New worm!

tossi

Der kleine Prinz
Joined
Nov 30, 2003
Messages
2,636
Location
Deutschland/Norge
If you are having strange problems with your pc (password requests, restarts, slowness...) I suggest using strg+alt+enf to search for a process called "adserve". This single process will use 30-70% of your ressources. Stop it and use google or this nice link to get rid of your little 1st may present.
 
Thanks for the link :goodjob:; I just got hit with this damn worm... :mad: Now applying the update...
 
What is "strg-alt-enf"?

I recognize the alt, but what about the other two . . . ?
 
Do yourselves a favor....after applying the McAfee update and/or running Stinger, check the registry and your directory for the files in the McAfee manual removal information.

McAfee's DAT updates are usually right on the money, but DAT 4354, which was supposed to deal with Bagle.aa only removed some of the infected files.

On Thursday I ended up manually removing remaining files from about 15 computers on our network at work. I didn't work on Friday, so I don't know if there were actually more.
 
Originally posted by ainwood
I presume its the german equivalents of ctrl-alt-delete. That will bring up the task manager, and allow you to see what processes are running.

right:

Strg = Steuerungstaste -> Control
Entf = Entfenen -> Delete
 
One bank here in Finland was struck by it. They're starting to recover from it now. Windows update anyone? How about firewall?
 
Originally posted by Rheinmetall
One bank here in Finland was struck by it. They're starting to recover from it now. Windows update anyone? How about firewall?

It's entirely possible to have a firewall and still get hurt by this. It all depends on how you have that firewall configured :)

The company I work for has extremely stringent firewall rules, and allows nothing inbound, and the only thing outbound is http, which is proxied via an authenticated proxy. This cuts done to almost nothing the worms we get, and most of those are from vendor laptops that are brought in, and plugged in against corporate policy.

It also helps that we ensure that all* machines are patched after the patches have been tested in our labs, and all* machines have virus scanning software on them, which is updated weekly.


* When I say all, I mean all workstations that the IT department knows about. Periodic scans are run of the network to detect unauthorized machines, and all effort is made to keep that list down to almost 0. There are probably under 50 machines company wide that aren't patched and protected.
 
Apparently, the key factor in this one is the security patch.

The link to Microsoft Security is here
 
I just double checked using control-alt-delete and went to the process window and luckly I have not been struck with this worm :).
 
Originally posted by jimmydean
It's entirely possible to have a firewall and still get hurt by this. It all depends on how you have that firewall configured :)

The company I work for has extremely stringent firewall rules, and allows nothing inbound, and the only thing outbound is http, which is proxied via an authenticated proxy. This cuts done to almost nothing the worms we get, and most of those are from vendor laptops that are brought in, and plugged in against corporate policy.

It also helps that we ensure that all* machines are patched after the patches have been tested in our labs, and all* machines have virus scanning software on them, which is updated weekly.


* When I say all, I mean all workstations that the IT department knows about. Periodic scans are run of the network to detect unauthorized machines, and all effort is made to keep that list down to almost 0. There are probably under 50 machines company wide that aren't patched and protected.

You forgot incompetent users from your list. :) They can be a security risk too.

A slight update to the bank news. They probably weren't hit that bad by the worm but just played it safe and shut their systems and updated.
 
jimmydean said:
It's entirely possible to have a firewall and still get hurt by this. It all depends on how you have that firewall configured :)

The company I work for has extremely stringent firewall rules, and allows nothing inbound, and the only thing outbound is http, which is proxied via an authenticated proxy. This cuts done to almost nothing the worms we get, and most of those are from vendor laptops that are brought in, and plugged in against corporate policy.

It also helps that we ensure that all* machines are patched after the patches have been tested in our labs, and all* machines have virus scanning software on them, which is updated weekly.


* When I say all, I mean all workstations that the IT department knows about. Periodic scans are run of the network to detect unauthorized machines, and all effort is made to keep that list down to almost 0. There are probably under 50 machines company wide that aren't patched and protected.

What company do you work for in Seattle? And what anti-virus are you using?
 
Neomega said:
What company do you work for in Seattle? And what anti-virus are you using?

I'd actually prefer not to say, security and all that ;)

I'm sure if you ask one of the moderators enough, they'd look up the IPs I post from, and let you know.

Anti-Virus wise, we have two deployments. Legacy clients are using Norton, while the new image is using Mcafee Enterprise 7.x, with EPO for updating and reporting.
 
Top Bottom