Help!

[micron]

Lately when I start my machine it wants to connect to the internet. I was very suspicious becuase the last time I had this problem I had a virus. I ran the Microsoft System Configuration Utility and found this line: "C:\WINDOWS\SYSTEM\Dnetc.exe -hide". I thought that was a little strange because my dnet client is installed in a differant directory. So I went to C:\WINDOWS\SYSTEM\ and found another client. Here's what was in it's dnetc.ini:

[parameters]
id=gentleps@muohio.edu

[misc]
project-priority=OGR,RC5:0,CSC:0,DES:0

[rc5]
fetch-workunit-threshold=64

[ogr]
fetch-workunit-threshold=16

[triggers]
restart-on-config-file-change=yes

What's wrong? Please Help!!!

 

[nateholtrop]

Try to delete the additional client. Or if you can't change id to anandtech

HA

nate

 

[Russ]

micron,

Looks like you got a worm. Report all the information to dnet.

Russ, NCNE

 

[ViRGE]

That's a worm running around. This specific one looks like the one that targets Moose(it's an attack against him, not his own work). Pick up the worm remove utility at http://www1.distributed.net/~bovine/wormfree.zip to remove it.

 

[ViRGE]

Also, do a security check on your machine. It looks like you may have an open file share, as that's how most of the Dnet worms have been propogating.:Q

 

[micron]

Thanks Guys! How do you think I got the worm?

 

[ViRGE]

The worm uses open Window shares to move about. If you have file sharing on, and it's not 100% secure, then a worm that randomly finds your IP addy at the moment will attempt to copy itself to you. If it does, then it'll set itself up, and steal your CPU cycles.:|

 

[Moose]

The wormfree application above should warn you if you have drive shares that are not protected by passwords. if you must use drive shares only share the directories that you need to share and even then password protect the share and only allow write access if it is completely necessary.

Sorry to hear you got the worm. You can read about this worm and others that are related to it at:

http://n0cgi.distributed.net/cgi/dnet-finger.cgi?user=bovine

and my .plan at:

http://n0cgi.distributed.net/cgi/dnet-finger.cgi?user=moose

mine basicly explains that I have become the target of this malicious person.

if you have any questions that anyone at distributed.net can answer for you please feel free to mail me (moose@distributed.net) or mail our help (help@distributed.net) or if you have a problem with something at distributed.net abuse@distributed.net.

Thanks
moose

 

[RaySun2Be]

Moose,
Thanks for the info, good to hear from you, and man it SUCKS big time they chose to target you.

Being a recipient of the Phantom Flusher:| blocks, I know how you feel a little.

Take care,
Dennis AKA RaySun2Be