# New Windows worm on the loose, hope you've patched your systems



## invaliduser88 (Apr 23, 2002)

All that has to happen for this worm to infect your systems is that you haven't patched. I'm sure the media will be all over this soon!

http://www.lurhq.com/sasser.html


----------



## marko (Jan 9, 2003)

invaliduser88 said:


> All that has to happen for this worm to infect your systems is that you haven't patched. I'm sure the media will be all over this soon!
> 
> http://www.lurhq.com/sasser.html


man, my windows 2003 machine was hit bad by so much crap the other day. I had no idea what was going on with a bunch of processes running. Norton didn't show anything though, which was weird. I was unable to install zonealarm on 2003, and I didn't have too much on my machine, so I went ahead and installed windows xp instead. Put zonealarm on it, norton, we'll see how it goes.


----------



## MarkB49 (Jan 22, 2003)

My battle started about 3 weeks ago.AVG 7 or i missed something.
Was going into:
msconfig
REGEDIT.EXE
alot on my Win98 system.Ended up tracking down 60 bad files myself.In the 5+ years
of being on the net have never encoutered problem like that.
I have 3 That i can't seem to track down and totaly eliminate, files that is.
Do any of these look familiar:

IJXBYDM3.EXE -calls itself-C:\WINDOWS\CONFIG\GENERAL.IDF
MORZE1.EXE----C:\WINDOWS\MORZE1.EXE
73RD6879.EXE--------C:\WINDOWS\73RD6879.EXE

All of these can be [email protected] Start-msconfig--startup.
The IJXBYDM3.EXE was the worst of the bunch, it kept changing into something else.
Right now ALL of these are off.


----------



## Steveox (Apr 21, 2004)

I found a new virus anyone know what this will effect? 
exploit[1].htm


----------



## ERSanders (Apr 24, 2002)

See: http://vil.nai.com/vil/content/v_99273.htm


----------



## Jacob S (Apr 14, 2002)

I have been having issues with Qlpqpboo.exe saying it is having a problem closing. I did a search on google and yahoo without any results.


----------



## Bogy (Mar 23, 2002)

My son has been hit three times in the past week or so. I spent some time yesterday running Spybot and AVG to make sure I had all the junk cleared off.


----------



## CoriBright (May 30, 2002)

If you're running XP, ENABLE THE FIREWALL! If you're runing Server 2003, you should have a hardware firewall anyway - kind of pointless to run a Server without the adequate protection, especially when you've paid at least $1,000 for the basic operating system software.

If you're runing other Windows operating systems, see:
http://www.microsoft.com/security/protect/


----------



## marko (Jan 9, 2003)

CoriBright said:


> If you're running XP, ENABLE THE FIREWALL! If you're runing Server 2003, you should have a hardware firewall anyway - kind of pointless to run a Server without the adequate protection, especially when you've paid at least $1,000 for the basic operating system software.
> 
> If you're runing other Windows operating systems, see:
> http://www.microsoft.com/security/protect/


ah, have msdn subscription from work, so technically windows 2003 was free. had it on a laptop to check it out. I might of enabled the firewall on xp, but for some reason i like zonealarm, and that is what work "requires" for machines that will be connecting to work.


----------



## FTA Michael (Jul 21, 2002)

And turn on the automatic Windows Updates, and check the Windows Update site every week or so anyway.


----------



## kwajr (Apr 7, 2004)

marko said:


> man, my windows 2003 machine was hit bad by so much crap the other day. I had no idea what was going on with a bunch of processes running. Norton didn't show anything though, which was weird. I was unable to install zonealarm on 2003, and I didn't have too much on my machine, so I went ahead and installed windows xp instead. Put zonealarm on it, norton, we'll see how it goes.


DO you not find norton to be very resource intesive i run a 2.4 p4 and it still uses a lot i use avg now and it flawless www.grisoft.com


----------



## Jacob S (Apr 14, 2002)

I just had to remove a worm from a friend's computer that had something to do with the lsass.exe shutdown issue (reminded me of the blaster worm).


----------



## CoriBright (May 30, 2002)

Jacob S said:


> I just had to remove a worm from a friend's computer that had something to do with the lsass.exe shutdown issue (reminded me of the blaster worm).


Yes, that's Sasser
http://www.microsoft.com/security/incident/sasser.asp

Hope you enabled his firewall for him or it will be right back! If you actually start installing WindowsXP on a clean hard drive on a PC that is connected to the internet you cannot even finish the install because of Blaster. It's still right there. If you do not have a hardware firewall and have to reinstall XP...DISCONNECT THE PC FROM THE INTERNET. As soon as the NIC is installed, Blaster will hunt it down.

Sasser is slightly different in that after a couple of shutdowns and restarts, your PC appears to be free of it. However just because files and folders appear to be OK, it doesn't mean the PC is!

http://www.msnbc.msn.com/id/4890780/

There are now also several variants.


----------



## CoriBright (May 30, 2002)

marko said:


> ah, have msdn subscription from work, so technically windows 2003 was free. had it on a laptop to check it out. I might of enabled the firewall on xp, but for some reason i like zonealarm, and that is what work "requires" for machines that will be connecting to work.


You can run both if you want!


----------



## Redster (Jan 14, 2004)

Just to be on safe side, My wife's pc and mine both have XP firewall enabled, ZoneAlarm pro (legal version) running on both. We also have Norton's set to auto update every day and scan at 2am. Critical Windows updates set to check every day at 4am. I have cable modem and router. We have not been hit with virus's / worms / trojans in the 3 years I have been running this setup and with the programs running at off peak hours, it doesnt bother us at all. Wife is stubborn and still running a 300mhz machine. Depending on what time you set them,, there should be little to no impact on pc performance.


----------



## marko (Jan 9, 2003)

Redster said:


> Just to be on safe side, My wife's pc and mine both have XP firewall enabled, ZoneAlarm pro (legal version) running on both. We also have Norton's set to auto update every day and scan at 2am. Critical Windows updates set to check every day at 4am. I have cable modem and router. We have not been hit with virus's / worms / trojans in the 3 years I have been running this setup and with the programs running at off peak hours, it doesnt bother us at all. Wife is stubborn and still running a 300mhz machine. Depending on what time you set them,, there should be little to no impact on pc performance.


Hah, tell that to Norton Antivirus that used to take 2 days to run on my laptop.


----------



## Redster (Jan 14, 2004)

marko said:


> Hah, tell that to Norton Antivirus that used to take 2 days to run on my laptop.


Why did it take that long to run ? Something isnt right or you have a tremendous amount of files ? All of our laptops here at work have Nortons and we have no issues with them either.


----------



## HappyGoLucky (Jan 11, 2004)

kwajr said:


> DO you not find norton to be very resource intesive i run a 2.4 p4 and it still uses a lot i use avg now and it flawless www.grisoft.com


I'm using Norton AV 2004 on a P4 1.7GHz with 1GB PC800 RDRAM and it has very little impact on system performance, negligible. I have most of the defaults set, so it is checking all files all the time. On Friday evenings it runs a complete scan and that does make things a bit slower but since I rarely am using the computer at that time, it doesn't matter. In everyday use with Norton running in the background and checking incoming AND outgoing email, it isn't noticeably affecting performance. And I do a lot of video processing on this machine, and don't see any difference in times with Norton running or not.

On another machine, which is a 2.4GHz P4 with 512MB DDR SDRAM, it does take a bit longer to bootup, but once booted, no affect on performance.


----------



## firephoto (Sep 12, 2002)

Only problem I've noticed because of this worm is a general slowdown of the internet here. The wireless side of my isp is pretty much an open network with mac authentication so my firewall "sees" everyone else around on the wireless. The smoothwall firewall hasn't seen too many hits but I have a lot of the local isp customers ip addresses blocked because their windows boxes (and the isp's) are always spitting out something useless that the firewall blocks and I don't need it filling up my logs. I did a final M$ patch last fall on my machine here and haven't had any trouble since.


----------



## marko (Jan 9, 2003)

Redster said:


> Why did it take that long to run ? Something isnt right or you have a tremendous amount of files ? All of our laptops here at work have Nortons and we have no issues with them either.


Yes, there is a tremendous amount of files. Huge amounts. And it is funny, cause I need to keep the zip files of these files around, so norton not only searches through those files, but the searches the through the zip in those files.


----------



## HappyGoLucky (Jan 11, 2004)

marko said:


> Yes, there is a tremendous amount of files. Huge amounts. And it is funny, cause I need to keep the zip files of these files around, so norton not only searches through those files, but the searches the through the zip in those files.


You can add those zip files to the ignore list so they are not scanned again. With norton, you can add individual files, a list of files, types of files, entire directories, or even entire drives to the ignore list.


----------



## kwajr (Apr 7, 2004)

HappyGoLucky said:


> I'm using Norton AV 2004 on a P4 1.7GHz with 1GB PC800 RDRAM and it has very little impact on system performance, negligible. I have most of the defaults set, so it is checking all files all the time. On Friday evenings it runs a complete scan and that does make things a bit slower but since I rarely am using the computer at that time, it doesn't matter. In everyday use with Norton running in the background and checking incoming AND outgoing email, it isn't noticeably affecting performance. And I do a lot of video processing on this machine, and don't see any difference in times with Norton running or not.
> 
> On another machine, which is a 2.4GHz P4 with 512MB DDR SDRAM, it does take a bit longer to bootup, but once booted, no affect on performance.


and if you read pc world last month you will see that norton ranked near the bottom in test of detecting viruses evn old ones so for the money i will take free avg all dy long its better and free


----------



## Redster (Jan 14, 2004)

Well, guess whatever works best for the individual . Personally, Norton's works like a charm for me.


----------

