been getting this a few weeks now.
I had to reinstall kasper and then I start getting this shit..

What is it??

http://www.oznetgamer.com/images/google.jpg

Now I have taken the piss out of you willy, google gives me this ;)



Kaspersky Labs, an international data security software developer, is warning users to look our for the new Internet-worm "Helkern" (also known as "Slammer" or "Sapphire") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000. The extremely small size of the worm (only 376 bytes), a unique technology it employs for penetrating target computers and an extraordinarily high spreading speed allow us to proclaim "Helkern" one of the biggest dangers threatening the normal operation of the Internet to come along in years. There have already been reports of serious disruptions to Internet functioning in South Korea, Australia and New Zealand.


It is possible to say the worm has caused one of the largest virus outbreaks in history that has affected user from all corners of the globe: messages describing infections from "Helkern" are being received from Europe, the United States and Eastern Asia.

"Helkern" belongs to the "fileless" worms category. This type of malicious programs performs all operations (including infection and spreading) exclusively in the computer's operating memory without using any permanent or temporary files. These features seriously complicate the detection and disinfection of such worms using contemporary anti-virus technologies (on-demand and on-access scanners). The first malicious code of this type, "CodeRed" (http://www.kaspersky.com/news.html?id=211), was discovered on July 20, 2001. At that time it caused a wide-scale outbreak infecting dozens of thousands of systems around the world. Up until now, with the exception of "CodeRed", "fileless" worms had not shown themselves.

"Helkern" infects only computers running Microsoft SQL Server 2000, a multi-functional database system widely used primarily on Web-servers. To home users of any Windows version without the installion of Microsoft SQL Server the worm poses no threat.

"Helkern" exploits a security breach ("Buffer Overrun") in Microsoft SQL Server that was first detected in July, 2002. To accomplish the "buffer overrun" exploit the worm sends a special request to a target computer. When the request is processed the system automatically executes the worm's code contained in this request. In this way a malefactor can run malicious code without a user's knowledge.

Next, "Helkern" initiates its spreading routine. This process features the extremely rapid sending of the worm's copies to other Internet users: "Helkern" starts an endless spawning loop that many times increases network traffic. "Within just 3 hours from the start of the outbreak began we have detected more than 20 thousand attempts by "Helkern" to penetrate our network, - says Igor Mitiurin, Head of the Information Security Department at Russlavbank, a major Russian financial institution, - Fortunately all these penetration attempts were successfully blocked thanks to our implementation of an effective information security policy that includes the timely installation of security patches for all software used in our corporate network."

Nowadays Microsoft SQL Server is one of the acknowledged leaders in the Web-enabled database market and is used on hundreds of thousands of computers the world over. These events show that many of these systems still contain the security breach allowing infection at the hands of "Helkern". "Helkern" is a real threat that can cause serious interruption to the workings of Internet because the worm generates a huge amount of redundant network traffic that jams data transmission channels. Moreover, in the future, there is a possibility that such attacks will happen with increasing frequency. These circumstances underline the necessity to develop a new approach confronting Internet virus outbreaks. Contemporary technologies have shown a low effectiveness when dealing with such challenges," said Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Labs. Besides generating a large volume of redundant network traffic "Helkern" carries no other malicious payload (including destructive payload). Nevertheless Kaspersky Labs urges users to install the patch for buffer overruns in SQL Server 2000. You may access the patch, which is available free of charge on the Microsoft Web-site, by clicking here (http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=DCFDCBE9-B4EB-4446-9BE7-2DE45CFA6A89).



Some server in the states "by that ip you have shown" has your ip and attacking it, check to see if it is the same ip every time, which I would guess it is.

WHOIS results for 61.185.14.200

Location: China

inetnum: 61.185.0.0 - 61.185.255.255
netname: CHINANET-SN
descr: CHINANET Shanxi(SN) province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CH93-AP
tech-c: XC9-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-SHAANXI
status: ASSIGNED NON-PORTABLE
changed: **********@ns.chinanet.cn.net 20010216
changed: **********@apnic.net 20040927
source: APNIC

person: Chinanet Hostmaster
address: No.31 ,jingrong street,beijing
address: 100032
country: CN
phone: +86-10-66027112
fax-no: +86-10-58501144
e-mail: **********@ns.chinanet.cn.net
e-mail: *********@ns.chinanet.cn.net
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: **********@ns.chinanet.cn.net 20021016
remarks: hostmaster is not for spam complaint,please send spam complaint to *********@ns.chinanet.cn.net
source: APNIC

person: Xianghong Cao
address: Shanxi provice data communication Bureau
address: 185# zhuque Road
address: Xi'an city, Shanxi provice 710061
address: CN
phone: +8629-523-3633
fax-no: +8629-522-8093
e-mail: ****@public.xa.sn.cn
nic-hdl: XC9-AP
mnt-by: MAINT-NULL
changed: ************@263.net 19990409
source: APNIC

I have looked at that a few weeks ago PtP, read the shit below.
I dont care were the shit comes from, or maybe I should just book a fare to china and shoot a few gooks?


================================================== =====================
Hotfix Installation Steps for SQL Server 2000 Enterprise Edition with Clustering Enabled
================================================== =====================

1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.

2. Navigate to a node of the cluster where the SQL Server instance is currently not running.

3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files if they exist from the <installation path for this SQL Server instance>\Binn\Dll folder.

4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into the <installation path for this SQL Server instance>\Binn\Dll folder.

5. Failover the SQL Server instance to the node in which the new binaries are now installed.

6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.

8. After you verify the hotfix, repeat steps 1 through 3 on the remaining nodes in the cluster.


================================================== =====================
Standard Hotfix Installation Steps
================================================== =====================


1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.

2. Shut down the Microsoft SQL Server and SQL Server Agent services.

3. Make a back up copy of the ssnetlib.dll files from the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files from the <installation path for this SQL Server instance>\Binn\dll folder.

4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the <installation path for this SQL Server instance>\Binn folder and the ssnetlib.pdb files into <installation path for this SQL Server instance>\Binn\Exe folder.

5. Start the Microsoft SQL Server and SQL Server Agent services.

6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.

None of that relates to you because kaspersky is killing it for for, that info relates to the wanker administrator of the server that is trying to infect you, he probably is not even aware that it is doing it, his server will be sending it out all over the place so I am sure someone closer to him and speaks chinese is sending him abusive emails by now so you just need to ride it out.

willy I dun think your alowed to shoot gooks nemore unless you play BF2 :)

Thanks PtP.

Thanks for the "heads up" viss