Hey, My proxy-firewall had been dying last week, well, I had a look at my swithces, well, I saw it goes crazy, full of broadcasts and well, Finally I found MR. NACHI worm in one laptop and soon I could see a lot of PCs are affected by this NASTY.. Well, you can clean it easily, but tell me, is there anything I could do not to affect PCs again... Please comment..
Manu
Full Version: Nasty Nachi..!
Hi there ...
hxxp://vil.nai.com/vil/content/v_100559.htm
maybe u try to create a "dumy" exe file so that the worm thinks that this pc is already infected
C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE
So long
hxxp://vil.nai.com/vil/content/v_100559.htm
maybe u try to create a "dumy" exe file so that the worm thinks that this pc is already infected
C:\WINNT\SYSTEM32\WINS\DLLHOST.EXE
So long
Guys,
I had come to know that it is a version of BLASTER or WELCHIA.. What ever, My network was affected badly, most ppl were simply using the PC to browse and not aware of Firewall or even antivirus.. Anyway, I cleaned almost every PCs, but still the threat remains.. I had read about it from various AV WEBsites, but still I wish to hear you ppl comments..
Manu
I had come to know that it is a version of BLASTER or WELCHIA.. What ever, My network was affected badly, most ppl were simply using the PC to browse and not aware of Firewall or even antivirus.. Anyway, I cleaned almost every PCs, but still the threat remains.. I had read about it from various AV WEBsites, but still I wish to hear you ppl comments..
Manu
damn nice interesting link i was infected aswell mate
W32Nachi....majority of versions should be detectable by scnanning for port 707 on network segments, with the infected machines showing response.
You can use NMAP, or???. I use www.foundstone.com >> Resources>>Free Tools>>Scanning Tools>>Scanline 1.01
At C:\ promt type something like:
sl -ht 707 192.168.0.0-254
This will sweep the subnet you define (192.168.0.x) for systems with response from 707.
Make sure all systems are patched up with MS03-026 First!!! Otherwise, you'll just get infected again.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp
To innoculate, if you have no AntiVirus, use McAfee's free STINGER tool. Download it to the infected machine once you have it patched up.
http://vil.nai.com/vil/stinger/
This will identify, patch, then innoculate your systems.
-Hardcore
You can use NMAP, or???. I use www.foundstone.com >> Resources>>Free Tools>>Scanning Tools>>Scanline 1.01
At C:\ promt type something like:
sl -ht 707 192.168.0.0-254
This will sweep the subnet you define (192.168.0.x) for systems with response from 707.
Make sure all systems are patched up with MS03-026 First!!! Otherwise, you'll just get infected again.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp
To innoculate, if you have no AntiVirus, use McAfee's free STINGER tool. Download it to the infected machine once you have it patched up.
http://vil.nai.com/vil/stinger/
This will identify, patch, then innoculate your systems.
-Hardcore
thanks m8 for this info... gladly i was not infected... but does anyone know something about the new nachi.b variant??
regards Mike
regards Mike
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
