Author: Omid David Tabibi
Date: 15:23:33 08/12/03
Go up one level in this thread
On August 12, 2003 at 10:24:32, Andrew Williams wrote: >On August 12, 2003 at 10:13:24, Omid David Tabibi wrote: > >>On August 11, 2003 at 21:07:58, C McClain Morris, Jr. wrote: >> >>>I was greeted by a remote procedure call failure while playing a Shredder 7.04 >>>comp on the playchess.com server today. I was using the Fritz 7 engine in a 3 >>>minute + 2 blitz game and upon the start of the game the Shredder 7.04 opponent >>>failed to make a move for the 2 minutes. All of a sudden I was greeted with a >>>"Remote Procedure Call has unexpectly shut down, Windows will shut down in 45 >>>seconds" and the countdown began. From that point on, each time connected to the >>>net, I would receive the same rpc message and windows shuts down and restarts >>>again. This was the first time I had experienced a DOS attack and I noticed that >>>I had an executable running the the name of msblast.exe. It was found in >>>c:\windows\system32. After deleting it, it continued to appear after the rpc >>>shutdowns. I would appreciate some feedback regarding the possiblity of running >>>code on a computer, while playing another comp on the playchess server. My >>>system was virus and trojan free before playing on the playchess server. Is it >>>possible to get code run on your computer if you are playing another engine on >>>playchess.com? Any expert feedback would be greatly appreciated. >> >>Exactly the same here. I even reinstalled the Windows OS, but as soon as I >>connect to the internet, that message appears together with countdown for shut >>down, so it seems that it is an ISP issue (also infected?!) > >DISCLAIMER: I'm clueless about Windows. You should take the following with a >pinch of salt. > > >My guess is that you're just getting infected before you can get download the >patch. A couple of things you can do: > >* Switch on your firewall if you have one (Windows XP has one). This exploit >isn't an email-based one, it's coming in through open ports. This should prevent >you being re-infected once you re-install. > >* In a command window you can do shutdown -a now, which will prevent windows >from shutting down (I think). This should give you time to download the patch >from Microsoft. > >I'm not enough of an expert in Windows to really help. I'd recommend taking a >look at these stories on Slashdot, where people are giving good advice, AFAICS: > >http://slashdot.org/article.pl?sid=03/08/12/1326237&mode=nested&tid=185&tid=190&tid=201 > >and an older story with more responses: > >http://developers.slashdot.org/article.pl?sid=03/08/11/2048249&mode=nested&tid=126&tid=172&tid=185&tid=190&tid=201 > I cleaned the virus as following: As soon as Windows starts press Ctrl+Alt+Del and end the process named 'msblast.exe'. Then find the file 'msblast.exe' and remove it. This should let you connect to the internet and download the security patch before being shut down. _However_, if as soon as you connect to the inetrnet you get bombarded with another denial of service attack (and get infected again with the virus), which was my case, I recommend downloading the Symantec msblast virus remover, and Windows Update from another machine, copy them to a diskette, and then run them on the infected computer (what I did). Good luck. P.S. If you can read this you are either able to connect to the internet, or are at another machine with internet connection, so no worries :) Yours truly had to drive all the way to the university (about 1 hour) to download the needed patches :( > >Andrew
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.