Announcement

Collapse
No announcement yet.

Important security announcement

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Important security announcement

    A new worm using a vulnerabilty in the RPC seems to have activated yesterday. Please make sure you update all the anti-virus etc info and clean your systems.

    More info:
    http://www.f-prot.com/virusinfo/desc.../msblastA.html
    http://us.mcafee.com/virusInfo/defau...virus_k=100547
    Peter
    ...keep walking...
    Tags: None
  • #2
    Thank you for the vital info.
    We're trying to flush something out here but it doesn't completely correlate with the info from your links.

    Wish us luck
    ,
    --Jon

    Comment

    • #3
      Couple quickies on this beast..

      Its based on an exploit of the Remote Procedure call service in Win2k++

      Just to clear it up..this is the successful way to remove it.

      -1. if the count down is getting on your nerves goto start/run in the box type: shutdown -a

      1. Download patch at: http://microsoft.com/downloads/detai...displaylang=en

      2. Start > Run > Regedit.exe and go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \
      From there remove 'windows auto update'

      3. Do a search for msblast.exe and erase it.

      4. search for all .tmp files using 3 random letters + number(s) as files names and erase them
      Dave Buchhofer. // Vsaiwrk

      Comment

      • #4
        Well it must be something else here with us. I had already searched all of our machines for the "msblast.exe" and the RegKey with no luck. Also, we had previously installed the patch last week. Very odd things are happening on every computer on our network. I don't want to get into it in this forum but man it sux.

        Thanks,
        --Jon

        Comment

        • #5
          Just an update

          We found it on one system which was affecting all others on the network. I guess I was unaware of how it worked

          Thanks for the help guys

          --Jon

          Comment

          • #6
            Keep in mind that if you install the patch, you will get corrupted max files (it's the same patch that caused all the sp4 problems).

            If you have the patch installed, you should also install the new interim fix from microsoft. Check the announcements forum on the discreet webboard for the latest info on how to get this.
            Torgeir Holm | www.netronfilm.com

            Comment

            • #7
              Nooooooo

              Is this with MAX 3 and 4 too?

              We don't use 5 and we rarely use 4.

              --Jon

              Comment

              • #8
                there is a fix from microsoft, but you have to phone them up...it maybe ok if your max pipeline works in isolation, (ie on either non updated or updated machines only), but if you mix your pipeline or share files with others then you may have problems

                heres a link to the fix files for turkish and english

                http://www.sayisalgrafik.com.tr/dest...d10278/td.html

                this hotfix only applies if you have installed the RPC vulnerabilty hotfix....oh and its a MS beta so be warned!
                Digital Progression

                Comment

                • #9
                  Originally posted by DP
                  this hotfix only applies if you have installed the RPC vulnerabilty hotfix....oh and its a MS beta so be warned!
                  I concider everything that M$ publishes to be beta and treat it as such

                  -dave
                  Cheers,
                  -dave
                  ■ ASUS ROG STRIX X399-E - 1950X ■ ASUS ROG STRIX X399-E - 2990WX ■ ASUS PRIME X399 - 2990WX ■ GIGABYTE AORUS X399 - 2990WX ■ ASUS Maximus Extreme XI with i9-9900k ■

                  Comment

                  • #10
                    including their os's?
                    Digital Progression

                    Comment

                    • #11
                      I have been haveing trouble with IE and I found this thread and I discovered I have the msblast file on my computer.

                      I was going to install a new hardrive anyway so my qusetion is:

                      If I copy just my data files to cd and transfer them to my new hardrive witl this virus go with them???


                      I'm very releuctant to upgrade to sp 4 and the hotpatch. I can't afford to corrupt my max files, as I'm sure no one can. I'm still on sp 2 of win 2000.

                      Comment

                      • #12
                        I had the hotfix 823980 installed and had an experience first hand on what actually happens with your files:
                        Your files are ok as long you open them on a system that has the patch installed. However, when I tried to open a file made on my system on a no-patched system max crashes the moment you select the file in the "open file " dialog box.
                        To solve that compatibility problem, I had to convince the ppl over there to install the hotfix on that system. After installation, the file could be opened without problems...
                        Good thing I’ve read about this on the discreet forum or we might have been looking forever to why the file crashed...
                        - Geert -

                        -----------------------------------------------------------------------------------------
                        www.3DIGIT.be
                        3Dprinting in full color !

                        Comment

                        • #13
                          Geertvdp & TRGraphics, use the files from the link i posted....the first patch fixes the vulnerability, the second fixes the max problem with the first patch
                          Digital Progression

                          Comment

                          Previous template Next
                          Working...
                          X