Kaspersky says Intrusion.Win.NETAPI>buffer-overflow.exploit with Port 445!

if kaspersky detect it so it's block this netwrok attach ..

your network maybe have a virus using port 445 like Sasser i think .. but don't worry kaspersky block this kind of attacks ..

Here are the step-by-step instructions to close port 445 in Windows XP:

   1. Click "Start"
   2. Click "Run..."
   3. Where it says "Open:" type "regedit"
   4. Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
   5. Find the value "TransportBindName" and right-click it to open up a menu of options.
   6. Click "Modify" (it is in bold text)
   7. Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
   8. Click "OK"
   9. Close the registry and reboot.

That takes care of it, now you are much safer from other machines on your local network, or if you are plugged into a cable modem without a router.

This indeed may indicate your network is infected, especially the machines originating the attack "192.168.100.2, 192.168.100.32, 192.168.100.243, 192.168.100.133"

you will also need to ensure that your machjine has the latest available windows updates , as well as office, internet explorer & any other 3rd party software (adobe flash, Acrobat, etc..)

Zo3FoL has hit the nail on the head by pointing you at resources regarding the MS08-67 vulnerability.  Kaspersky has detected attempts to exploit this vulnerability in the windows server service and prevented the buffer overflow that leads to the code execution used to propagate the malware.

The malware in question is most likely Conficker/Downadup and you'll find lots of documents on EE and on the web regarding protection from and removal of Conficker:

http://www.experts-exchange.com/simpleSearch.jsp?q=conficker

http://support.microsoft.com/kb/962007

http://www.google.com/search?q=removing+conficker

EscuroAnjo - thanks for your reply.
Pls advice do i need to do delete this in infected PC or in those pc which are infecting others?
What is the use of Port 445 & what happends if I disable this port?
Any application will be effected if i disable 445 like office, adobe etc.?
Pls advise?
****************************************
Admin3k - All my pcs are updated with the latest ms venrabliites ms/ ks  recommonds like ms 067 / 068.
Pls tell me how i come to know which port is being used by the infected PC by which that pc is infecting to other pc so i can disable that port only.
I am using google Chrome for internet browsing, does it spreads viruses in my network?
Pls advise.
Thanks!
dxb

jahboite - Thanks for the link,
I agree that i network can be infected with conficker, so can you suggest best way & network disinfection tool to disinfect my network with out going to installed in each pcs?
if there is any tool pls suggest me the link & any after / mis - effect  to use that tool if is it.

Thanks!
DXB

Have a read of this answer where the expert advises on how to set-up a share on the network containing the files needed to disinfect and patch infected machines and then using the 'psexec' tool to run a script on each of the infected machines:

http://www.experts-exchange.com/Q_24396362.html#24401646

If you need any help with any of the steps detailed at that link, we'll be happy to help.

This is more information about Conficker: http://en.wikipedia.org/wiki/Conficker & http://www.microsoft.com/security/worms/conficker.aspx

Applying the patch I mentioned at my first post MS08-067 on our hosts, should prevent this worm from spreading or infecting machines.

You could also try running Microsoft Baseline Security Analyzer  (MBSA) (http://technet.microsoft.com/en-us/security/cc184923.aspx) , which allows you to scan your hosts for missing patches or vulnerabilities.

You could also try running a removal tool (like Sophos Conficker cleaner, for a network) : http://www.sophos.com/support/knowledgebase/article/51416.html & http://www.sophos.com/kb/54457.html ..

Other information from Symantec: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

As a final step, you can run Microsoft Malicious Software Removal Tools: http://www.microsoft.com/security/malwareremove/default.aspx
And Windows Live Safety Scanner: http://onecare.live.com/site/en-us/default.htm?s_cid=sah

I think this should get rid of it on any infected PC :) Hope this helps.

i think port 445 if closed will cause that you can't see the file sharing ..

this topic will help you to understand what's the port 445
http://forums.techarena.in/networking-security/1176363.htm
http://www.ntsecurity.nu/papers/port445/
http://www.auditmypc.com/port/tcp-port-445.asp

Zo3FoL - Sorry for replying you late.
I went though the whole docs you provided but it really seems to be very very completive, i dont want to create any GP & Script to be safer side.
I will really appreciate if you could tell me other way to disinfect my network.
Thanks
DXB
****************************************************************
EscuroAnjo -Yes i did the same i closed 445 port I was not even able to open share folder which i really dont want.
Any other effective solution will be appreciated.
Thanks!
DXB.

kaspersky blocked the attack already .. if you want to delete the worm from the infected PCs setup .. make online scan on them ..

EscuroAnjo - I did the online scanning here www.pandasecurity.com/activescan but after 2 days that pc again got infected with the same thing....................
I think i need to remove it from the whole network togather.........but dont know how to do...pls help
thanks.

jahboite - I agree with the link but it really very complex way to disinfect the network
I request you to advise me with the easy way
thanks
DXB

disconnect all PCs in your network and try to disinfect  one PC after another that's will keep the worm out of the PC that you clean and after you clean the whole PCs connect them together again ..