Page 1 of 1
Helped my cousin build a computer on Saturday in Canada. It's up and running. I walk away to eat, come back and he has Kazaa installed and downloadin stuff already. I quickly uninstall it but it's too late. PC starts rebooting every 5 minutes. SoBig virus
PostPosted:Mon Sep 29, 2003 8:55 am
by G-man Joe
<div style='font: 11pt "Fine Hand"; text-align: left; '>Helped my cousin build a computer on Saturday in Canada. It's up and running. I walk away to eat, come back and he has Kazaa installed and downloadin stuff already. I quickly uninstall it but it's too late. PC starts rebooting every 5 minutes. SoBig virus got him. DAMN! That was fast.</div>
PostPosted:Mon Sep 29, 2003 1:37 pm
by Zeus
<div style='font: 9pt ; text-align: left; '>Those stupid Canadians, huh? I mean, don't they even know Kazaa Lite exists?</div>
PostPosted:Mon Sep 29, 2003 1:42 pm
by G-man Joe
<div style='font: 11pt "Fine Hand"; text-align: left; '>He's a newb to PCs.</div>
PostPosted:Mon Sep 29, 2003 9:54 pm
by the Gray
<div style='font: 12pt ; text-align: left; '>Kazaalite? eMule everyone, EMULE!</div>
That's not Sobig, and it's not because of Kazaa...
PostPosted:Tue Sep 30, 2003 9:41 am
by SineSwiper
<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '>You dumbass...you installed XP without doing an automatic update?! AS SOON AS YOU LOAD XP OR 2000, you MUST do an automatic update!!! The Blaster virus installs itself without ANY help from you, as long as you have the security hole. And any default install of XP or 2000 WILL have the security hole, so you have to patch yourself as soon as possible.
People with Windows 2000 with IIS have the same problem with CodeRed and Nimda. Since it's an automatic installer virus that uses a security hole to get inside, all it takes is a default install of 2000 and IIS turned on.</div>
PostPosted:Tue Sep 30, 2003 9:58 am
by G-man Joe
<div style='font: 11pt "Fine Hand"; text-align: left; '>PC setup brand new. Only Xp installed. He connects the DSL and downloards Kazaa with adwares now running. He downloads a song. He gets the RPC. I disable the reboot. I find SoBig virus with Symantec's freebee. Therefore, it's the SoBig virus. Case closed.</div>
PostPosted:Tue Sep 30, 2003 11:46 am
by Shellie
<div style='font: 10pt georgia; text-align: left; '><b>Link:</b> <a href="
http://securityresponse.symantec.com/av ... mm.html</a>
Maybe he had both. SoBig is a mass emailing worm. It doesnt shutdown your pc using the RPC exploit. Did you use the fix that eliminates the most common worms, or a specific fix for sobig?</div>
PostPosted:Tue Sep 30, 2003 11:47 am
by Shellie
<div style='font: 10pt georgia; text-align: left; '>Also, from Symantec: "The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003."</div>
PostPosted:Tue Sep 30, 2003 1:04 pm
by G-man Joe
<div style='font: 11pt "Fine Hand"; text-align: left; '>I never did check the date on the computer. I'll have to call him tonight. =8^D</div>
PostPosted:Thu Oct 02, 2003 1:47 am
by SineSwiper
<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '><b>Link:</b> <a href="
http://vil.nai.com/vil/stinger/">Stinger</a>
Try Stinger instead. It searches for the most common viruses, including Sobig and Blaster. But anything related to the RPC shutdown bug is only Blaster or Welchia/Nochi.</div>
PostPosted:Thu Oct 02, 2003 8:29 am
by G-man Joe
<div style='font: 11pt "Fine Hand"; text-align: left; '>Oh. Well....he's in Barrie, Ontario. Hopefully he's learning this "computer" thing and begins his young life as a computer geek. =8^)</div>