System shutdown, against my will

[Endless]

Two executables are enough to do it:
- the first one to send the data to overflow the rpc buffer and allow the connection. Most of the time the reboot comes from that one failing the command, which forces the system to reboot (it's in the rpc service properties). Sometimes this one is split in two programs.
- the second is a quite common program, you use it to connect to the victim and open a remote shell.


These two exist on virtually any platform, and tutorials exist on how to use the exploit. That's why it's getting so common.

[RSL]

This is happeneing to me too. I downloaded the patch, but it won't install. It keeps giving me an error. This is getting really annoying.

Edit: This is the error message when I try to install the patch:

Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer.

I don't know what that means...

[Endless]

Did you get the standalone patch, or directly from Windows Update? Using the other method might work.

The cryptographic options should be in tools > internet options > advanced > scrool down to security.

[Dr Unne]

I've read that if it's the virus that I posted above, patching won't help you if you're already infected. Who knows though.

[Erdrick Holmes]

Geez, I htough ME had alot of friggen holes now XP is arfing up.

[RSL]

Nothing is working for me. This is extremely annoying. oh well.

[Dr Unne]

My sister has this virus now. Yay. Hopefully anti-virus company will release an easy-to-use auto-cleaner utility soon. *once again glad he uses linux*

[crono_logical]

McAfee and Symantec both appear to have stand alone removers now. There's a link to one on the link Unne posted earlier, the McAfee one is on www.mcafee.com , just follow the links for information on W32/LovSan.worm near the top right.

[Burtsplurt]

I've got it as well. *very annoyed*

Edit: the Symantec remover seems to have worked, and I've installed the patch. Many thanks to the advice in this thread.

[Dr Unne]

Anyone want to start a contest to see who gets probed on port 135 the most times? I'm up to 36 since I started logging it last night. EDIT: make that 37.

[Miriamel]

Microsoft is confusing me. No news there, but do I have to install this Service Pack 1 to even install the patch? And how do I know if I have the 32bit or 64bit version of Windows XP?

[crono_logical]

I've had 0 probes since my IP address is 192.168.0.3 And the router PC is firewalled and running scanners etc. too.

Miriamel: You've likely got the 32-bit one, I doubt you have a high-end several-thousand-$ multi-CPU server, but a normal Pentium 1/2/3/4 or AMD Athlon or some variation, which are currently 32 bit

It's your choice if you install Service Pack 1 or not beforehand, it's not necessary. But it does contain a multitude of other bug fixes and patches for Windows. I chose not to install SP1 on my machine, and have gone for the seperate patches instead, much like the one you're about to download.

[Dr Unne]

I had my router start forwarding all requests on port 135 to my computer so I could count them. Up to 40 now.

I'd install the SP1, it has lots of nice stuff in it. Installing all the tons of patches individually probably ends up taking much longer to do than installing them all at once in the SP, unless you've been keeping up with them. First priority is probably installing the patch to block this virus that's going around though. If it doesn't force you to install the SP, just install that patch, probably.

I didn't even know a 64-bit version of Windows existed in a form anyone was currently using.

[crono_logical]

Nah, I just found that SP1 really slowed my PC down too much and made it unstable, so got rid of it, and only installed the patches I know I'm vulnerable against and know of now

[Loony BoB]

Can somebody please let me know which of all these downloads is Service Pack 1? You guys could make it a lot more simple by just saying

<LI>Service Pack 1: LINK DIRECTLY TO FILE
<LI>Patch: LINK DIRECTLY TO FILE
Download these in that order, install and all your problems will be solved.

There are just so many files on those pages, and not one of them is going around saying "SERVICE PACK 1" anywhere. =/