I am SICK of w32.spybot.worm

news · External Since: Dec 06, 2005 Posts: 6

Whoever wrote w32.spybot.worm NEEDS some time in jail.

I get the infection every 1-2 wks and then remove it. It then comes back.

This time it was comctsvc.exe - every time the filename is new.

How do I stop further files being installed?

Is a router the answer?

Meanwhile can the Federal Bureau Investigation PLEASE arrest some people who
wrote the spybot pgm?

Offbreed · External Since: Jan 15, 2006 Posts: 98

Virus Guy wrote:
> Above
> and beyond that, it's what your employees are doing that is screwing
> you.

Or his kids, especially if he does not have broadband in his home.

optikl · External Since: Dec 12, 2005 Posts: 39

news wrote:

>
> Meanwhile can the Federal Bureau Investigation PLEASE arrest some people who
> wrote the spybot pgm?
>
>

Where do you suggest they start looking?

Boss Hog · External Since: Dec 26, 2005 Posts: 3

In article <jINrf.14768$iz3.1560@text.news.blueyonder.co.uk>,
sales DeleteThis @logicians.com says...

[...]

> How do I stop further files being installed?

Use a decent AV utility?

> Is a router the answer?

No.

news · External Since: Dec 06, 2005 Posts: 6

"Boss Hog" <boss.hog.news.DeleteThis@invalid.googlemail.com> wrote in message
news:MPG.1e19dc28aef7c32b9898f4@news.individual.net...
> In article <jINrf.14768$iz3.1560@text.news.blueyonder.co.uk>,
> sales.DeleteThis@logicians.com says...
>
> [...]
>
> > How do I stop further files being installed?
>
> Use a decent AV utility?

Well I have NORTON which helps a lot. But I am really sick of this. I have a
lot of work in running my company, and I dont need pesky virus attacks. The
police need to start working.

>
> > Is a router the answer?
>
> No.

Rick · External Since: Dec 26, 2005 Posts: 15

"news" <sales.DeleteThis@logicians.com> wrote in
news:jINrf.14768$iz3.1560@text.news.blueyonder.co.uk:
>
> Whoever wrote w32.spybot.worm NEEDS some time in jail.

Perhaps, but the odds are in their favor that nothing will be done.

> I get the infection every 1-2 wks and then remove it. It then comes
> back.

[snip]

> How do I stop further files being installed?
>
> Is a router the answer?

30 seconds to do a search with Google for W32.Spybot.Worm came up with the
following info from Symantec:

-------------------------------------
W32.Spybot.Worm is a detection for a family of worms that spreads using
the Kazaa file-sharing network and mIRC. This worm can also spread to
computers that are compromised by common back door Trojan horses and on
network shares protected by weak passwords.

Newer variants may also spread by exploiting the following
vulnerabilities:

* The DCOM RPC Vulnerability (described in Microsoft Security Bulletin
MS03-026) using TCP port 135.
* The Microsoft Windows Local Security Authority Service Remote Buffer
Overflow (described in Microsoft Security Bulletin MS04-011).
* The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000
audit (described in Microsoft Security Bulletin MS02-061) using UDP port
1434.
* The WebDav Vulnerability (described in Microsoft Security Bulletin
MS03-007) using TCP port 80.
* The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft
Security Bulletin MS01-059).
* The Workstation Service Buffer Overrun Vulnerability (described in
Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users
are protected against this vulnerability if the patch in Microsoft Security
Bulletin MS03-043 has been applied. Windows 2000 users must apply the patch
in Microsoft Security Bulletin MS03-049.
* The Microsoft Windows SSL Library Denial of Service Vulnerability
(described in Microsoft Security Bulletin MS04-011).
* The VERITAS Backup Exec Agent Browser Remote Buffer Overflow
Vulnerability (as described here).
* The Microsoft Windows Plug and Play Buffer Overflow Vulnerability
(described in Microsoft Security Bulletin MS05-039).

-------------------------------------

I would suggest you install a firewall (or at the very least a router),
make sure your systems are all up to date with security related patches,
uninstall Kazaa and stop using mIRC. If that doesn't take care of the
problem, then I suggest you get someone who knows what they are doing to
come in and help you secure your network. You obviously don't know how to
do so. That's not meant as an insult, just an observation.

> Meanwhile can the Federal Bureau Investigation PLEASE arrest some
> people who wrote the spybot pgm?

Which wouldn't resolve your problem at all. In most cases, arresting the
original author(s) doesn't help much once the exploit code is out on the
net and making the rounds. There are usually plenty of others who then take
it and spread it further.

--
Rick Simon rsimon.DeleteThis@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Offbreed · External Since: Jan 15, 2006 Posts: 98

news wrote:

> I am not a "moron" I expect cops to arrest criminals. I dont carry a gun,
> cops do that for me.
> We have prisons for virus writers - they need to start using them.

You need to consider exactly how much snooping the cops would have to do
in order to find the people responsible.

It would be sort of like letting the cops' boss keep your extra money so
it won't get stolen. The cops' boss in most cities is the Mayor.

Secure your property properly. No amount of legal action can make up for
the damage a criminal can do.

Why am I not surprised you threw in that comment about guns? Cops are
not everywhere. They cannot be. Some things you have to take care of
yourself.

Virus Guy · External Since: Aug 05, 2005 Posts: 407

news wrote:

> > > I get the infection every 1-2 wks and then remove it. It
> > > then comes back.
> >
> > That's what you get for running Windows XP. If you're not
> > running with a NAT router, then you're a moron.
>
> I am not a "moron" I expect cops to arrest criminals.

What cave have you been living in the past few years?

You, and your fellow UK citizens (like those in USA) have the
manufactured expectation to be protected against terror. Everything
else is secondary.

Viruses do not cause terror.

Until the battle, no, the war against terror is over, you'll have to
deal with viruses yourself.

Now do your part and keep a close watch on your fellow citizens and
report all suspicious behavior to the authorities.

news · External Since: Dec 06, 2005 Posts: 6

"optikl" <optik-mechanik DeleteThis @invalid.net> wrote in message
news:A8qdnXQ1f6BThi3enZ2dnUVZ_sCdnZ2d@comcast.com...
> news wrote:
>
> >
> > Meanwhile can the Federal Bureau Investigation PLEASE arrest some people
who
> > wrote the spybot pgm?
> >
> >
>
> Where do you suggest they start looking?

In their files.

>

kurt wismer · External Since: Jul 04, 2003 Posts: 1496

news wrote:
> "optikl" <optik-mechanik RemoveThis @invalid.net> wrote in message
>>news wrote:
>>
>>>Meanwhile can the Federal Bureau Investigation PLEASE arrest some people
>>> who
>>>wrote the spybot pgm?
>>
>>Where do you suggest they start looking?
>
> In their files.

wah wah wah... they need to *do* something... wah wah wah...

i think you'll find that in order for them to have anything in their
files they need to already know who the virus writers are - they
don't... there's no magic oracle that one can ask "who wrote this virus?"...

if you had a concrete suggestion to help them track the people down
instead of a whining plea maybe then it could be passed on to the
authorities...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

38Special

I take it that you are in the UK?

I'm not surprised you keep getting re-infected with using Norton.

I'm in the UK and I never get hit. Ditch the Norton, download AVG7 free and then use a good firewall ... XP's own is fairly good when set right.

When you install AVG 7 run a scan and let it deal with whatever it finds but with care. Also run Ad-Aware and Trogan Hunter and you should be okay. But please ditch the Norton, it's a resource hog and not 100% at finding things. Uninstall Norton because you can't use 2 AV programs without conflict.

Hope this helps.

btw, the laws are in place to deal with these sort of things but you don't read ComputerActive magazine which is available online and from newsagents and worldwide ... the mag carries more PC info than any other.

38Special

ZEUS_GB · Joined: Jan 14, 2003 Posts: 5061 Location: UK

Best thing to do is get rid of norton because it's an inferior product!

If you don't want to pay for your anti-virus software then get Avast or AVG. Get a decent firewall installed such as Sysgate, Kerio or Zone Alarm. This worm infects you via a Windows security issue so download and install all the latest Windows updates.

38Special

Zeus GB,

You're right about Norton ... the last decent version was Norton AV 2002, which I bought way back in 2001 and had no problems with but now, I would never recommend it to anyone, except my very worst enemy! Laughing

I personally would ditch the Norton and go for one of the Free AV's and use a hardware router/firewall.

Where in the UK are you? PM me if you would like to say.

machindra_56 · Joined: Nov 20, 2007 Posts: 1

giv solution....