Home | Community | Message Board

KykeonAnalytics.com
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Bridgetown Botanicals Bridgetown Botanicals

Jump to first unread post Pages: 1 | 2 | 3 | 4 | Next >  [ show all ]
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
attention: if your computer is rebooting itself, read this
    #1802287 - 08/11/03 03:22 PM (20 years, 9 months ago)

and you see this pop up:

if you're using windows NT4, 2000, xp home/pro, or windows 2003, and you see this, you've been hit with the newest root vulnerability.

IF YOUR COMPUTER KEEPS TRYING TO RESTART ITSELF, READ THIS. IF YOU'VE INSTALLED THE PATCH AND IT'S STILL HAPPENING, YOU DIDN'T INSTALL IT RIGHT. EITHER WAY, YOU'RE FUCKED. FORMAT AND REINSTALL FROM KNOWN-GOOD COPIES. YOU HAVE BEEN COMPROMISED.

Q. My computer keeps restarting after something to do with a Remote Procedure Call (RPC) terminates unexpectedly. WHAT THE HELL IS THIS?
A. You've been hit by the RPC exploit, a serious flaw in the Windows NT line of Windows products (NT, 2000, XP, and 2003 Server). If this has happened, your system has been compromised, and your only option is pretty much to reformat and reinstall all your programs from known-good sources. Any single part of your system could be infected with who-knows-what, as the RPC exploit gives a malacious user unrestricted access to your system.

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
Re: attention: if your computer is rebooting itself, read th [Re: riffic]
    #1802293 - 08/11/03 03:25 PM (20 years, 9 months ago)

See this Microsoft article detailing the exploit. Go to Windows Update and install patches more often.

Edited by riffic (08/11/03 03:26 PM)

Extras: Filter Print Post Top
InvisiblePjS
Jack Of AllDongs

Registered: 12/18/99
Posts: 3,485
Loc: gototheshow dot com
Re: attention: if your computer is rebooting itself, read th [Re: riffic]
    #1802332 - 08/11/03 03:36 PM (20 years, 9 months ago)

That explains all the attempts on the RPC ports lately..


--------------------
**************

(Ped) Slavery leads to rebellion which leads to liquor store robberies, rap and hip-hop


Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
RPC exploit variant [Re: PjS]
    #1802387 - 08/11/03 03:53 PM (20 years, 9 months ago)

http://oc192.netfirms.com/projects/downloads/oc192-dcom.c

Notice the new exploit code, specifically:
Quote:

* - Shellcode has been modified to call ExitThread, rather than ExitProcess, thus
* preventing crash of RPC service on remote machine.



Now there won't be any obvious evidence of infection.

If you haven't patched and you connect directly to the Internet without benefit of a firewall (or even a NAT), then there exists a great possibility that you're infected and you don't even know it.

Yes, this is quite serious.

Extras: Filter Print Post Top
OfflinekREATION1
kяедτιסи1

Registered: 07/14/01
Posts: 157
Last seen: 16 years, 11 months
Re: RPC exploit variant [Re: riffic]
    #1802543 - 08/11/03 04:39 PM (20 years, 9 months ago)

ive been getting that same shit over here man, since yesterday. didnt know what was happening so now im cleaning up my computer and making it ready to format.


--------------------
"an immigrant from heaven on earth with a work visa"

Extras: Filter Print Post Top
Anonymous #1

Re: RPC exploit variant [Re: kREATION1]
    #1802557 - 08/11/03 04:43 PM (20 years, 9 months ago)

me too.

how do i fix it?

i have a firewall, its still happening. can i stop it?

do i really have to reformat? ;[

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
Re: RPC exploit variant [Re: ]
    #1802589 - 08/11/03 04:51 PM (20 years, 9 months ago)

Quote:

immaculate said:


do i really have to reformat? ;[


you dont HAVE TO, however, you're probably infected with a dozen or more viruses and trojans and you wouldn't even know it, because someone has/had ROOT access to your computer to install whatever they want.

take this seriously, people.

the only way to be sure you're safe is to wipe your drives and install from clean media, that is, CD-ROM.

the patch is just preventative. if you've been hit by this, reformat and reinstall as soon as possible, and be sure to backup what you need first.

Extras: Filter Print Post Top
Offlinemilddub
Future MushroomGod

Registered: 07/24/03
Posts: 70
Last seen: 17 years, 8 months
Re: RPC exploit variant [Re: riffic]
    #1802599 - 08/11/03 04:54 PM (20 years, 9 months ago)

Im pretty sure you check out the Microsoft website. The news of this patch was all over the news today.

-Wayne

Extras: Filter Print Post Top
Anonymous #1

Re: RPC exploit variant [Re: riffic]
    #1802618 - 08/11/03 04:59 PM (20 years, 9 months ago)

fucckkkkk.

so what else can happen with it? anything other than shutting my pc down?

Extras: Filter Print Post Top
OfflinePDU
travel kid vs.amerika
 User Gallery

Registered: 12/03/02
Posts: 10,675
Loc: beautiful BC
Last seen: 8 years, 8 months
Re: RPC exploit variant [Re: ]
    #1802705 - 08/11/03 05:18 PM (20 years, 9 months ago)

Im interested to know whats the worst that can happen too. I have over 6000mp3's which were very hard to find...and i REALLY dont want to lose them all to reformating.


--------------------
GO OUTSIDE.

Extras: Filter Print Post Top
InvisiblePjS
Jack Of AllDongs

Registered: 12/18/99
Posts: 3,485
Loc: gototheshow dot com
Re: RPC exploit variant [Re: PDU]
    #1802730 - 08/11/03 05:26 PM (20 years, 9 months ago)

Worst is pretty much everything short of destroying your hardware physically.

Disconnect from the Internet now, backup your mp3s.


--------------------
**************

(Ped) Slavery leads to rebellion which leads to liquor store robberies, rap and hip-hop


Extras: Filter Print Post Top
OfflineRonoS
DSYSB since '01
Male User Gallery

Registered: 01/25/01
Posts: 16,259
Loc: Calgary, Alberta
Last seen: 1 year, 2 months
Re: attention: if your computer is rebooting itself, read this [Re: riffic]
    #1802736 - 08/11/03 05:28 PM (20 years, 9 months ago)

DON"T FORMAT! IT'S A WORM THAT IS EASILY FIXED...JUST READ BELOW AND GO TO THE LINK PROVIDED.


Name: W32.Blaster.Worm

Category: 3

Virus Definitions: August 11, 2003 (US Pacific Time)

Type: Worm

W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability using TCP port 135. It will attempt to download and run a file, msblast.exe.



When W32.Blaster.Worm is executed, it will do the following:

Adds the value:

"windows auto update"="msblast.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the worm runs when you start Windows.

Send data on TCP port 135 that may exploit the DCOM RPC vulnerabilty to allow the following actions to occur on vulnerable machine:

the worm to be download and run using the program tftp.



----------

For additional information, visit our website at http://securityresponse.symantec.com



--------------------
"Life has never been weird enough for my liking"

Edited by Rono (08/11/03 05:29 PM)

Extras: Filter Print Post Top
OfflinePDU
travel kid vs.amerika
 User Gallery

Registered: 12/03/02
Posts: 10,675
Loc: beautiful BC
Last seen: 8 years, 8 months
Re: attention: if your computer is rebooting itself, read this [Re: Rono]
    #1802758 - 08/11/03 05:35 PM (20 years, 9 months ago)

alright, well supposedly a solution was offered in the post above, but it means absolutely nothing...that was completely foreign to me :s


--------------------
GO OUTSIDE.

Extras: Filter Print Post Top
Invisibleluvdemshrooms
Two inch dick..but it spins!?
 User Gallery


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
Re: attention: if your computer is rebooting itself, read this [Re: PDU]
    #1802801 - 08/11/03 05:50 PM (20 years, 9 months ago)

Click on the link Rono posted. There are more detailed instructions there. You do have anti-virus software don't you?


--------------------
You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
Re: attention: if your computer is rebooting itself, read th [Re: Rono]
    #1802812 - 08/11/03 05:54 PM (20 years, 9 months ago)

yeah you can fix that particular worm but there are other variants of this exploit that are coming out that aren't coming up on a virus scanner...

besides, do you realize what it means when someone has root access to your computer? it means you should not trust a single binary file on that drive, and the only way to guarantee a 100percent clean system is to wipe and install from last known good configuration, or clean media.

Quote:

Rono said:
DON"T FORMAT! IT'S A WORM THAT IS EASILY FIXED...JUST READ BELOW AND GO TO THE LINK PROVIDED.



and honestly, if you knew anything about -security-, especially computer security, seeing how this is a security & safety forum, it's pretty irresponsible to advise users NOT to reformat after they've been rooted.

Edited by riffic (08/11/03 06:01 PM)

Extras: Filter Print Post Top
Invisibleluvdemshrooms
Two inch dick..but it spins!?
 User Gallery


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
Re: RPC exploit variant [Re: PDU]
    #1802826 - 08/11/03 05:57 PM (20 years, 9 months ago)

Quote:

PDU said:
Im interested to know whats the worst that can happen too. I have over 6000mp3's which were very hard to find...and i REALLY dont want to lose them all to reformating.



There is no virus able to infect mp3's.

No mp3 viruses




--------------------
You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers

Extras: Filter Print Post Top
OfflinePDU
travel kid vs.amerika
 User Gallery

Registered: 12/03/02
Posts: 10,675
Loc: beautiful BC
Last seen: 8 years, 8 months
Re: RPC exploit variant [Re: luvdemshrooms]
    #1802839 - 08/11/03 06:01 PM (20 years, 9 months ago)

Quote:

luvdemshrooms said:
Quote:

PDU said:
Im interested to know whats the worst that can happen too. I have over 6000mp3's which were very hard to find...and i REALLY dont want to lose them all to reformating.



There is no virus able to infect mp3's.

No mp3 viruses

No, thats not what i was saying, i mean, i dont want to format my harddrive and clean all my media off....losing it forever. its not like i can just put it onto disc...

And no, id ont have anti-virus hardware...just an online scan.






--------------------
GO OUTSIDE.

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 2 months
Re: RPC exploit variant [Re: PjS]
    #1802851 - 08/11/03 06:04 PM (20 years, 9 months ago)

Quote:

PjS said:
Worst is pretty much everything short of destroying your hardware physically.

Disconnect from the Internet now, backup your mp3s.


if you were paying me my usual fee, I'd back up your mp3s and other non-executable data onto cd-r or another hard drive, and then I would procede to wipe your windows partition.

Extras: Filter Print Post Top
Invisibleluvdemshrooms
Two inch dick..but it spins!?
 User Gallery


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
Re: RPC exploit variant [Re: PDU]
    #1802856 - 08/11/03 06:05 PM (20 years, 9 months ago)

I just wanted to assure you there is no need. Copy your mp3's onto cd-r's no matter what else you do. 6,000 is a lot to lose if your hard drive cooks.

And get Norton or McAfee Anti-Virus right away.

*kids* *sheesh*


--------------------
You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers

Extras: Filter Print Post Top
OfflinePDU
travel kid vs.amerika
 User Gallery

Registered: 12/03/02
Posts: 10,675
Loc: beautiful BC
Last seen: 8 years, 8 months
Re: RPC exploit variant [Re: luvdemshrooms]
    #1802871 - 08/11/03 06:08 PM (20 years, 9 months ago)

Kids without money for expensive anti virus software....yeah, we suck. It would take so fucking long to copy 700 hours + of music onto cd....


--------------------
GO OUTSIDE.

Extras: Filter Print Post Top
Jump to top Pages: 1 | 2 | 3 | 4 | Next >  [ show all ]

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Bridgetown Botanicals Bridgetown Botanicals


Similar ThreadsPosterViewsRepliesLast post
* The BASICS of Securing your computer and E-mail. Cyber 2,691 12 06/09/09 03:34 PM
by Alan Rockefeller
* Is someone snooping in on my computer? cubeladd 885 6 12/16/05 07:18 PM
by Vvellum
* !!Web admins attention required immediately!! bub_x 692 4 07/04/04 01:10 PM
by matts
* Is there a way to put a password on my computer? ShamanSean 2,038 12 01/01/03 08:40 AM
by mntlfngrs
* Erasing Computer History DimeBDRocker 603 7 08/31/05 08:31 PM
by rod
* Urgent !! Backdoor access into my computer ShroomingNJ 985 16 09/26/05 06:48 PM
by NCognito
* Intruders on my computer Captain Loafy McPoopdick 822 8 02/26/05 12:00 AM
by Vvellum
* My computer was controlled!!! Help!! zaihuisho1 1,113 7 01/21/05 01:48 PM
by adoseofparn0z

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
8,338 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.023 seconds spending 0.004 seconds on 15 queries.