Please do the following in sequence:
- Add yourself e.g ( macgregnt1\
- Delete ( macgregnt1\dev) from the local administrators group
The patch needs to be installed on every PC running SQL Server
The 1st hole is one of the vulnerabilities covered by cumulative security patch for MS SQL Server (MS KB article #815495).
If you run SQL Server on your machine you need to the install this patch. Please note that one of the pre-requisites for this patch is SP3 for SQL. If the patch installer complains about not finding a suitable SQL instance or SP level you need to install Service Pack 3 first.
The 2nd hole that is being used by the virus is a blank SA password. If your system uses blank SA password please change it ASAP. If you’re aware of any other machines running with blank passwords (i.e. build machines, secondary machines, VPN desktops, etc.) please change them as well.
for more information on this Trojan, go to:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127131
Rootkit discovery
Even if you all have installed the (older) patches mentioned recently, please note the following.
If you are noticing that certain system applications, like Registry Editor and Task Manager, are not launching or seem to be starting and then stopping quickly, please check your machine for the following files:
[System32]\msdirectx.sys
[System32]\msxdl.exe
Note that for some reason, OfficeScan did NOT detect this item the first time it tried to install itself (it did successfully on my machine), but subsequent attempts were caught.
This Trojan will also interfere with the operation of certain Anti-Spyware applications, like Ad-Aware.
It might be a good idea to also execute "NETSTAT -B" to look for strange (off-network) connections from/to unknown applications.
Disable the rights and security permissions for the file sdkimprovment2.exe in System32 directory
Also look fo sdktoolkitimprovement.exe under system32
Posts
2 comments:
original solution: Possible Worm getting around - SCardClnt.exe
please help me out here i had the ScardClnt.exe thing, I think i fixed that I am not sure at all, but now i've had some red virus attacks ( named : MS04-011_LSASS_EXPLOIT), that my antivirus (trend micro) ''blocks'', but shuts down internet. And now my antivirus isn't operational, it is shut down completely, and when i open it, it doesn't do antything! Also I cant open the task manager nor execute netstat -b, it opens and it closes at the moment. my computer is incredibly slow, i cant open anything, it takes like 5 minutes to open a folder. Do you know what's happening? I post it here because it has something to do with that. Thanks, if you can help me write to happyzaza@hotmail.com . because I don't think this will let me visit this again.
Post a Comment