Contact Information
Service Finder

Blarg! 
is now 
November 21, 2009, 1:38am PST
Avvanta Home
Announcements
Services
Support
Setup Guides
Contact Information
Network Status

Search:
CCC/AvvantaMail
The Communications Control Center (CCC) enables you to read your email from any standard internet connection, manage your account, setup autoresponders, control your email filters, and much, much more. It can be accessed from www.avvantamail.com.
Security Notice - RPC Worm (W32.MSBlast / W32.LuvSan)
Posted by admin on 2003-08-12 11:29:51		 Print
On Monday August 11th a worm that exploits the Windows DCOM RPC vulnerability began to quickly spread over the internet. Unlike other recent worms, this worm does not spread via E-Mail. If you are running a vulnerable version of the Windows Operating System and connect to the internet you are vulnerable to infection.

The Microsoft Advisory for this vulnerability is MS03-026.

Symptoms:

Not all infections are immediately evident and the infection may not be noticed. Overt symptoms include:


  • When Windows starts up, you may get an error message which says that a file name "TFTP" (or something similar) cannot be found. The filename will have a random number at the end. For example, "TFTP2434".


  • The following error message occurs:
    "This system is shutting down. Please save all work. This shutdown was initiated by NT AUTHORITYSYSTEM Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly."
    The computer will then shut down within 1 minute - the shutdown cannot be aborted.


  • Less commonly you may see the following message:
    "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."
    After closing this error message the usual result is the "This system is shutting down" message previously noted along with the 1 minute countdown and automatic reboot.
Prevention:
Patches for this vulnerability can be obtained from the Windows Update service.

Platform specific patches can be found using the links below. If you are unsure which patch to apply, use the Microsoft HREF="http://www.windowsupdate.com/" target="newwin">Windows Update service.


Removal: If your system has been infected with this worm, most major antivirus
software companies have updated their Virus Definition files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:

Copyright © 1994-2009, Avvanta Communications Corporation, All Rights Reserved.