Worm-downad.ad

Similar Messages

• Downad.ad Worm

  Hi All I need some help to solve this problem. I have a G5 with Mac OS X Tiger server installed. I host my own mail and web server. I have about 6 other macs connected to the server. About 2 days ago an account came and connected her PC laptop via TCP/IP for internet access, this morning she called to say her computer was attacked by the downad.ad worm while is was connect on my network. She said, her tech person told her the worm came through port 445 because it is not secured and I have to close it to prevent further attacks. Is this true? and if so, how can I secure port 445? Thanks in advance.
  BTW, I have no complains about the 6 other macs on the network. please help.

  Port 445 is Samba, and just the sequence here and with what little information has been posted here implies the Microsoft Windows box had an open writeable share and that something somewhere may have pushed files onto that share. That's fairly typical of an open writeable share, and entirely unremarkable. (You just don't run open writeable shares; you need to control what's written.)
  Now there's also the question of how you're connected to the Internet and if the infestation occurred on your network or not. Your LAN is usually configured with a firewall at the edge (and I prefer to use a dedicated box and generally avoid using a host for this task), and it's very common to block almost everything in-bound at the firewall. I typically choose to avoid poking Samba and file services through the firewall inbound, and into the local network. I'll use a VPN for that. Now the other question is if there's something active on your LAN (if you do have a firewall block here) and if that found and attacked this Windows box. That's certainly an issue here due to the apparent open configuration of the Windows box here, but it's also a problem for you to have malware active on your LAN.
  It's also possible to pick this DOWNAD stuff other ways than just writeable shares, and whether the infestation happened at your site or via your defenses is certainly an open question.
  [Start reading about DOWNAD worm|http://blog.trendmicro.com/the-mess-that-is-worm_downad>.
  Personally, I'd keep some folks off my network entirely, particularly if they're running unsecured open shares on their clients. Just don't let any random folks onto your LAN. Whether that's access onto your LAN inbound via the firewall, or connected on your LAN or WiFi or otherwise. If you do expect to have the occasional "guests", give them a direct pipe out and don't let them onto your LAN; guest boxes are configured into the DMZ, or entirely outside your firewall. (And if they're outside the firewall with open shares, then they're going to get stuff written to their shares.) You don't need the hassles of supporting other folks, and you don't need the hassles of random malware on a local client attacking your own LAN services. You've just encountered some of the hassles. And you're also going to want to ensure your Mac OS X Samba shares aren't infested with DOWNAD here, too.

• My Mac Book Pro has slowed to less than a crawl (possibly from a worm or virus).  How do I make sure it's running at peak efficiency before I complain to comcast

  My Mac Book Pro has slowed to less than a crawl (possibly from a worm or virus).  How do I make sure it's running at peak efficiency before I complain to comcast

  Please answer as many of the following questions as you can. You may already have answered some of them; in that case, there's no need to repeat the answers.
  Restart the router and the broadband device, if they're separate. Any change?
  Run Software Update and install all available updates for OS X or the computer's firmware. Any change?
  If possible, connect to the router with an Ethernet cable and turn off Wi-Fi. Any difference?
  Are any other devices on the network, and if so, are they the same?
  If you can connect to more than one network, are they all the same?
  Are all network applications affected, or only some? If only some, which ones?
  Is networking always the same, or is the problem intermittent?
  Disconnect all other devices from the network. Any change?
  If you're running a MacBook with the lid closed, open the lid. Any difference?
  Start up in safe mode and test. Any difference?
  Start up in Recovery mode. From the OS X Utilities screen, select Get Help Online. A clean copy of Safari will launch. No plugins, such as Flash, will be available. Any difference?
  If possible, turn off Bluetooth and disconnect any USB 3 devices. Any difference?

• Yahoo Mail Worm/Virus?

  This morning my Yahoo mail account sent out a series of Spam emails to random people from my address list. No one was logged into the account at the time this happened. My wife and I routinely access the account from a PC running Norton 360 and from two different Macs. So we're fairly confident none of these computers are infected with anything. I called AT&T/Yahoo tech support, and they indicated that the account appears to have been hacked by some sort of bot... and they thought the issue may be with my iPhone and the fact that it has no antivirus protection.
  I took a look at the full headers of the Spam emails and was able to track the originating IP address to Sunnyvale, CA (Yahoo's headquarters). I then compared this with old emails sent from both my home PC and my iPhone. Only the iPhone generated emails went through the Sunnyvale IPs. The emails sent from all three computers on my home network originated from local IPs.
  So, bottom line... this leads me to believe that it was indeed my iPhone that somehow triggered the emails. I was driving at the time the emails were sent... so I know I didn't click anything, open any emails, or take any other actions that would have triggered the Spam.
  Any idea what's going on here? Should I be concerned that my iPhone has a worm or virus that is triggering these messages? I'm particularly trying to determine if this is just a worm or if an actual person has hacked my account. I changed the password... but that password was also used for some other accounts of mine too. My biggest concern at this point is the potential for identity theft.

  I called AT&T/Yahoo tech support, and they indicated that the account appears to have been hacked by some sort of bot... and they thought the issue may be with my iPhone and the fact that it has no antivirus protection.
  Sorry, but what a crock.
  I seriously doubt this is a worm or virus on your iPhone. If so, you will be the first.
  Nothing can be installed on an iPhone from a received email, from a website, or from a received MMS except for a photo, and I haven't read about any viruses or worms being included with a JPEG file. Unless your iPhone has been hacked/jailbroken and you have installed unofficial software on your iPhone from an unknown or untrusted source, it would be some trick for a virus or worm to be installed on your iPhone especially since there are no viruses that infect or affect OS X, and the iPhone runs an optimized version of OS X.
  Spammers spoof email addresses - using a random/valid email address to appear as the sending email address for the spam usually making use of valid email addresses gathered from their "known good" email address list which is rotated from what is a huge list. A significant portion of spam is generated from Windows computers that have been taken over remotely by spammers with email generated with a spoofed email address without the user's knowledge.
  I venture to say the emails were not generated from your iPhone. More than likely your email address has been spoofed by a spammer only - your email account has not been hacked but it can't hurt to change your account's password.

• My email has a worm attached to it and is sending fake emails

  Recently, my email account has been attacked with some kind of worm or something. Someone has got a hold of my contacts and is sending emails from my account with emails advertising crap like viagra and things like that. it is annoying.

  I found a solution to this problem. It didn't think it had a modem attached to it, but I was trying to connect via bluetooth to anything out there. The solution was to go into system prefs/network and make bluetooth inactive. This did not affect my mouse's connection, or connections to other bluetooth devices I have already set up.

• My laptop will no longer stay connected upstairs away from the modem..... what can i correct as it did proior to a worm issue

  I was reading email.... and got a worm... avg and malware got it... I called microsoft and they also finished cleaning up the mess from the worm... But now the laptop will not hold the internet signal for more than a minute or two before it disconnects and i have to restart it.....What can i do

  You clearly did not notice that you have joined a USER TO USER COMMUNITY FORUM
  This is NOT Apple ,Apple do not read nor do they  therefore respond
  So if you would like to wind your neck in ........................
  try a reset of iPhone and then a restore,best, as new and if it then functions correctly try restoring with your backup

• A friend wants to download his PC drive that got corrupted by a worm to my Mac and then reload it to his other machine (PC) to eliminate the Worm. Can this be done?

  A  friend does complex photo retouch and had downloaded an image containing a worm that trashed files. He runs a PC. A tech friend of his suggested transferring his files from his PC to someone with a Mac since we are blessed with alomost no issues with most worms. They told him to copy them back to a disk and then upload to his machine and that should restore his files. Does that make any sense. I am highly  skeptical and as much as I would like to help, I am not savy enough to have confidence in moving forward with this...

  Every PC Security vendor and more has online tools, tips, and resources.
  I think most all of them even recommend using mbam MalwareBytes to be one step in disenfecting a system.
  http://www.malewarebytes.com/
  A fully patched Windows 7 SP1 64-bit with even just MSSE 2.0 (free) should have caught it cold.
  http://www.microsoft.com/en-us/security_essentials/default.aspx
  Even a simple thing like using Windows 7 Restore Point can take care of some problems like this.
  http://kb.bitdefender.com/site/KnowledgeBase/supportCenter/1/
  Various security suite test results:
  http://www.av-test.org/certifications?order=protection_desc&lang=en

• How do I install updates for worm elimination

  Operating system OSX 10.4.7, 1GB memory (41CB Free)
  Office 2004 for Mac v. 11.2.5
  Just received the following message from my ISP:
  "Mail server report.
  Our firewall determined the e-mails containing worm copies are being sent from your computer.
  Nowadays it happens from many computers, because this is a new virus type (Network Worms).
  Using the new bug in the Windows, these viruses infect the computer unnoticeably.
  After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
  addresses
  Please install updates for worm elimination and your computer restoring.
  Best regards,
  Customers support service"
  How do I eliminate worms and viruses?
  iMac G5, Powerbook G4   Mac OS X (10.4.7)  

  There are no known worms or viruses in the wild for OS X.
  What is undoubtedly happening is that some windows user, who's machine is infected, has your email addy in their address book. Mass mailing worms will not only send to everyone in the infected accounts address book, but will use addresses from there to spoof the "from:" field in the sent emails.
  There really is nothing you can do since it is not your machine that is the problem. It's some windows machine with your email in the address book, sending emails spoofed to appear as if they came from you.

• Cannot reinstate catalog after returning PC (Windows 7) to factory settings (because of worm infection). Catalog was backed up on external drive but not using PSE backup facility. Cannot find and *.tly file. Is this hopeless?

  Cannot reinstate catalog after returning PC (Windows 7) to factory settings (because of worm infection). Catalog was backed up on external drive but not using PSE backup facility. Cannot find and *.tly file. Is this hopeless?

  If you made backups of all of your photos and your catalog file using some third-party method (i.e. not using the PSE catalog backup command), then you should be able to restore everything.
  Step 1. Put the photos in the EXACT SAME LOCATION as before. For example, if they were in subfolders of C:\Users\<username>\Documents, then they must go into the exact same subfolders of C:\Users\<username>\Documents.
  Step 2. Move the catalog file to wherever you want it to be, and then double-click on it.

• After I publish IWeb, unwanted hyperlinks show up in the published site.   How do I get rid of this worm?

  I have noticed that no matter how hard I try to rid my published site of these hyperlinks (that I've never put in) certain words within the published site are highlighted and underlined and link to another source trying to sell something.  I've never put this in and think there is some kind of virus or worm on my Macbook Pro with Mountain Lion.  I've even deleted pages and started from scratch with a new page.  They are still showing up and multiplying.  HELP!  I'm on a Windows computer right now and don't know how to take a screen shot to show you how it works.  I hope my description is enough.

  This has nothing to do with iWeb. These links are added on the server- probably due to the fact that you are using a "free" hosting service.
  Contact your host to upgrade your account or choose another one with more appropriate facilities...
  http://www.iwebformusicians.com/iWeb/Website-Hosting.html

• Wire Worm Plug-in and Photoshop CS6 64bit installation on a Win 7 64b

  I think I didn't install the 32 bit version from the DVD and thinking this is a 64bit machine I only opted for the 64bit version of Photoshop CS6.  Now the weired thing is it installed in the Program Files folder and not in the Program Files (x86) folder, I didn't change any default destination given by the installer.  The about screen of the application shows a 64bit version of the Photoshop.  Now the problem is I want my Wire Worm plug-in to work in Photoshop, developer advises to launch 32 bit version to make it work and deploy the plug-in in the respective plug-in folder in the program files.  What to do?
  This is a 64bit Windows 7 machine with an Intel i7-3940XM Processor and 32Gs of RAM

  It seems you did not installed PS 32 bit, Please install it from the Disc again and verify Program Files (x86) folder, it should be there after successful installation.
  Regards,
  Ashutosh

• System slowdown caused by Mail. Application error or worm???

  Hi there!
  After wondering for a long time why my system is gone so slowly (i never do a restart, just awake from sleep) i figured out that mail is the problem.
  Problem is that just after starting mail the activity monitor shows a cpu usage of about 45%, but there is no process in the list causing it. also, the disk activity shows a strange write value. while doing nothing special, it says that there are about 275 kb/s written on the disk! the most strange thing is that this behaviour stays altough mail is closed. the only thing to stop that is to restart the system and NOT open the mail application.
  the other strange thing is the behaviours of other apps after using mail. handbrake, for example, is multithreaded an uses about 180% of cpu. after opening mail, it just uses about 100%, as if it is ignoring the 2nd core in my iMac.
  now i am wondering if this is just an application error that should be fixed REALLY fast (because mail is my favourite email-client), or, and that should warn all us mac-users, it is some kind of worm/virus/trojan. remember microsoft outlook express? its very similar to mail becaus its winxp's standard mail-app... and you all know how riskful it is...
  would be nice if anyone could help me, since the problem is fixed i will use another mail-client and advise this to all that have noticed the same behaviour

  Hi Herogen.
  Verify/repair your disk (not just permissions), as described here:
  The Repair functions of Disk Utility: what's it all about?
  If the problem persist after having fixed all filesystem issues, and you suspect Spotlight has a bearing on it, you may try re-creating its database by typing the following command in Terminal:
  sudo mdutil -E /
  The -E option tells Spotlight to delete any already existing index info (so that it's rebuilt from scratch all over again), and the / at the end means "apply this command to the boot volume".
  After entering the command in Terminal, you'll be prompted for your administrator password. Just type it blindly (you won't see any feedback of the keystrokes while you type it) and then press <Return>.
  For best results, quit Mail and don't play too much with your disk while Spotlight does its job -- i.e. avoid files being created/modified/deleted, mail being downloaded, etc.

• TNS-12535 Error on Windows with Norton Worm Protection

  Hope this mail can help another users installing oracle 10G with Windows and Norton Antivirus with Internet Worm protection enabled; having the error TNS-12535
  I try to install Oracle 10G v1 and v2 on Windows XP SP2 with Internet Worm Protection enabled (for several hours I didn´t realize that the problem was that). Have problems with listener and my IP address or host; it resolved in first instance changing the configuration to localhost or 127.0.0.1; but I can't receive client connections. And after a few traces and less hair; discover that Norton Internet Worm Protection locks Oracle 1521 port; just reconfigured it and works fine.
  If you look in Norton Log Viewer you will see something like this
  Details: No logged in account. The present default action is to "block" communications.
  Inbound TCP connection.
  Local address,service is (HOST_NAME(IP_ADDRESS),1521).
  Remote address,service is (HOST_NAME(IP_ADDRESS),1219).
  Process name is "X:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.exe".
  Omar Siles
  Bolivia

  Thanks

• Does the Conficker worm affect Macs sharing a network with a PC?

  I asked this on Yahoo! Answers, but I am not sure. I want to receive an answer from a reliable Macintosh user.
  My sister and I share the same network to access the internet, but she is a PC owner while I run a Mac. Will I be affected by this worm?

  jaguar pirate wrote:
  I asked this on Yahoo! Answers, but I am not sure. I want to receive an answer from a reliable Macintosh user.
  My sister and I share the same network to access the internet, but she is a PC owner while I run a Mac. Will I be affected by this worm?
  no. it's windows worm running a windows code. it can do absolutely nothing to your mac.

• Azure and WORM for compliance

  Does Azure support WORM capability to store legal health records when it is used an archive target?

  hi,
  I suggest you should read the
  Windows Azure HIPAA Implementation Guidance. This document was developed to assist customers who are interested in HIPAA and the HITECH Act to understand the relevant capabilities of Windows Azure. The intended audience includes privacy officers, security
  officers, compliance officers, and others in customer organizations responsible for HIPAA and HITECH Act implementation and compliance. The document covers some of the best practices for building HIPAA compliant applications, and details (http://www.windowsazure.com/en-us/support/trust-center/compliance/
  ). Also, the document included the encrypt/decrypt data policy.
  See the same thread (http://social.msdn.microsoft.com/Forums/windowsazure/en-US/bead4059-8946-465f-b5ac-c9ef70d0ba6b/azure-blob-storage-hipaa-compliance-question?forum=windowsazuredata
  Hope it helps.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.