« Free video recorder on your screen
Change your Permalinks format »

Protect your computer from Worm!

Posted in How To, Security | By AhTim

If you're new here, you may want to subscribe to my RSS feed. Remember to Digg it or Stumble it, if you enjoyed this post! :)

Worm Attack!

Yesterday I was attacked badly by the worm! It was one of the worst experience to me, even though I’ve about 9 years experience to fight with it. I’m here to share with you this bad experience and hope you protect your computer from this dangerous worm!

It was happen on yesterday morning. When I entered to my server room, I saw few of my Windows 2000 servers pop up a message as below:

The services.exe has been terminated unexpectedly with status code 128. Your system will now shutdown within 60 seconds.

Then the time counter start to count down and it restart by itself. It was happen all of sudden without any symptoms at all except my users are not able to access those shared folders.

Zotob, The Worm

After do a google search, found that this might caused by a worm named W32.Zotob.E. This worm was first released on August 2005 and its now upgrade its capability on February 2007. According to Symantec, this worm exploits Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445 and opens back door. The symptoms that they describe are almost the same with my servers.

But a very weird thing is my servers are already updated with windows 2000 service pack 4 and most of the security patches including the security patch that mentioned above. Further more, my norton antivirus which had the latest definition also not able to detect any worm or virus.

How to Protect?

After struggling for few hours to fight with this worm, I’ve found a solution to overcome this worm. It is install your computer with Anti-spyware such as Spyware doctor. You can get it Free at or a free version of Ad-Aware (20.23MB) from Lavasoft which do not have real time protection. After install anti-spyware , do a full scan and remove those hidden spyware and it stop shutdown my servers. :)

The good news is this worm only attack windows 2000 at the moment. I am not sure when it will evolve itself to alive in windows XP or Vista. Please be prepare and protect your computer before it comes!

Popularity: 12% [?]

If you like this article, Please Share / Bookmark it! Thanks These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • bodytext
  • del.icio.us
  • Reddit
  • Technorati

Tags: , ,

4 Responses to “Protect your computer from Worm!”

  1. dicky Says:
    December 18th, 2007 at 4:39 pm

    AhTim, you are an IT engineer? I remember past few years got similar worm which keep prompting this message and restart my PC. This kind of worms can infect network PC too. Even my roomate’s PC also get infected! Luckily you solve it…..

  2. AhTim Says:
    December 18th, 2007 at 4:47 pm
    @dicky: Yes Im a IT guy. Suspect this is variation of the previous worm.
  3. Wing Loon Says:
    December 18th, 2007 at 8:25 pm

    Arovax Shield kind of good. It protects me from spyware, adware and malware.

    http://www.arovaxshield.com

  4. Warning: HP Sends Virus Infected USB Thumb Drive | Tech, How to, Software Reviews, Linux, Dog, Make Money Online with AhTim Says:
    April 8th, 2008 at 5:05 pm

    [...] myself have experienced the pain of worm attack few months ago. So, if you have ordered new Proliant server, please make sure your antivirus [...]

Leave a Reply