1. /
  2. Security Response/
  3. W32.XPExp.Worm Hoax

W32.XPExp.Worm Hoax

Discovered:
January 31, 2003
Updated:
February 13, 2007 11:59:15 AM
Type:
Hoax

Symantec Security Response encourages you to ignore any messages regarding this hoax. It is intended only to cause unwarranted concern. This hoax arrives as a message box on the computer screen. The message box is not a result of executing a local file, but the result of a user remotely instructing the computer to display the message box via Microsoft Networking. Users should take steps to lock down their system to prevent this type of hoax message box from appearing.



Message box hoaxes and SPAM can arrive unexpectedly to your computer if Microsoft Networking is enabled. Microsoft Networking can be blocked by configuring your desktop firewall to block ports:
    • 135/tcp - Microsoft RPC
    • 135/udp - Microsoft RPC
    • 138/udp - Microsoft NetBIOS
    • 139/tcp - Microsoft RPC, Named Pipes, NetBios, File Sharing
    • 445/tcp - Microsoft Named Pipes, RPC, File Sharing
    • 445/udp - Microsoft Named Pipes, RPC, File Sharing

To disable the service that allows remote message boxes perform the following steps. Please be aware modifying these configurations may prevent other applications from operating properly and will disable the ability to share files via Microsoft Networking with remote computers:

For Windows 9x:
    1. Select Start | Settings | Control Panel
    2. Double-click Network
    3. Select the Configuration tab
    4. Click File and Print Sharing
    5. Disable I want to be able to give others access to my files.
    6. Disable I want to be able to allow others to print to my printer(s).
    7. Click OK

For Windows NT/2000:
    1. Select Start | Programs | Administrative Tools | Services
    2. Scroll down until you see the Messenger service
    3. Right-click Messenger
    4. Click Stop
    5. In the Startup type drop-down list select Disable
    6. Click OK

For Windows XP:
    1. Select Start | Control Panel | Performance and Maintenance | Administrative Tools | Services
    2. Scroll down until you see the Messenger service
    3. Right-click Messenger
    4. Click Stop
    5. In the Startup type drop-down list select Disable
    6. Click OK




Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver