We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
New Worm Disabling A/v & Firewalls
Options
pchelpman
Posts: 1,275 Forumite
in Techie Stuff
Spread over MSN this worm can disable Antivirus/Firewalls.
If you think you may be infected scan your computer with HijackThis. Look at the results but DO NOT CHANGE ANYTHING without advice. These entries will suggest if you have this new infection ....
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamingunderground.us/index.php
F3 - REG:win.ini: run=C:\WINDOWS\System32\[random foldername]\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\[random foldername]\csrss.exe
O4 - startup: csrss.lnk = ?
If you are infected then start a new thread in this forum and someone will help you.
As ever people .... be careful out there.
If you think you may be infected scan your computer with HijackThis. Look at the results but DO NOT CHANGE ANYTHING without advice. These entries will suggest if you have this new infection ....
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamingunderground.us/index.php
F3 - REG:win.ini: run=C:\WINDOWS\System32\[random foldername]\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\[random foldername]\csrss.exe
O4 - startup: csrss.lnk = ?
If you are infected then start a new thread in this forum and someone will help you.
As ever people .... be careful out there.
0
Comments
-
bump .....0
-
Would it be this one!
this bug is particularly bad.
read the excerpt from the email alert:
Websense® Security Labs ™ has received several reports of a new worm, "Nugache", which is spreading on AOL/MSN Instant Messenger networks and as an e-mail attachment by exploiting several workstation vulnerabilities. The worm opens a back door on TCP port 8, and installs a bot to wait for commands from the attacker. The command & control channel that is used is unique, as the bot appears to connect to infected peers instead of a static list. A peer-to-peer command & control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems.
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=478Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.0 -
There are some emails and alerts like this that are scams too.
The idea goes, if you have "x" in your registary you have some nasty, please delete it and you will be ok.
In fact they have you deleting legit and important windows services. So just be careful!
(Note I am not suggesting that the OP was one of these)
Olly## No signature by order of the management ##0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards