is there a patch 4 Nachi.B worm

Discussion in 'NOD32 version 2 Forum' started by visitor, Feb 17, 2004.

Thread Status:
Not open for further replies.
  1. visitor

    visitor Guest

    today the good trusted NOD alerted me more than 5x2=10 times (twice for each alert)
    that Nachi.B worm is present in two places ( I clicked delete). see the last part of my virus log

    I was surfing wilders forums when the last red alert occur. Please is there a patch to stop this nasty intruder
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Are you using a Firewall, such as ZoneAlarm? Is Windows uo-to-date? Are you sharing your main "C" drive?

    Cheers :D
     
  4. visitor

    visitor Guest

    @subratam
    NOD32 got rid of the worm, I am not looking 4 a removal tool
    I'm looking 4 something to stop it and 4 good.Thanks

    @Blackspear
    We have just got(1 week ago) a replacement for our CPU(P4 /2.53MHz /768Mb RAM) with CPU(P4HT /2.6MHz /1024Mb RAM) and came fully equipped with all patches and extra goodies and no extra coast, good news. The bad news this Nachi.B thing what can I do to stop it.
    is a home use PC so, C: is not shared
    sorry to say I don't like firewalls.Thanks
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Unfortunately you will need to get over not liking a firewall, a firewall is absolutely essential these days, some worms continually reinfect straight off the internet if you don't have a firewall.

    I have used the FREE for personal use Zonealarm www.zonelabs.com for over 10 years now, it is a very simple program to use and also very effective.

    I would also check that Windows is actually up-to-date, there have been several critical updates released in the last week or so; while on the internet, go to tools\windows update, when asked click on the "Green" scan for updates button. Make sure you install any “Critical Updates and Service Packs” that are available.

    When the above is done (including the firewall), then run a "clean" scan with Nod.

    You should also have Spyware Blaster, Spyware Guard and Spybot Search and Destroy installed and up-to-date, all available from this website.

    Cheers :D
     
  6. visitor

    visitor Guest

    @Blackspear
    Is the XP built-in fire wall enough. still don't like firewalls

    Have them all up to date and have more
    Thanks
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    No the XP built in firewall is not enough and if NAchi got onto your system then you are NOT uptyo date with the security patches from M$

    If the correct updates had been applied, then the rpc hole is plugged and it won't infect you

    go to windows update and download and install all critical updates and service packs

    then get a firewall
     
  8. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Its not enough

    and umm... there are many things in this world you dun like but its good for u...
    just visit here once
    http://www.dummies.com/WileyCDA/DummiesArticle/id-1983.html

    go for a firewall mate... it will keep u safer
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I don't recommend us the XP Firewall, it is not visual, with ZoneAlarm you can see exactly what is going on...

    And as I said before, you MUST have your windows fully up-to-date...

    Cheers :D
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    1. There are some MS patches for the vulnerabilities, as one can note in this Symantec write up. But reportedly, the DCOM patch doesn't always seem to take. (I have applied the patch but some utilities still say the vulnerability is still present. So go figure.) http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html

    2. I'd like the people who say that XP's ICF is not enough to protect against this internet borne worm (which utilizes open ports to exploit vulnerabilities in running services) to please explain why they say that and support their contention?

    For example, mere ICF was and is sufficient to protect even an unpatched PC against msblaster. Is there something qualitatively different about this Nachi which renders a NAT router or ICF insufficent to block the worm?

    While people may have their preferences and beliefs, if ICF is indeed sufficent to protect someone in a specific instance that should be acknowledged. Telling someone otherwise is disinformation. (Regardless of how much better you think it is to use another software firewall like ZA, Sygate, Outpost, et. al.) It is undeniable (at least in my view) that having someone run even the lowly ICF on a direct internet connection is far better than having him/her run no firewall at all.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The main reason I prefer ZA is it is VISUAL, you can see what is going on, with the XP firewall this is not the case. The other reason is that under testing by www.grc.com it has/had always been on top, whereas XP's firewall initially failed some tests.

    Cheers :D
     
  12. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    There are far more severe tests of Firewalls nowadays than the GRC page,although if the tests on that site are passed you are probably pretty safe!(try wall breaker!) have a look here:-
    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/index.html
     
  13. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK

    The reason I say that the XP ICF is not sufficient in this case, is That if he has been infected with the worm , he could well have been infected by others with similar characteristics, or his AV not cleaned it as has been known

    The XP ICF only works inbound and not outbound, so any worms on the computer can still send their requests for updates and as a request out has been made an inbound will be accepted by ICF and allowed, therefore continuing the infection
     
  14. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    While I agree with the others that you really should get a firewall, the second best thing is probably a NAT router. This alone will get you through the GRC test and is the next best thing to running naked.

    A NAT router will not, however, protect you from things you inadvertently let in yourself. Only a firewall can do this.
     
Thread Status:
Not open for further replies.