micron

Diamond Member
Oct 9, 1999
7,228
0
0
Lately when I start my machine it wants to connect to the internet. I was very suspicious becuase the last time I had this problem I had a virus. I ran the Microsoft System Configuration Utility and found this line: "C:\WINDOWS\SYSTEM\Dnetc.exe -hide". I thought that was a little strange because my dnet client is installed in a differant directory. So I went to C:\WINDOWS\SYSTEM\ and found another client. Here's what was in it's dnetc.ini:

[parameters]
id=gentleps@muohio.edu

[misc]
project-priority=OGR,RC5:0,CSC:0,DES:0

[rc5]
fetch-workunit-threshold=64

[ogr]
fetch-workunit-threshold=16

[triggers]
restart-on-config-file-change=yes

What's wrong? Please Help!!!
 

Russ

Lifer
Oct 9, 1999
21,093
3
0
micron,

Looks like you got a worm. Report all the information to dnet.

Russ, NCNE
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Also, do a security check on your machine. It looks like you may have an open file share, as that's how most of the Dnet worms have been propogating.:Q
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
The worm uses open Window shares to move about. If you have file sharing on, and it's not 100% secure, then a worm that randomly finds your IP addy at the moment will attempt to copy itself to you. If it does, then it'll set itself up, and steal your CPU cycles.:|
 

Moose

Member
Apr 8, 2000
180
0
0
The wormfree application above should warn you if you have drive shares that are not protected by passwords. if you must use drive shares only share the directories that you need to share and even then password protect the share and only allow write access if it is completely necessary.

Sorry to hear you got the worm. You can read about this worm and others that are related to it at:

http://n0cgi.distributed.net/cgi/dnet-finger.cgi?user=bovine

and my .plan at:

http://n0cgi.distributed.net/cgi/dnet-finger.cgi?user=moose

mine basicly explains that I have become the target of this malicious person.

if you have any questions that anyone at distributed.net can answer for you please feel free to mail me (moose@distributed.net) or mail our help (help@distributed.net) or if you have a problem with something at distributed.net abuse@distributed.net.

Thanks
moose
 

RaySun2Be

Lifer
Oct 10, 1999
16,565
6
71
Moose,
Thanks for the info, good to hear from you, and man it SUCKS big time they chose to target you. :(

Being a recipient of the Phantom Flusher:| blocks, I know how you feel a little.

Take care,
Dennis AKA RaySun2Be