General discussion

Locked

Windows xp frozens

By eduardo (PT) ·
My problem is as follows:
The operative system that I use, is windows xp pro. As you probably know, this operative system has been victim of several attacks from many worms that are spread over the internet.

My problem is that my computer is constantly attacked by a worm called 'The Thing'. This worm, attacks on local TCP port 6400, and makes windows almost impossible to control by the user(not even Ctrl-Alt-Del works :S ).

I?m tired of this, and I would like to know, which Microsoft article talks about this issue, and also which is the patch that we have to install, to take care of this problem.
I have used a firewall for a few times, has a way to "survive" to that threat while internet connected, however, firewalls seem to give me traffic problems with my filesharing programs, even after correctly configured.
I have searched microsoft site for the resolution for this problem a couple of times, but i wasn?t sucessfull
Can someone help me, by telling me which is the patch to apply?
Also if someone knows a way to tweak windows register, so that port 6400 becomes blocked, that would also be a possible solution.
Thanks.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by eduardo (PT) In reply to Windows xp frozens

I forgot to say, that I already thought about installing Service Pack 2 as a solution. However this service pack gives some program compability issues due to the many changes that it does to the operative system, which is something that I would like to avoid.

Collapse -

by mdh22 In reply to Windows xp frozens

ok about the patch i would contact microsoft because there are thousands of patches and there is more than one that will work and you want the best one then u could ask the about a to block that port

Collapse -

by eduardo (PT) In reply to

How can I contact microsoft? Through e-mail? Will they answer?

Collapse -

by Blackcurrant In reply to Windows xp frozens

Hi

If you go to Windows Update (available from the Start menu), and update your machine you will have all the available patches added to your OS. Having an updated OS closes known security holes that malicious code tries to exploit.

When you talk about file-sharing programs which one(s) are you using? Two of my friends use these and they are constantly having problems because the file-sharing programs they use are quite literally infested with spyware.

Also, firewalls are configurable. You can specify which ports to block and open. And, if your firewall is up to date, it should automatically block 99.9% of malicious attacks.

Good luck

Collapse -

by eduardo (PT) In reply to

1) It would be a good idea to use windows update to solve the problem, indeed. But, unfortunatly I have removed the automatic updates service, from the system, for tweaking purposes. Automatic updates service, is needed to use windows update.

2) I?m talking about filesharing programs like edonkey. edonkey seems to have problems with firewalls, because the program gives me the 'Unreachabale' status, when i try to connect to the internet using a firewall, even after i correctly configure both the firewall and the program to use the correct ports.
I even thought that the program was badly installed, and i did uninstalled it, and then, reinstalled it. However it kept giving me the same problem, which makes me conclude that, it is indeed a bug. Or a couple of bugs... :)

Collapse -

by eduardo (PT) In reply to Windows xp frozens

Point value changed by question poster.
It seems that this question is harder then I thought.

Collapse -

by Blackcurrant In reply to Windows xp frozens

Hi

I would restore your computer's ability to connect to WindowsUpdate ASAP.

With regards to your program edonkey, a search from Google with edonkey +spyware confirms it does indeed contain spyware. It is your choice how you run it.

With regard to internet access, look at your firewall log and see which connections are being blocked. You can then configure your firewall to allow connections from that program on a particular port and also configure the content which you want to allow.

Get your system updated, you don't need to keep the service active all the time. Just enable when you want to update (as regularly as you can manage).

Collapse -

by eduardo (PT) In reply to

Hello.
In this last few days, i have formatted my hard drive, and reinstalled windows xp, so I could have my automatic updates service back, and so I could go to the windows update site.
So I installed all the needed software (such has anti-virus and ad-aware removers, well the usual things)and I went to the windows update site, and made the updates, and left the computer internet connected so I could see the results.
But unfortunatly, the computer is having the same problem again

Really, nobody knows how to tweak the windows register, so I can block the damning port?

About the edonkey program. Can you show me one site that says this program has spyware?
Thank you.

Collapse -

by Blackcurrant In reply to Windows xp frozens

Hi again

This is very strange. You say you have formatted your hard drive, which should remove all data from it. Therefore, 2 questions:

1. Are you running WindowsUpdate immediately before installing other programs?

2. Is this the only partition on your drive, or the only drive in your computer?

If you have other partitions/drives containing software then make sure that none of them (programs) are running when you start up.

If I was in your position and had taken the step to reformat and reinstall, I would apply the same decision to all of my partitions/drives. It may be one of these that contains the (presumably) rogue program.

As for edonkey and spyware, see the following for user and professional reviews:

1:
http://www.download.com/eDonkey/3000-2196_4-10311701.html?tag=pop.feed&tag=feed&part=cnet

2:
http://www.download.com/3302-2196_4-10311701.html

3:
http://www.spyware-adware.net/Edonkey-Spyware.html

4:
http://club.cdfreaks.com/showthread.php?t=79092

5:
http://www.mrfreefree.com/free/spyware/4/

If you are still having problems can you explain exactly how your computer is setup and its specifications. Is it on a network? If so, have you considered that another computer may be the culprit?

Good luck

Collapse -

by eduardo (PT) In reply to

1) I ran Liveupdate after I install the anti-virus, the ad-aware remover software, the msn messenger 6.2 and microsoft office.

2) No, it is not. I use a primary and a slave(virtually c: and d:), but both were formatted, so I guess there is no possibility for any source of problems to remain there.

My computer is a single computer(so there is no home network or something like that) that is directly connected to the internet, through an ADSL connection, and my ISP uses the PPPoE.

In this last few days I?ve thought about the windows update site, and I noticed that I?ve only ran the "fast install(recommended)" option, while there is the "personalised install".
The "fast install" consists only on the critical windows updates, and the "personalised install", consists on all updates.
When I tried the "fast install", the worm attacked my computer anyway, so the problem remained.
Two days ago, I?ve tried the "personalised install", and so far the worm hasn?t attacked my computer, so it?s running smoothly.

The weird in all this, are 2 things:
1?) This is a windows vulnerability caused by a worm, but only the personalised install worked, which means microsoft doesn?t classifies it as a high threat. This is very wrong.

2?) I only know about 2 people who complaint about this. Me and a friend of mine. The software that we use, is so different that I dare to say that only the operative system and Msn messenger are the same.
So what?s wrong here? People don?t complaint about their problems with their operative systems, or am I configuring something wrong? I don?t think so, but who knows...

Well, the important thing is that the problem is solved, and I?m giving you all the points, because I think you deserve them, for the help you gave me.
Anyway, I still find this problem very weird.
By the way, thanks for the info about eDonkey spyware. I have decided that i?m going to return to the Overnet program which is spyware-free and it only has advertisement.

Thanks again.

PS-anyway i?m going to check which one of the KB revisions solves this vulnerability.

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums