switch to a browser that has one built in, such as mozilla, or opera. To avoid future
problems with malware, I'd strongly recommend this anyway.
my antivirus checker (Computer Associates eTrust Antivirus) reports a Nachi
B worm affected about four files and an entry in the registry. This has
Click to expand...

If the M$ updates have all been applied successfully, no files, or registry entries
should be affected. Get and run
http://download.microsoft.com/download/win2000platform/Utility/2.1/NT45/EN-US/nshc.exe
to ensure all patches have actually been applied. See
http://silentdragon.com/download/MS SecurityCheck/docs.txt for more
info on how to run it.

Get a firewall. I liked the Agnitum outpost firewall, when I was using M$ stuff, but
there are many choices available.

I'd also run a full virus scan, using an online scanner, or after booting from a known
clean bootdisk, just to make sure there's nothing being hidden by malware. Have
you tried running a scan in safe mode?

See http://www.claymania.com/safe-hex.html for some general info, and links
to various online scanners.

Regards, Dave Hodgins
 
V.Gridley said:
I have just completed a new installation of Win2000 and every time I go on
the web I get repeated pop-ups every few minutes. At or around the same time
my antivirus checker (Computer Associates eTrust Antivirus) reports a Nachi
B worm affected about four files and an entry in the registry. This has
happened repeatedly today and yesterday
I don't know whether the pop-ups are causing the problem, or whether it is
just coincidence.
I have been downloading the latest updates from Microsoft, and have been
getting constant interruptions from this problem.
I didn,t have this problem when I was on Win98.
Any suggestions please?
Click to expand...

Windows 2000 is also affected by the DCOM RPC exploit worm
that XP suffers from. Have you tried obtaining the patches by using
another machine to download them and then applying them to the
W2K machine? A firewall can prevent the DCOM attack, but you
sound like you may be experiencing some pop-up related exploits
(object tag?) as well from somewhere.
 
Thanks to all those who replied.
I seem to have cracked the problem by downloading 'Zone Alarm' and all the
lates MS patches for Win2k , O.E, and I.E.
I am utterly amazed to find that Win2k is so much more suceptable to
'pop-ups' and viruses, compared with Win98SE. I began to wonder whether I
had made some serious mistake during instalation.
I don't wish to tempt fate, but my system seem to be pretty stable at
present.

V.G.
 
Thanks to all those who replied.
I seem to have cracked the problem by downloading 'Zone Alarm' and all the
lates MS patches for Win2k , O.E, and I.E.
I am utterly amazed to find that Win2k is so much more suceptable to
'pop-ups' and viruses, compared with Win98SE. I began to wonder whether I
had made some serious mistake during instalation.
I don't wish to tempt fate, but my system seem to be pretty stable at
present.

V.G.
Click to expand...
Now that you have the patches, you should also get a few other programs
to help guard, & keep you free of bugs. Majorgeeks.com in the spyware
tools sections has a lot of nice free programs. Ad-Aware. Spybot S&D,
Spywareguard. If you ever had kazaa on your machine either get
Kazaabegone or Kazaa spyware Removal. Then get Shoot The Messenger, un
Plug & Pray, & DCOMbobulator from http://grc.com/freepopular.htm

Also, from that site you can test how well your ZA settings are setup.
& as always make sure your Anti-virus is up to date & running.
 
V.Gridley said:
Thanks to all those who replied.
I seem to have cracked the problem by downloading 'Zone Alarm' and all the
lates MS patches for Win2k , O.E, and I.E.
I am utterly amazed to find that Win2k is so much more suceptable to
'pop-ups' and viruses, compared with Win98SE. I began to wonder whether I
had made some serious mistake during instalation.
I don't wish to tempt fate, but my system seem to be pretty stable at
present.
Click to expand...

I was considering a wise-assed remark about *upgrading* to
Win98 so that you wouldn't have to deal with DCOM RPC
related problems. But, to be fair,W2K is probably the best
OS MS has made so far.
 
FromTheRafters said:
I was considering a wise-assed remark about *upgrading* to
Win98 so that you wouldn't have to deal with DCOM RPC
related problems. But, to be fair,W2K is probably the best
OS MS has made so far.
Click to expand...
I am pretty happy with the way Win2k is behaving at present. It certainly
does'nt freeze like Win98 had a habit of doing quite frequently.
I understand that W2k runs programs in their own dedicated memory locations,
so that if one program locks up it doesn't bring the whole system down with
it. This is what prompted me to make the change.

Thanks also to Geese Hunter for your helpful suggestions.

V.G.
 
Back
Top