|
Written by Josh Lyon
|
|
Wednesday, 24 January 2007 12:27 |
|
So I'm working in Microsoft Excel today and I get this great error message. It's about as unspecific a warning as you can get. I've been working with Microsoft products for quite a while, but this message has to be one of the best (REAL) messages I've ever personally seen. Here's the image: Catastrophic failure? Ever been in the middle of writing a long paper and had Microsoft Word crash on you before you could save your work? I always thought that was a catastrophic failure. As a side note - always remember to save your documents often! At least this time I was doing something that is out of the ordinary and is data intensive. For anyone who is technically inclined, I was querying a local database and converting that data to a local data cube for analysis with ProClarity. Ignore this line - In acronym land that would be: using MSQE in Excel to hit an SQL db using ODBC to do some BI analysis on my EUs in EMA for FPD with my PC from TX in the USA.  Some of the tables have over 50,000 rows of data, but I've done the exact same query before. Oh well, I thought |
|
Written by Josh Lyon
|
|
Monday, 26 March 2007 12:07 |
|
I noticed that I was having a lot of failed redirects for flamingcube.com for this file. I decided to find the old archive and repost the information. For history's sake, here it his. These instructions are pretty long, so it might be worth printing them out.
Here's the Fix:
- start computer (safe mode is not necessary)
- make a double rum and coke
- drink very fast then make another
- ok now for the fun part
- click start then run then type cmd and click ok.
- type the following line verbatim
- taskkill /im wuaumqr.exe /f
- the system will tell you that the task at whatever pid that is was loaded has been terminated.
- type exit
- launch windows explorer
- goto c:\documents and setting\all users\startmenu\programs\startup
- remove dcom.exe
- get another rum and coke we are just getting started
- run regedit
- click on my computer
- press control f (for find)
- type winsock2
- erase any setting that points to wuaumqr.exe only erase files that point to "wuaumqr.exe all other files are ok
- go back to top, click on my computer and press control f
- type wuaumqr.exe
- delete anyfiles that point to this location
- go back to my computer and press control f
- delete any files that point to dcom.exe (if any)
- get rum and coke, smoke cigarette
- exit registry
- click start then run the type msconfig and press enter
- uncheck the box pointing to wuaumqr.exe
- click apply then exit msconfig (ok)
- rum and coke
- click start then run the type cmd and press enter
- type cd\windows\system32
- type attrib wuaumqr.exe -h
- type del wuaumqr.exe
- type cd\
- type dir download_me.exe /s
- if this file exist on your computer goto that directory and type line 37
- attrib *.* -h -a -r
- type del.
- type cd\
- get rum and coke
- type dir dcom.exe /s /a
- if this file exists goto that directory and repeat steps 37 - 39
- type exit
- reboot system
- when system boots a message will pop up telling you that you are using a utility check the box marked "don't show me this message again, reboot system and get one more rum and coke for the evening
|
|
Written by Josh Lyon
|
|
Monday, 26 March 2007 12:08 |
|
Download a Floppy Disk boot creator:
- Copy the i386 directory from your installation CD to the hard-drive of the computer you will be installing the Operating System on.
- Download and run a boot-disk creator from above. Make sure you have a clean floppy, it will be needed for this.
- Reboot the computer with the floppy in it.
- Run WINNT once you have accessed the i386 folder. (ie. navigate to C:\i386\ using the "CD" command then run WINNT)
- Follow the installation process.
- OR -
- Copy the i386 directory to your hard-drive or specify the shared network path as the sourcepath (with the [/s:sourcepath] trigger)
- Run the command line utility [command or CMD from the Run line]
- Navigate to the location of the i386 folder using the CD command (ie. "C:\> cd c:\i386")
- Run the command: WINNT32
- Follow the installation process
|
|
Written by Josh Lyon
|
|
Monday, 26 March 2007 12:15 |
|
Remove the Blaster Worm [MSBlast, Blaster, etc.] - Editing the RPC to allow you to connect to the internet
- Start > Run
- Type: "services.msc /s" in the open line and click OK
- On the right hand side find the Remote Procedure Call service [there is a Remote Procedure Call Locator service, do not confuse the two]
- Right-click the Remote Procedure Call (RPC) service, and then click Properties.
- Click the Recovery tab.
- Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
- Click Apply, and then click OK.
| Note: Make sure you change these back after removing the virus. |
- For Windows XP
- For Windows 2000 systems, where Internet Connection Firewall (ICF) is not available, the following steps will help block the affected ports so that the system can be patched. These steps are based on a modified excerpt from the article; HOW TO: Configure TCP/IP Filtering in Windows 2000. http://go.microsoft.com/?linkid=220775
- Configure TCP/IP security on Windows 2000:
- Select "Network and Dial-up Connections" in Control Panel.
- Right-click the interface you use to access the Internet, and then click "Properties".
- In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
- In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
- Click the "Options" tab.
- Click "TCP/IP filtering", and then click "Properties".
- Select the "Enable TCP/IP Filtering (All adapters)" check box.
- There are three columns with the following labels:
- TCP Ports
- UDP Ports
- IP Protocols
- In each column, you must select the "Permit Only" option.
- Click OK.
- Download the MS03-026 security patch for Windows 2000 from Microsoft and install it on your computer from: http://go.microsoft.com/?linkid=220776
- Install or update your antivirus signature software and scan your computer
- Then, download and run the worm removal tool from your antivirus vendor.
- Prevention:
- Turn on Internet Connection Firewall (Windows XP or Windows Server 2003) or use a third-party firewall to block TCP ports 135, 139, 445 and 593; UDP port 135, 137,138; also UDP 69 (TFTP)and TCP 4444 for remote command shell. To enable the Internet Connection Firewall in Windows: http://go.microsoft.com/?linkid=220782
- In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
- Right-click the connection on which you would like to enable ICF, and then click "Properties".
- On the Advanced tab, click the box to select the option to "Protect my computer or network".
| This worm utilizes a previously announced vulnerability as part of its infection method. Because of this, customers must ensure that their computers are patched for the vulnerability that is identified in Microsoft Security Bulletin MS03-026. http://go.microsoft.com/?linkid=220783. |
- Install the patch MS03-026 from the Microsoft Download Center:
Windows NT 4 Server & Workstation
http://go.microsoft.com/?linkid=220784
Windows NT 4 Terminal Server Edition
http://go.microsoft.com/?linkid=220785
Windows 2000
http://go.microsoft.com/?linkid=220786 Windows XP (32 bit)
http://go.microsoft.com/?linkid=220787 Windows XP (64 bit)
http://go.microsoft.com/?linkid=220788
Windows 2003 (32 bit)
http://go.microsoft.com/?linkid=220789
Windows 2003 (64 bit)
http://go.microsoft.com/?linkid=220790 -
As always, please make sure to use the latest antivirus detection from your antivirus vendor to detect new viruses and their variants. Related Knowledge Base Articles:
http://go.microsoft.com/?linkid=220791 Related Microsoft Security Bulletins:
http://go.microsoft.com/?linkid=220792
|
|
