Helped my cousin build a computer on Saturday in Canada. It's up and running. I walk away to eat, come back and he has Kazaa installed and downloadin stuff already. I quickly uninstall it but it's too late. PC starts rebooting every 5 minutes. SoBig virus

[G-man Joe]

<div style='font: 11pt "Fine Hand"; text-align: left; '>Helped my cousin build a computer on Saturday in Canada. It's up and running. I walk away to eat, come back and he has Kazaa installed and downloadin stuff already. I quickly uninstall it but it's too late. PC starts rebooting every 5 minutes. SoBig virus got him. DAMN! That was fast.</div>

[Zeus]

<div style='font: 9pt ; text-align: left; '>Those stupid Canadians, huh? I mean, don't they even know Kazaa Lite exists?</div>

[G-man Joe]

<div style='font: 11pt "Fine Hand"; text-align: left; '>He's a newb to PCs.</div>

[the Gray]

<div style='font: 12pt ; text-align: left; '>Kazaalite? eMule everyone, EMULE!</div>

[SineSwiper]

<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '>You dumbass...you installed XP without doing an automatic update?! AS SOON AS YOU LOAD XP OR 2000, you MUST do an automatic update!!! The Blaster virus installs itself without ANY help from you, as long as you have the security hole. And any default install of XP or 2000 WILL have the security hole, so you have to patch yourself as soon as possible.

People with Windows 2000 with IIS have the same problem with CodeRed and Nimda. Since it's an automatic installer virus that uses a security hole to get inside, all it takes is a default install of 2000 and IIS turned on.</div>

[G-man Joe]

<div style='font: 11pt "Fine Hand"; text-align: left; '>PC setup brand new. Only Xp installed. He connects the DSL and downloards Kazaa with adwares now running. He downloads a song. He gets the RPC. I disable the reboot. I find SoBig virus with Symantec's freebee. Therefore, it's the SoBig virus. Case closed.</div>

[Shellie]

<div style='font: 10pt georgia; text-align: left; '><b>Link:</b> <a href="http://securityresponse.symantec.com/av ... mm.html</a>

Maybe he had both. SoBig is a mass emailing worm. It doesnt shutdown your pc using the RPC exploit. Did you use the fix that eliminates the most common worms, or a specific fix for sobig?</div>

[Shellie]

<div style='font: 10pt georgia; text-align: left; '>Also, from Symantec: "The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003."</div>

[G-man Joe]

<div style='font: 11pt "Fine Hand"; text-align: left; '>I never did check the date on the computer. I'll have to call him tonight. =8^D</div>

[SineSwiper]

<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '><b>Link:</b> <a href="http://vil.nai.com/vil/stinger/">Stinger</a>

Try Stinger instead. It searches for the most common viruses, including Sobig and Blaster. But anything related to the RPC shutdown bug is only Blaster or Welchia/Nochi.</div>

[G-man Joe]

<div style='font: 11pt "Fine Hand"; text-align: left; '>Oh. Well....he's in Barrie, Ontario. Hopefully he's learning this "computer" thing and begins his young life as a computer geek. =8^)</div>