• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Virus detroyed my herd.

M

miken

Senior member
Permanent loss of all work PC's running Dnetc. Due to the w32.bymer virus all my work servers/workstations have had the dnet client removed.

🙁
 
Yes, It infects a PC with the dnetc-client (if already existent, it overwrites the dnetc.ini) via open-shared resources with no password.

D.net banned this guy already a few months ago, but the virus is circulating around (I found it a few times in the Netherlands).

More info can be found here.
 
miken,

Did you tell your boss that this virus infects ANY computer, not just ones already running the dnet client? It was the disk shares open on the network/internet that provided a means of the virus entering.

The dnet client still provides the same stress testing benefits and behaves in the same innocent manner as before this intruder came knocking.
 
That is really horrible! I got the same virus last weekend at home. Luckily, I was able to catch it quickly, within an hour. Miken, how many computers are you losing because of this virus?
 
🙁🙁🙁 Looks like everyone's herd needs to be like an investment portfolio: diversified. 🙁🙁🙁
 


<< . It scans random IP address over NetBIOS for computers that have shares named &quot;C&quot; and a Windows folder called &quot;Windows&quot;. When it finds one, it copies itself and the files &quot;dnetc.exe&quot; and &quot;dnetc.ini&quot; to the &quot;c:\windows\system&quot; folder of the remote computer. The file &quot;dnetc.exe&quot; is an encryption-cracking program from www.distributed.net, which is not the author of this worm. The samples received by AVERT are packed with the UPX file-compression utility. >>


From McAfee's info page on the worm.

No wonder this is so prevelant.

viz
 
Really, these same people are very lucky they haven't had a more lethal virus infected on them... If their computers are that wide open, even I could figure out how to do just about anything I want to their computer (and I am 'is suck' as a cracker/hacker).

Bymer, you are on my &quot;needs-to-be-shot-for-the-good-of-humanity&quot; list. :|

JHutch
 
He's a little paranoid now, so there is no hope of resurrecting my herd.

Herd included:

3 PIII 550 servers
2 PII 450 Workstations
1 P150 Web Server
2 Athlon 600 Workstations
1 dual PIII 450 Rack server
1 dual PII 300 File server

The real kicker was that in a week they were going to allow me to put it on the rest of the clients. About 25-40 more PII 450's, and if that went ok the facilities would have been next. 15 PII 300's. 🙁 🙁 🙁 I forget how many blocks that would crack, but as it was I was at 3-6k blocks depending on DB maintenance. (turn off overnight)
 
That's what I can't understand. Our computers weren't that wide open. We have NAV for exchange and Workstation, and our shares are PW protected. 🙁
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top