Doubleclick DDoS'd, W32.Zindos.A Microsoft DoS, FXMYDOOM Feedback
Doubleclick DDoS'd
Around 10:30 EDT Doubleclick, a provider of web advertisements, started experiencing a massive denial-of-service attack on their DNS servers. This has caused a peripheral slowdown of other sites that use the Doubleclick service to serve ads on their webpages. Read more at:
http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html
W32.Zindos.A Microsoft DoS
The W32.Zindos.A worm which infects machines via the backdoor that Backdoor.Zincite.A opens (which is delivered by MyDoom.M) performs a DoS against the microsoft.com domain. Due to the buggy code, this will cause a machine to become slow and unresponsive due to repetitive infections of Zindos. For more information go to: http://securityresponse.symantec.com/avcenter/venc/data/w32.zindos.a.html
FXMYDOOM Feedback
A user wrote in stating that the FXMYDOOM program would not completely clean up a system from all the processes. He gave the following steps to ensure a clean system.
1. Reboot into safe mode with networking support and sign in.
2. Run FXMYDOOM, downloadable from Symantec. Go onto step 3 while step 2 runs.
3. Visit the ?Run? sections of both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER (full example path above) and delete any calls to:
<Br>
a. Javavm
b. Services
c. Tray (which will have a path to ********.exe listed in the data field)
Norton?s tool usually didn?t catch the ?javavm? or ?tray? entries on PC?s I worked on, so be on the lookout for them.
4. Once step 2 has completed, manually verify javavm.exe and services.exe are no longer in %windir%
5. Reboot into normal mode, ideally, user should sign-in. In absence of user, sign in yourself.
6. Once boot completes and taskbar fully loads check ?processes? tab to make sure there aren?t any extra ?services?, ?javavm?, or ?********.exe? files running. Note it is normal to have one copy of ?services? running on a PC. One copy, good. Two copies, bad.
7. Re-run step 2. Have user contact you if it finds any instance of mydoom on the PC.
---
John Bambenek, jbamb -at- pentex-net.com
Around 10:30 EDT Doubleclick, a provider of web advertisements, started experiencing a massive denial-of-service attack on their DNS servers. This has caused a peripheral slowdown of other sites that use the Doubleclick service to serve ads on their webpages. Read more at:
http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html
W32.Zindos.A Microsoft DoS
The W32.Zindos.A worm which infects machines via the backdoor that Backdoor.Zincite.A opens (which is delivered by MyDoom.M) performs a DoS against the microsoft.com domain. Due to the buggy code, this will cause a machine to become slow and unresponsive due to repetitive infections of Zindos. For more information go to: http://securityresponse.symantec.com/avcenter/venc/data/w32.zindos.a.html
FXMYDOOM Feedback
A user wrote in stating that the FXMYDOOM program would not completely clean up a system from all the processes. He gave the following steps to ensure a clean system.
1. Reboot into safe mode with networking support and sign in.
2. Run FXMYDOOM, downloadable from Symantec. Go onto step 3 while step 2 runs.
3. Visit the ?Run? sections of both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER (full example path above) and delete any calls to:
<Br>
a. Javavm
b. Services
c. Tray (which will have a path to ********.exe listed in the data field)
Norton?s tool usually didn?t catch the ?javavm? or ?tray? entries on PC?s I worked on, so be on the lookout for them.
4. Once step 2 has completed, manually verify javavm.exe and services.exe are no longer in %windir%
5. Reboot into normal mode, ideally, user should sign-in. In absence of user, sign in yourself.
6. Once boot completes and taskbar fully loads check ?processes? tab to make sure there aren?t any extra ?services?, ?javavm?, or ?********.exe? files running. Note it is normal to have one copy of ?services? running on a PC. One copy, good. Two copies, bad.
7. Re-run step 2. Have user contact you if it finds any instance of mydoom on the PC.
---
John Bambenek, jbamb -at- pentex-net.com
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments