Possible new Virus???

[Yax]

So, yesterday and today, our office users have been seeing the following problems on their Windows machines. (I know some of you will say YUCK Windows, but office folks need it as they can't use linux like you).

1. RPC errors on some machines before it reboots.
2. Random reboots by something like NTAuth.
3. System slows to a crawl.

Running Virus scan finds nothing, its like the Mblast but none of the usual files or registry keys for that virus is present.

Very strange.

The only solution I found was to run the latest Critical Security patches from Microsoft. After that, the problem goes away.

Has anyone else seen this problem?

 

[Chadder007]

NetSky?

 

[slick230]

Donkey punch your users and tell them to stop emailing their idiot friends and to stop opening every damn attachment they get.

 

[SociallyChallenged]

Originally posted by: slick230
Donkey puch your users and tell them to stop emailing their idiot friends and to stop opening every damn attachment they get.

Do it hard so they know that you're not screwin' around.

 

[Platypus]

flatten and reinstall.

 

[Yax]

Originally posted by: Chadder007
NetSky?

the symptoms were not consistent with netsky, plus NetSky.C was caught on one machine, which means thats a known virus. The machines' virus scan dat files were all updated, but none of them found the virus so it's probably something else.

 

[JustAnAverageGuy]

spybot?

 

[Platypus]

I seriously hope you're flattening and reinstalling.

 

[marleymarl]

turn on automatic MS updates so it downloads and installs the latest patches...or atleast turn it on so it notifies you

 

[FoBoT]

what AV are you running? what date are the definitions?

which patch actually stops it? (apply them one at a time to see which one really fixes it)

 

[Yax]

Originally posted by: FoBoT
what AV are you running? what date are the definitions?

which patch actually stops it? (apply them one at a time to see which one really fixes it)

Using NAV with the latest defn files, 2/25/04.

Edit: didn't try one at a time, just applied as many critical security patches as I could at one time. It took a loooong time to apply too. Then after reboot, everything was fine.

 

[FoBoT]

you can get 2/27 defs if you download the intelligent updater .exe

linked

Intelligent Updater:
Virus Definitions created February 27
Virus Definitions released February 27
Norton AntiVirus Corp. Edition:
Defs Version: 60227f
Sequence Number: 28197
Extended Version: 2/27/2004 rev. 6
Total Viruses Detected: 66054

maybe it is this mokbot - it uses the same exploit as blaster

 

[Platypus]

ok nevermind

 

[Yax]

Originally posted by: FoBoT
you can get 2/27 defs if you download the intelligent updater .exe

linked

Intelligent Updater:
Virus Definitions created February 27
Virus Definitions released February 27
Norton AntiVirus Corp. Edition:
Defs Version: 60227f
Sequence Number: 28197
Extended Version: 2/27/2004 rev. 6
Total Viruses Detected: 66054

maybe it is this mokbot - it uses the same exploit as blaster

Thanks. I'll try the intelligent updater. I looked for the msnet.exe file, but it wasn't found anywhere in the drive, so perhaps its not the mockbot. It could be a new strand though.