Estob Worm- Computer Reboots

[openeratech]

Hi,

I have got some PC's on my network which has got public ip addresses and are running Windows 2000 Professional SP3 and some machines on NATted IP address.

Since yesterday with the evolution of Estob Worm, those PC's are rebooting continiously. I am running NAV corporate with the latest definition and even scanned all the systems with the tool which symantec has given. I dont have any PC's which Service Pack 4, so i didnt applied MS patch.

Is there any way to prevent from these sytems from restarting. I dont have a firewall. All traffic passes via Cisco 2600 router.

Please help.
Yunus

 

[htmlman]

If you ran the tool and it did not find or fixed the worm then there may have been other things dropped on the systems.
Do you have other ad ware software installed and updated? I would run a scan with that software to see if any other problems are found. As to why you have not installed all the patches is beyond me. The service packs are suppose to patch other exploits that have been reported.
Unhook each machine from the network when preforming the scans. So if there are other machines that have the ad ware will not try to infect the machine that is being scanned. I use Sygate fire wall on my systems. Because if something is trying to get out to the network or if something has changed a program that has permission to use the network Sygate fire wall will ask and log the event. That way it lets me know what has changed with or without my permission.

 

[openeratech]

I have MS AntiSpyware in place and updated, Even that didnt found anything.

Is sygate a freeware or commercial software. My company is very reluctant in investing in IT.

The only way in am looking is somehow i should be able to stop the hacker from executing the shell remotely. Is there anything which i can configure to prevent this?

-Yunus

 

[htmlman]

Sygate is free for home users, for companies it has a trial version. AdAware SE, would be my first choice. Some time it is wise to use more than one software tool to find and remove problems. The time spent working on computers and down time would be off set by an investment in a fire wall, or other software tool to keep out unwanted things.
You might look at this article on Microsoft's knowledge base.

http://support.microsoft.com/default.aspx?scid=kb;en-us;313082

 

[pinkpanther56]

If you still suspect spyware then try trend housecall its free and performes an online scan, this may pick something up if your SAV is damaged.

http://housecall.trendmicro.com/

 

[openeratech]

No spywares found. Actually if you are using SP4 then you can apply the patch given by Microsoft and can hopefully prevent your machine from booting.

But case like me who is using SP3 has no solution but to put some firewall kind of application.

I have put a free firewall called Tiny FW and thus prevented my machines from booting.

Don't tell Microsoft

Cheers
-Yunus

 

[Grenage]

Good to hear that it's working now. I would however seriously urge you to get a hardware firewall (if only a cheap, £30 Netgear router) to protect the network. You really can't afford to be without one these days.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.