AnimeSuki Forum (
-   Download Help (
-   -   Virus attack when BT- ing 'Natsuiro no Sunadokei OVA 2' (

SleeplessHeart 2004-08-10 11:06

Virus attack when BT- ing 'Natsuiro no Sunadokei OVA 2'
I would like to share my experience today.
For the past few days, I have a problem when bittorrenting to Static-Subs's "Natsuiro no Sunadokei OVA 2". Following some user suggestions, I was thinking that Static-subs may filter users with firewall, so as an experiment, I disabled my firewall when connecting to static-subs server. It was a bad mistake. Fortunately my anti-virus system worked and warned me that somebody is sending a file to my window's system directory.
"file C:\WINDOWS\system32\ftpupd.exe Win32/Korgo.V worm"

As no other programs was running at the background, I am curious how bittorrent could be hacked to add a file in windows system directory? I am using BitComet client.

anime_layer 2004-08-10 11:35

"W32.Korgo.V is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports between 256 and 8191."
BitTorrent is at no fault and wasn't hacked in any way. You should update your Windows and thus close a buffer overflow vunerability that has been known for a long time and has many virus spreading exploiting it.
You haven't been infected since you Firewall blocked the viruses' attempts. When you deactivated you firewall, the viruses could connect to the LSASS process and install themselves on your PC. This can be easily fixed by installing the corresponding patches:
(You could also update to the recently released SP2, if you have WinXP).

AnimeOni 2004-08-10 20:00

XP SP2 has not been released yet to the general public -- available to MSDN users first and corporate users. Just use windows update and install the "critical updates." The public release is sometime later this month.

anime_layer 2004-08-11 04:35

It doesn't really matter. What you can dowload right now from the Microsoft homepage is the offline installation package and it'll differ from the version you'll be able to download from windowsupdate in that it contains all files you could need while the windowsupdate version will only provide the very files you need.
Thus, if the 250MB are not a problem to you, you can install the SP2 just released. It doesn't differ from the version you'll get form windowsupdate.

All times are GMT -5. The time now is 11:23.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.