BEFSR81 Server and BOOTP Packet Vulnerability

Unless you're running a server, you are not impacted. If you are running a server, you can completely disable SSL v.3.

A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.
A port scan or portscan is "An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service."[1]
To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.

RFC is a Remote Function Call and CVE is Common Vulnerabilities and Exposures. Since RFC is commonly used for server exploitation via viruses, most servers turn that function off, resulting in an error message like you reported.
While this may be a legitimate function call, this often means that your system has been compromised by a virus or malware. Run a reputable virus and malware scanning tool, like this one.
You can read more about your error message here.

Uninstall any MS Office that is currently installed in the system and reinstall it.

Your system is infected by Sasser worm.The Sasser worm infects machines via network connections. It can attack entire networks of computers or one single computer connected to the Internet. The worm exploits a known windows vulnerability that is easily patched, however few systems seem to have this patch installed. It attacks Windows 2000 and Windows XP machines along with Windows NT and Windows Server 2003.


The patch from Microsoft known as the MS04-011 Security Update fixes the following vulnerabilities:
LSASS Vulnerability 
LDAP Vulnerability 
PCT Vulnerability 
Winlogon Vulnerability 
Metafile Vulnerability 
Help and Support Center Vulnerability 
Utility Manager Vulnerability 
Windows Management Vulnerability 
Local Descriptor Table Vulnerability 
H.323 Vulnerability 
Virtual DOS Machine Vulnerability 
Negotiate SSP Vulnerability 
SSL Vulnerability 
ASN.1 “Double-Free” Vulnerability 

Download the Windows patches for this vulnerability.Here is the link below:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx



How Can I Remove the Sasser worm?

Follow these steps in removing the Sasser worm.

1) Disconnect your computer from the local area network or Internet

2) Terminate the running program
Open the Windows Task Manager by either pressing CTRL+ALT+DEL, selecting the Processes tab or selecting Task Manager and then the process tab on WinNT/2000/XP machines.
Locate one of the following programs (depending on variation), click on it and End Task or End Process

avserve.exe
avserve2.exe
skynetave.exe
any process running with the "_up.exe" suffix
Close Task Manager

3) Activate the Windows XP Firewall (if running Windows XP) or another firewall to prevent the worm from shutting your system down while downloading the patches. To activate the Windows XP firewall, follow these steps.
Click on Start, Control Panel
Double-click on Networking and Internet Connections, then click on Network Connnections
Right-click on the connection you use to access the Internet and choose Properties
Click on the Advanced Tab and check the box
"Protect my computer and network by limiting or preventing access to this computer from the Internet"
Click OK and close out of the Network and Control Panel

4) Remove the Registry entries
Click on Start, Run, Regedit
In the left panel go to 

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry

"avserve.exe"="%Windir%\avserve.exe"
"avserve2.exe"="%Windir%\avserve2.exe"
"skynetave.exe"= "%Windows%\skynetave.exe"
Close the Registry Editor

5) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type, or copy and paste, the file names:

avserve.exe
avserve2.exe
skynetave.exe
C:\win2.log
Click Find Now or Search Now.
Delete the displayed files.
Empty the Recycle bin

6) Reboot the computer and update your antivirus software, and run a thorough virus scan using your favorite antivirus program.

For Automatic Removal of Sasser, download the Symantec removal tool, you'll still need to download the patches above and install them, however this removal tool will stop the Sasser worm from running, remove the items in the registry, and delete the infected files.

If you had many problems, it's not necessary, as long as your firewall / anti-virus is configured correctly.

These routers have a vulnerablity for hackers. Beware.

Your manual can be retrieved at:
http://broadband.motorola.com/consumers/products/WR850g/downloads/WR850G_userguide.pdf


The vulnerability is explained as: "Even though this does not resolve the vulnerability, the web interface should be configured only to listen to LAN and not to WAN interfaces.
This at least eliminates the risk of being hacked from the outside, while it is still possible for an insider to gain the passwords in the way described above."

There does not seem to be a way to fix the files that have been affected but McAfee sent out an email today saying tha Microsoft had posted a patch to IE 7 that prevented unauthorized access via XML code.

As this has been one of the speculated methods in which hackers have caused this "file error 22001" problem (the other being a virus piggybacked on cookies), my guess is that this patch is designed to solve this issue however your files are probably gone.

You can get patch by doing Windows Update inside "TOOLS" on IE7.

Actual text from McAffe notice is below.

Best of luck

Ivan C. "Nick" Camp IV
Director of Global Operations
Wellness International Network, Ltd.

Microsoft has released a patch to address a critical remote-code-execution vulnerability in Microsoft Internet Explorer. The MS08-078 bulletin (Microsoft Internet Pointer Reference Memory Corruption Vulnerability) addresses the vulnerability for Microsoft Internet Explorer versions 5.01, 6, 7, and 8 Beta 2 running on Windows 2000 SP4, XP SP3, Server 2003 SP1, Vista SP1 and certain Server 2008 configurations.

Main threat sources: E-Mail; Locally logged-on user; Web

Threat level: Critical.

Solutions: On December 17, Microsoft released a patch to address this issue.

BOOTP stands for Bootstrap Protocol. DHCP stands for Dynamic Host Configuration Protocol. Both are mechanisms to dynamically assign an IP address for a TCP/IP client by the server. In this case, the Prestige 310 Internet Access Sharing Router is a BOOTP/DHCP server. Win95 and WinNT clients use DHCP to request an internal IP address, while WFW and WinSock clients use BOOTP. TCP/IP clients may specify their own IP or utilize BOOTP/DHCP to request an IP address.