MSBLAST Virus -does your computer restart?

[iangrant]

<A target="_blank" HREF=http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html>http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html</A>
Has the fix..

Ian

<hr width=100% size=1>

 

[gtmoore]

I had this on a friends PC yesterday - a bit scary really. I was using the site that you mention but it was impossible to read it all properly before the dreaded 60 second shutdown message appeared. I had to read a new bit each time. Also the downloaded program fix didn't have enough time to check all the files because there was so much rubbish in the user temp folder. In the end I just chopped every process that I didn't like the look of and cleared out the temp folders. This gave me enough time to run the fix and get the Windows Update stuff in.

He's running with a firewall and up to date virus definitions now (horses and stable doors comes to mind!)

<hr width=100% size=1>Gavin

 

[ccscott49]

I dont know, cant get my computer to restart!

<hr width=100% size=1>

 

[Bejasus]

Our company got badly hit with this yesterday. It tooke forever to get my laptop sorted out and finally get the patch installed.

<hr width=100% size=1><A target="_blank" HREF=http://www.arweb.co.uk/argallery/h00>http://www.arweb.co.uk/argallery/h00</A>

 

[oldsalt]

Type in "shutdown -a" in the run menu. This will stop the machine shutting down. Then apply the patch.

<hr width=100% size=1>

 

[Grehan]

Blast! a worm

This nasty "I hate Bill Gates" virus-worm-thing is going round the world (I heard on Channel 4 News earlier on this evening). Called W32.Blaster.worm, it affects (so I understand) MS Windows machines, but not 95/98.

The relevant Windows technical page is at <A target="_blank" HREF=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/msblaster.asp>
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/msblaster.asp</A>,
which contains links to download preventative patches for the various flavour of Windows.

Additionally, the various anti-virus companies have produced free bug removal tools and these are listed lower down on the same page ref I've given.

I checked my machine (which has been running strangely for the last two days) and I'd got the damn thing. (In spite of running Norton AV at all times) The best indication is the presence of a file called mblast.exe in the windows/system32/ folder.

Did the patch and did the removal (I used the free Symantec tool) and everything's ok now (famous last words). I was also remined that a few months ago I had disabled firewalling on my dial-up connections (it's easy on XP) and forgotten to re-enable it - silly boy, a basic preventative measure.

<hr width=100% size=1>

 

[h4nym]

Re: Blast! a worm

this would probably have got thru your firewall by most likely being received in an eMail.

Funny thing is - this exploited a flaw that Microsoft patched a month ago... some people don't have automatic updates on! We do, we survived - many of our clients got burnt!

Quick fix - press F8 when it says starting Windows, choose safe mode, log in as an administrator, into Control Panel then Administrative Tools, then Services. Double-click Remote Procedure Call (RPC), onto the Recovery tab, and change all the "restart the computer" to restart the service.

Then you'll have all the time in the world to deploy the removal tools and patches...

hth

H

<hr width=100% size=1>Life balance?

 

[Heckler]

took me 4 hrs

the removal tool from symantec said the m/c didnt have it but i downloaded the patch, ran the tool again after running patch and hey everything went back to normal, it was a win 2000 machine,
stu

<hr width=100% size=1>

 

[charles_reed]

Re: Blaster 32

A releatively innocuos worm, but designed to overload the net and totally inundate all the Microsoft sites.

Microsoft published the patch to shut the hole the worm exploits on 17th July and those with 2000 or XP os could have picked it up then (using the auto-update feature). At that time the number of infections, world-wide, was in the low 1000s.

Certainly none of the virus definitions had it until after infections had started to grow exponentially, last week.

<hr width=100% size=1>