Doubleclick DDoS'd
Around 10:30 EDT Doubleclick, a provider of web advertisements, started experiencing a massive denial-of-service attack on their DNS servers. This has caused a peripheral slowdown of other sites that use the Doubleclick service to serve ads on their webpages. Read more at: http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html W32.Zindos.A Microsoft DoS The W32.Zindos.A worm which infects machines via the backdoor that Backdoor.Zincite.A opens (which is delivered by MyDoom.M) performs a DoS against the microsoft.com domain. Due to the buggy code, this will cause a machine to become slow and unresponsive due to repetitive infections of Zindos. For more information go to: http://securityresponse.symantec.com/avcenter/venc/data/w32.zindos.a.html FXMYDOOM Feedback A user wrote in stating that the FXMYDOOM program would not completely clean up a system from all the processes. He gave the following steps to ensure a clean system. 1. Reboot into safe mode with networking support and sign in. 2. Run FXMYDOOM, downloadable from Symantec. Go onto step 3 while step 2 runs. 3. Visit the ?Run? sections of both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER (full example path above) and delete any calls to: <Br> a. Javavm b. Services c. Tray (which will have a path to ********.exe listed in the data field) Norton?s tool usually didn?t catch the ?javavm? or ?tray? entries on PC?s I worked on, so be on the lookout for them. 4. Once step 2 has completed, manually verify javavm.exe and services.exe are no longer in %windir% 5. Reboot into normal mode, ideally, user should sign-in. In absence of user, sign in yourself. 6. Once boot completes and taskbar fully loads check ?processes? tab to make sure there aren?t any extra ?services?, ?javavm?, or ?********.exe? files running. Note it is normal to have one copy of ?services? running on a PC. One copy, good. Two copies, bad. 7. Re-run step 2. Have user contact you if it finds any instance of mydoom on the PC. --- John Bambenek, jbamb -at- pentex-net.com |
John 262 Posts ISC Handler Jul 28th 2004 |
Thread locked Subscribe |
Jul 28th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!