[AccessD] martin's problem - SOLUTON

William Hindman wdhindman at bellsouth.net
Wed Aug 13 09:43:54 CDT 2003 

...you have to have admin rights to install ...I never give that to any
client unless they have a dba ...for those clients where I control the
network, I do configure them to dl the updates but not install ...way too
many "updates" have turned out to have serious problems so unless its a
serious security hole, I usually wait a bit until the dust has settled
before actually installing the updates ...I never automatically dl and
install anything ...lots of people do and as far as I'm concerned, they make
great guinea pigs :))))))

...no client where I control the network had any problem yesterday because
the security patches were already installed ...but one who was using another
network company called me when they couldn't get them to respond ...and
they've now switched to me at a stiff premium ...so I say (tongue in cheek)
god bless the hackers, they're great job security in these tight times :)

William Hindman
So, then, to every man his chance -- to every man, regardless of his birth,
his shining golden opportunity -- to every man his right to live, to work,
to be himself, to become whatever his manhood and his vision can combine to
make him -- this, seeker, is the promise of America.
-- Thomas Wolfe



----- Original Message ----- 
From: "John Colby" <jcolby at colbyconsulting.com>
To: "Access Developers discussion and problem solving"
<accessd at databaseadvisors.com>
Sent: Wednesday, August 13, 2003 8:51 AM
Subject: RE: [AccessD] martin's problem - SOLUTON


> Windows has a little client program that sits in the toolbar, loaded when
> windows loads.  It checks for updates automatically and offers a choice of
> "install automatically", "Ask before install", and "jump off a bridge".
It
> works very well.  I have all my systems set up to download and then ask
> before install.  Not sure why I do that as I always just install them
> anyway.
>
> At any rate, my computers are always up to date.
>
> John W. Colby
> www.colbyconsulting.com
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of William
> Hindman
> Sent: Wednesday, August 13, 2003 12:06 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] martin's problem - SOLUTON
>
>
> ...some follow-up comments ...the MS Win Update site was heavily loaded
all
> day long ...dls were much slower than normal at every client site ...and
as
> for what you were seeing, the worm exploits a buffer overrun to get into
> your system, then dls the msblast.exe from a dynamically changing list of
> IPs and ports ...so even if you wipe msblast, it just reloads the next
time
> you connect ...you have to have the ms patch installed to prevent it from
> using the buffer overrun to reload itself again and again ...then the
virus
> cleaning will work ...only positive was that it was an excellent client
> object lesson in keeping Win updates current ...safest thing is to dl them
> automatically every night and then apply selectively ...that way you at
> least have them dl'd before everyone starts hitting on the ms site ...I'm
> really pretty surprised that it worked as well as it did.
>
> William Hindman
> So, then, to every man his chance -- to every man, regardless of his
birth,
> his shining golden opportunity -- to every man his right to live, to work,
> to be himself, to become whatever his manhood and his vision can combine
to
> make him -- this, seeker, is the promise of America.
> -- Thomas Wolfe
>
>
>
> ----- Original Message -----
> From: "Steven W. Erbach" <serbach at new.rr.com>
> To: "Access Developers discussion and problem solving"
> <accessd at databaseadvisors.com>
> Sent: Tuesday, August 12, 2003 5:57 PM
> Subject: Re: [AccessD] martin's problem - SOLUTON
>
>
> > Dear Group,
> >
> > >> This link point's to Symnatec's fix for the worm. Look for "Removal
> using
> > the W32.Blaster.Worm Removal Tool" to locate the link to the fix file.
<<
> >
> > For what it's worth, I went to a client's site to eradicate the Blaster
> > Worm. SHEESH! It's a Win XP Home system that has not been updated to the
> > most recent Windows update since they bought it about two years ago. It
> has
> > Norton AntiVirus 2003 on it, but, of course, the last time they did a
> virus
> > update was last week. They have no firewall.
> >
> > I was able to download the Symantec "fix" while in normal Windows, but I
> had
> > to run the program in Safe Mode since the RPC error / Shutdown message
> > appeared every time I tried to run the fix. So far so good.
> >
> > I thought that I'd try to go to the Windows Update site. It showed that
> this
> > PC, of course, hadn't ever been updated, so there were 34 critical
updates
> > to make. Started the first one...RPC error / Shutdown.
> >
> > Okay, lets update Norton AntiVirus. Did that, but I still got the RPC
> error.
> > Shutdown.
> >
> > Started up in Safe Mode and ran a full Norton AV System Scan. 114,000
> files
> > later there were no viruses present.
> >
> > Restarted in normal Windows and went to the Windows Update site. Norton
> > displayed its W32.Blaster.Worm detection screen and said that it had
been
> > deleted...but a minute or two later the RPC error appeared again anyway
> and
> > I had to shut the system down and restart.
> >
> > I tried this Windows Update thingy a few more times. There were a couple
> of
> > times after the Norton AV message appeared indicating that, once again,
it
> > had deleted Blaster.Worm, a Windows message appeared indicating that the
> > Generic Host Process for Win32 Services had encountered a problem and
> needed
> > to close. Right after that the RPC / Shutdown error appeared. Restart.
> >
> > I finally got wise that Windows REALLY needed to have the MS KB823980
> patch
> > applied. I hadn't tried that right away because I thought that Windows
had
> > to be updated to the most recent level first. I tried to run the file
from
> > the Microsoft site rather than saving to disk and got both the Generic
> Host
> > Process error and the RPC error. Shutdown and restart.
> >
> > I got even MORE wise and restarted in Safe Mode With Network capability.
I
> > downloaded the patch all right...but instead of applying it I thought
I'd
> > try the Windows update again. RPC. Shutdown.
> >
> > Restarted in Safe Mode with Network. Started the patch. RPC / Shutdown.
> >
> > Restared in Safe Mode WITHOUT the network. Ran the patch. COMPLETED!
> >
> > Restarted in Safe Mode WITH Networking to try Windows Update again.
> Finally
> > the PC began downloading the huge number of pieces that it needed to
> upgrade
> > Win XP to the current revision. I left my client's office about 4 hours
> > after I'd arrived, giving them instructions to call when the downloads
> were
> > completed. I should be able to walk them through the Windows Update
> process
> > tonight.
> >
> > They have DSL but it was god-awful slow. 95 MB download estimated at
about
> > 200 minutes...more than 10 times slower than my cable service would
take.
> >
> > So, the upshot is, if the PC hasn't been updated to the most recent
> version
> > of XP lately (or at all) make sure that you download and run everything
in
> > Safe Mode...and make sure to run the MS patch in Safe Mode WITHOUT
> > networking. I must have seen that RPC shutdown thing two dozen times or
> > more, and the General Host Process error 8 or 9 times.
> >
> > It's now looking good, but we're not finished upgrading Windows XP yet.
> I'm
> > crossing my fingers that the guy on the other end of the phone is
somewhat
> > proficient. Crossing my fingers.
> >
> > Steve Erbach
> > Scientific Marketing
> > Neenah, WI
> >
> > "Eventually, socialists run out of other people's money."
> > -- Lady Margaret Thatcher
> >
> >
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
>
>
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
>
>
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

More information about the AccessD mailing list