Hello,
Please give me an immediate response on the following issue.
see the Attached file..
Thanks.
Full Version: Attempt to attack
QUOTE(sma_sma @ 11.12.2008 13:25) 
Please give me an immediate response on the following issue.
see the Attached file..
see the Attached file..
Kaspersky BLOCKED the attack, so you're safe.
Do you have Windows update KB958644 (MS08-067) installed? This is a very serious vulnerability that MUST be patched.
Paul
QUOTE(p2u @ 12.12.2008 22:55)
Kaspersky BLOCKED the attack, so you're safe.
Do you have Windows update KB958644 (MS08-067) installed? This is a very serious vulnerability that MUST be patched.
Paul
Do you have Windows update KB958644 (MS08-067) installed? This is a very serious vulnerability that MUST be patched.
Paul
Hello,
Thanks your reply.
can you please how am I download the patch.
please help me to download the patch (Link).
waiting your reply...
Thanks.
QUOTE(sma_sma @ 15.12.2008 07:29)
Hello,
Thanks your reply.
can you please how am I download the patch.
please help me to download the patch (Link).
waiting your reply...
Thanks.
Thanks your reply.
can you please how am I download the patch.
please help me to download the patch (Link).
waiting your reply...
Thanks.
http://www.microsoft.com/technet/security/...n/MS08-067.mspx
Hi Sir
Your computer is safe but,
Those computers are showing on Anti-hacker protection may be infected by net-worm.
i found many user had infected this Net-worm in TH because they did not install latest Microsoft patch!
First of all, How to know that which computer is still infected
1. Using Netstat -an command, you will see many connection to other IP-address destination by port 445
2. if use some network monitor program (such as a port, active port), will see many svchost.exe service is sending many packet to other IP-address by port 445
3. May has unknown service in services.msc, (not have any information such as description, status, startup type. all column are blank)
How to protect and clean from Networm
1. Must install latest Microsoft patch on every computers: http://www.microsoft.com/technet/security/...n/MS08-067.mspx (Must install each patch for suitable OS and restart)
2.1 If you are using Kaspersky AV, can choose one of following ways
-Update virus signature, Reboot in Safemode!, Scan virus in critical area or mycomputer. (.dll is locate in system32)
-Update virus signature, Reboot and Scan by BartPE with KAV CD-Rom in PEmode.
*** Can not detected by Kaspersky Lab in Normal mode because the virus having hook into svchost.exe. If you can not restart computer (server), you must unhook the virus out of svchost.exe by using "Unlocker" program.
2.2 if you do not use Kaspersky, you must delete all infecting file by manual in regedit. see in detail here
-go to HKLM>software>microsoft>winnt>currentversion>svchost
-see at right panel of svchost, double-click at value name “netsvcs"
-see at last line in new dialog, find random name of virus such as rbydwcit, ukcsbkgc in last line. Delete virus name from value data dialog
-remember "virus name" that you found from above
-go to HKLM>system>controlset001>services>"virus name">parameters
-see at right panel of parameters, find random.dll file (such as ydrarqme.dll). Delete HKLM>system>controlset001>services>"virus name".
-remember ".dll file" that you found from above
-go to c:\windows\system32
-find "random.dll". Delete .dll in Safemode. (If you can not restart computer (server), you must unhook the virus first by using "Unlocker" program)
Gd Luck
Your computer is safe but,
Those computers are showing on Anti-hacker protection may be infected by net-worm.
i found many user had infected this Net-worm in TH because they did not install latest Microsoft patch!
First of all, How to know that which computer is still infected
1. Using Netstat -an command, you will see many connection to other IP-address destination by port 445
2. if use some network monitor program (such as a port, active port), will see many svchost.exe service is sending many packet to other IP-address by port 445
3. May has unknown service in services.msc, (not have any information such as description, status, startup type. all column are blank)
How to protect and clean from Networm
1. Must install latest Microsoft patch on every computers: http://www.microsoft.com/technet/security/...n/MS08-067.mspx (Must install each patch for suitable OS and restart)
2.1 If you are using Kaspersky AV, can choose one of following ways
-Update virus signature, Reboot in Safemode!, Scan virus in critical area or mycomputer. (.dll is locate in system32)
-Update virus signature, Reboot and Scan by BartPE with KAV CD-Rom in PEmode.
*** Can not detected by Kaspersky Lab in Normal mode because the virus having hook into svchost.exe. If you can not restart computer (server), you must unhook the virus out of svchost.exe by using "Unlocker" program.
2.2 if you do not use Kaspersky, you must delete all infecting file by manual in regedit. see in detail here
-go to HKLM>software>microsoft>winnt>currentversion>svchost
-see at right panel of svchost, double-click at value name “netsvcs"
-see at last line in new dialog, find random name of virus such as rbydwcit, ukcsbkgc in last line. Delete virus name from value data dialog
-remember "virus name" that you found from above
-go to HKLM>system>controlset001>services>"virus name">parameters
-see at right panel of parameters, find random.dll file (such as ydrarqme.dll). Delete HKLM>system>controlset001>services>"virus name".
-remember ".dll file" that you found from above
-go to c:\windows\system32
-find "random.dll". Delete .dll in Safemode. (If you can not restart computer (server), you must unhook the virus first by using "Unlocker" program)
Gd Luck
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.