Author Topic: Win32: RPCExploit (Trj) (Read 7629 times)

DBissett · « **on:** August 12, 2003, 07:53:47 PM »

I've run several cleaners and gotten rid of Blaster but this Trojan keeps coming back and I can't find anything about it on anyone's website. It also causes a system reset due to RPC termination. What's the fix for this? Is it also brand new???

Dave

Pavel Baudis · « **Reply #1 on:** August 12, 2003, 07:58:21 PM »

avast! detects the unpacked version of Win32:Blaster as Win32: RPCExploit [Trj] even with older updates. Some fool unpacked the original Blaster and executed it - and it spreads as much as its smaller brother.

You can't get rid of it without appplying the Microsoft patch (see Blaster description on our main page) - if you remove it, it will come back within several seconds

raman · « **Reply #2 on:** August 12, 2003, 08:07:58 PM »

Hi Pavel,

Are there so much unpatched Windows NTs? If it comes back within several seconds/min. on each IP-Adress, than there have to bethousands of infected PCs!? :?

Here some newscast report about this Malware.

Pavel Baudis · « **Reply #3 on:** August 12, 2003, 10:36:56 PM »

Hi Raman,

Quote

Are there so much unpatched Windows NTs? If it comes back within several seconds/min. on each IP-Adress, than there have to bethousands of infected PCs!? :?

I'm affraid that the number of unpatched Windows NT/2000/XP is pretty high

We have got reports of many infected PC users - most of them called us because of the forced reboot and many of them said that it took less than minute before the msblaster.exe appeared on their machine after Internet connection was established... It could definitely vary depending on the time (number of infected computers has probably culminated today) and network segment (as the worm prefferes the neighboroughing networks) but the infection was definitely fast and huge...

rmrg · « **Reply #4 on:** August 13, 2003, 04:52:44 AM »

Hi Pavel! I live in Brazil, I'm brazilian and I take the same virus: Win32: RPCexploit [Trj] . How I remove this virus?? There is a solution??

and this virus is dangerous or will not cause problem in my pc??

Please, answer me, I´m very affraid!! $:-\$

** I´m sorry for wrong words...I not speak english very well...

Rafaella

Pavel Baudis · « **Reply #5 on:** August 13, 2003, 07:53:28 AM »

Hi rmrg,

No, this Blaster virus (packed or unpacked) does not do any permanent harm... It just forces the computer to reboot on some systems (when RPC fails) and on 16th August and later floods one of the Microsoft servers with data (DDoS) - see the more detailed description on our pages.

To remove it, you can use our avast! cleaner (or just delete the msblast.exe file and the registry key) but as was said above - do not forget to apply the latest system patches!!!

addie · « **Reply #6 on:** August 13, 2003, 12:54:12 PM »

Hello there!
I have got this virus too and its so sucky. What avast! cleaner are you talking about? Can the normal free anti virus software avast offers work to clean off the virus? Cos up till this morning, it could not help me clear it. Please help! Thanx a lot.

whocares · « **Reply #7 on:** August 13, 2003, 01:42:27 PM »

Hi Addie,
please reread the above postings; everything is said there

the Cleaner is here:
http://www.avast.com/i_idt_171.html

but the Worm will come back again if you don't apply the necessay patches from www.windowsupdate.com

reading the other topics on lovsan/Blast migth help you, too

addie · « **Reply #8 on:** August 13, 2003, 03:12:40 PM »

Hey, i tried that cleaner thingy and it din work either!

Sigh. Oh well, i will try to get my fren to figure out a solution for me.

Author Topic: Win32: RPCExploit (Trj) (Read 7629 times)

DBissett

Win32: RPCExploit (Trj)

Pavel Baudis

Re:Win32: RPCExploit (Trj)

raman

Re:Win32: RPCExploit (Trj)

Pavel Baudis

Re:Win32: RPCExploit (Trj)

rmrg

Re:Win32: RPCExploit (Trj)

Pavel Baudis

Re:Win32: RPCExploit (Trj)

addie

Re:Win32: RPCExploit (Trj)

whocares

Re:Win32: RPCExploit (Trj)

addie

Re:Win32: RPCExploit (Trj)