Jump to content
Posted 06 December 2009 - 01:43 AM
Posted 06 December 2009 - 10:12 PM
Posted 07 December 2009 - 05:15 PM
Posted 07 December 2009 - 05:19 PM
Posted 07 December 2009 - 05:22 PM
Posted 07 December 2009 - 11:17 PM
Posted 07 December 2009 - 11:42 PM
This threat exploits the MS03-026 vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user. The worm also creates a remote access point, allowing an attacker to run system commands at their choosing.
It is imperative that infected systems are patched prior to disinfecting a system. Some systems may be in a “crash loop” where each time the system is restarted, SVCHOST.EXE crashes and the user has 60 seconds before the system restarts. This action can continue to happen even after the virus is removed if the patch is not applied. It may be necessary to install/configure a firewall prior to downloading/installing this patch. Microsoft has outlined the necessary steps to address Windows issues when removing this virus. These actions should be taken prior to removing the virus (see below).
Posted 08 December 2009 - 01:39 AM
0 members, 0 guests, 0 anonymous users