|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
13-08-2003, 10.56.10 | #31 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
W32/Blaster Recovery Tips
Steps to recover from W32/Blaster These instructions are designed for Windows XP. Under some circumstances, these instructions may not completely disable the worm or protect the system from re-infection. See Notes. Physically disconnect the machine from the network (remove phone/network cable, wireless card). Kill the "msblast.exe" process using Task Manager. Press Ctrl-Alt-Delete key combination Click "Task Manager" button Select "Processes" tab Highlight "msblast.exe" Click "End Process" button, answer "Yes" to warning dialog Delete any files named "msblast.exe" on the machine. Start -> Search -> Find Files or Folders Search for "msblast.exe" Right-click each file and delete it (Optional) Disable DCOM From MS03-026 http://microsoft.com/technet/technet...n/MS03-026.asp : Run Dcomcnfg.exe. If you are running Windows XP or Windows Server 2003 perform these additional steps: Click on the Component Services node under Console Root. Open the Computers sub-folder. For the local computer, right click on My Computer and choose Properties. For a remote computer, right click on the Computers folder and choose New then Computer. Enter the computer name. Right click on that computer name and choose Properties. Choose the Default Properties tab. Select (or clear) the Enable Distributed COM on this Computer check box. If you will be setting more properties for the machine, click the Apply button to enable (or disable) DCOM. Otherwise, click OK to apply the changes and exit Dcomcnfg.exe. Enable Internet Connection Firewall (ICF) From Microsoft Knowledge Base Article 283673 http://support.microsoft.com/default...b;en-us;283673 : In Control Panel, double-click Networking and Internet Connections, and then click Network Connections. Right-click the connection on which you would like to enable ICF, and then click Properties. On the Advanced tab, click the box to select the option to Protect my computer or network. If you want to enable the use of some applications and services through the firewall, you need to enable them by clicking the Settings button, and then selecting the programs, protocols, and services to be enabled for the ICF configuration Reboot the machine and reconnect to the network. Install the patch from Windows Update http://windowsupdate.microsoft.com/ , or MS03-026 http://microsoft.com/technet/technet...n/MS03-026.asp . Using Internet Explorer, go to Windows Update and follow the instructions there to install any available patches. Read and apply the clean up measures outlined in MS03-026 http://microsoft.com/technet/technet...n/MS03-026.asp . Notes The worm may exist as processes and files with names other than "msblast.exe." It has been reported that AOL network connections do not display an option to use ICF. Disabling DCOM may break things and may be unnecessary (assuming that the worm is completely disabled and ICF is enabled). Another type of host-based or network firewall can be used to block 135/tcp. Save yourself the trouble next time by blocking 135, 137, 138, 139, and 445 tcp and udp inbound and outbound. This will block most MS networking traffic. More Information: http://www.cert.org/advisories/CA-2003-20.html http://www.trendmicro.com/vinfo/viru...WORM_MSBLAST.A (Y) Ultima modifica di Giorgius : 14-08-2003 alle ore 10.04.26 |
13-08-2003, 12.15.19 | #32 | |
WT Schwarze Löwe
Registrato: 27-07-2000
Loc.: Tergeste-VRBS-Fidelissima
Messaggi: 1.390
|
Quota:
Utilizzate Linux, specialmente se dovete collegarvi ad Internet.
___________________________________
"Perchè tanto odio?" (Edika) "They who dream by day are cognizant of many things which escape those who dream only by night." (E. A. Poe) Strive to Survive Causing Least Suffering Possible |
|
13-08-2003, 12.17.41 | #33 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Update: - Filtro sul traffico dati del Virus LovSan: Sniffer Filter: Download a Sniffer filter to detect W32/Lovsan.worm traffic (Sniffer Distributed 4.3 and Sniffer Portable 4.7.5). Download: http://vil.nai.com/vil/content/v_100547.htm Il Link diretto al download non funziona... (Y) Ultima modifica di Giorgius : 14-08-2003 alle ore 10.05.57 |
13-08-2003, 12.23.07 | #34 | |
Gold Member
Top Poster
Registrato: 13-02-2001
Loc.: Forette City
Messaggi: 13.153
|
Quota:
SALUDOS Y BESOS !!!
___________________________________
"Society doesn’t need newspapers. What we need is journalism." - Clay Shirky |
|
13-08-2003, 13.22.03 | #35 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Worm che attacca Windows manda in tilt computer
SAN FRANCISCO - Un "verme" del Web chiamato "Blaster", che attacca il sistema operativo Windows, si sta diffondendo in tutto il mondo, infettando computer nelle case e negli uffici così rapidamente da non permettere ai tecnici di installare i sistemi di difesa. Un esperto di sicurezza informatica ha detto che il baco, che attacca specificamente computer con i sistemi Windows XP e Windows 2000, potrà diffondersi per giorni prima di poter essere fermato. Almeno 124.000 computer che usano programmi Microsoft Corp.'s Windows sono stati finora infettati in tutto il mondo, secondo un rapporto di Symantec Corp. "Le reti informatiche aziendali sono state colpite in maniera estesa", ha detto Alfred Huger, un alto dirigente di Symantec. "Centinaia di macchine si stanno riavviando automaticamente". Johannes Ullrich del SANS Institute ha detto che il tasso di velocità di diffuzione del verme sembra leggermente diminuito da ieri pomeriggio. SANS (SysAdmin, Auditing, Networking and Security Institute) è un'organizzazione per la sicurezza informatica con base a Bethesda, nel Maryland. Russ Cooper di TruSecure Corp., un provider di servizi di sicurezza a Herndon, Virginia, ha detto che il picco dell'attività è stato raggiunto fra le 2 e le 3, ora locale, di ieri. Il "verme", chiamato LoveSan, Blaster, o MSBlaster, sfrutta una debolezza nel servizio Distributed Component Object -- ospitato in una struttura di richiamo di procedura remota in Windows 2000 e Windows XP -- che permette ai computer di condividere files. Una volta che il "verme" entra in un computer vulnerabile, il programma scarica un codice da un computer precedentemente infettato che gli permette di propagarlo a sua volta. Poi, esplora la Rete alla ricerca di altre macchine vulnerabili e le attacca. (Reuters) Ultima modifica di Giorgius : 14-08-2003 alle ore 10.06.33 |
13-08-2003, 13.44.37 | #36 | |
Guest
Messaggi: n/a
|
Quota:
Poi magari passate le mattinate a risolvere dipendenze perchè volete usare il vostro messengere preferito.. |
|
13-08-2003, 14.30.41 | #37 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Per ovviare a certi Virus, in Windows basta usare un Browser ed un gestore di E-Mail come Opera o Mozilla
Mr Steve Gibson Utility di Sicurezza che non devono mai mancare con Windows 2000/XP: XPdite - (Raccomandato, per WinXP, no Sp1) - Ever since its original release, Windows XP has contained a critical flaw that could be trivially exploited at any time by any malicious hacker. By causing any Windows XP system to process a specially-formed URL (web-style link), the XP system would obediently delete all or most of the files within any specified directory. (That's not good.) Download: Mirror: http://grc.com/files/XPdite.exe Security UNPNP - (Raccomandato per WinXP/Win2K) - Effetti: The FBI has Strongly Recommended that All Users Immediately Disable Windows' Universal Plug n' Play Support. Download: Mirror: http://grc.com/files/unpnp.exe Shoot The Messenger Effetti: Simple Messenger Service Windows NT, 2000, and XP hide an hidden Internet server that is running by default. It receives and accepts, among other things, unsolicited network messages that cause pop-up dialog boxes to appear on the desktop. Internet Spammers have discovered this and are spraying pop-up Spam across the Internet. The Windows Messenger server should never have been running by default, and Microsoft has finally fixed that in Windows 2003, but users of previous Windows need to take responsibility for this themselves. Download: Mirror: http://grc.com/files/shootthemessenger.exe Xp AntiSpy 3.72 - (Raccomandato, per WinXP, no Sp1) - Effetti: XP-AntiSpy is a little utility that let's you disable some built-in update and authetication 'features' in WindowsXP. Download: Mirror: http://www.xp-antispy.org/download/go.php?id=2 Mirror: http://www.xp-antispy.org/download/go.php?id=4 Ultima modifica di Giorgius : 14-08-2003 alle ore 10.10.54 |
13-08-2003, 14.33.58 | #38 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Worm continues prodigious march
As we first mentioned yesterday, a pesky new worm dubbed "lovesan" (aka "msblaster") is weaseling it's way across the internet, leaving many unprotected users and one dumbfounded Maryland DMV in its wake. Members of our security forum have been busy poking the new worm with a stick to see how it ticks since it emerged; they've likewise been keeping on top of the damage being caused. The worm is quickly "topping the charts" at most anti-virus websites, and Blaster's author has apparently programmed the worm to knock the Microsoft site offline on August 16, according to Wired. One Maryland DMV was one of many operations that found themselves overwhelmed by the worm in short order. As many as 1.4 million computers may be affected, according to the CERT Coordination Center. Ultima modifica di Giorgius : 14-08-2003 alle ore 10.12.14 |
13-08-2003, 14.53.35 | #39 | |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Quota:
Linux Security Advisory 2003-08-11 http://www.linuxsecurity.com/advisor...sory-3551.html http://www.linuxsecurity.com/advisor...sory-3550.html http://www.linuxsecurity.com/advisor...sory-3549.html http://www.linuxsecurity.com/advisor...sory-3548.html http://www.linuxsecurity.com/advisor...sory-3546.html http://www.linuxsecurity.com/advisor...sory-3545.html |
|
13-08-2003, 15.04.00 | #40 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Se volete esserci certi che la rimozione del Virus sia definitiva:
Test "GIBSON" per verificare la sicurezza della Porta "135" https://grc.com/x/portprobe=135 (Y) Ultima modifica di Giorgius : 26-08-2003 alle ore 16.50.05 |
13-08-2003, 15.21.45 | #41 |
Guest
Messaggi: n/a
|
Quota:
|
13-08-2003, 15.27.03 | #42 |
Newbie
Registrato: 13-08-2003
Messaggi: 6
|
Sono un novellino
Vi ringrazio x le dritte che mi avete dato. Ho una domanda Io ho usato Stinger 1.8.0 e ho poi cercato il file mblast.exe e cancellato Poi ho installato la patch WindowsXP-KB823980-x86-ITA.exe Potra andare bene? Io non ho ne antivirus ne firewall che mi consigliate x non avere + problemi? Grazie ancora x l'aiuto |
13-08-2003, 15.29.02 | #43 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
L'11/08/03, alcune versioni di Linux potevano essere attaccate dagli Hacker's tramite seri Bug nelle ultime Release...
Tutto qui. Ultima modifica di Giorgius : 13-08-2003 alle ore 15.37.20 |
13-08-2003, 15.36.29 | #44 | |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Quota:
- Almeno un minimo di Firewall come quello di Windows Xp Sp1 - AntiVir Personal Edition - all in one package for Windows 95/98/Me & NT/2000/XP Download: Mirror: http://www.avup.de/personal/en/avwinsfx.exe Ultima modifica di Giorgius : 14-08-2003 alle ore 10.14.28 |
|
13-08-2003, 15.49.39 | #45 | |
Guest
Messaggi: n/a
|
Quota:
|
|
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
Discussioni simili | ||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
AutoPatcher Vista June 2007 | giancarlof | Segnalazioni Web | 4 | 07-08-2007 22.16.05 |
Bios Updates | Billow | Archivio News Web | 0 | 08-11-2004 10.28.25 |
Bios Updates | Billow | Archivio News Web | 0 | 04-10-2004 18.04.22 |
Bios Updates | Billow | Archivio News Web | 0 | 17-09-2004 11.37.53 |
Bios Updates | Billow | Archivio News Web | 1 | 15-09-2004 01.08.01 |