Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

W32 Blaster Worm
http://www.cert.org/advisories/CA-2003-20.html ^ | CERT

Posted on 08/12/2003 11:30:56 AM PDT by dfrussell

This thing seems to be spreading quite quickly. If you're using MS and haven't verified your system, you should.

If you're not using a firewall, you should.

http://www.sygate.com will allow you to download and install a personal firewall -- it's easy to install.

Internet Security Systems (http://www.iss.net) has released a scan tool to check for the MS03-026 patch on Windows servers.

Location:

http://www.iss.net/support/product_utilities/ms03-026rpc.php


TOPICS: News/Current Events; Technical
KEYWORDS: lovesan; mdm; ms; w32blasterworm; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 next last
To: OXENinFLA
How does one go about finding out if ones system has been infected?

Just go around showing your computer and ask "does this look infected?" (Sorry, couldn't resist)

21 posted on 08/12/2003 12:00:12 PM PDT by dfwgator
[ Post Reply | Private Reply | To 19 | View Replies]

To: dfrussell
thank you. I'm not very tech savay. I may just get a new computer. This one is less than a year old, but I just can't figure it out.

And Dell doesn't seem to be answering their phone, so tech support is nonexistant. I started calling yesterday around noon,,,, still no answer,,, the line is busy.
22 posted on 08/12/2003 12:01:33 PM PDT by Iowa Granny
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bikers4Bush
Unfortunately that would require blasting our entire sales force.

In my case that would mean the CEO, HR Head, CFO and numerous VP's. No real love lost but, figure the odd's! Blackbird.

23 posted on 08/12/2003 12:01:50 PM PDT by BlackbirdSST
[ Post Reply | Private Reply | To 16 | View Replies]

To: dfrussell
We use a Sonic Wall firewall at my office and it still infected one of the PC's here.

So just a firewall may not help. Run Windows Update frequently!

24 posted on 08/12/2003 12:03:54 PM PDT by Mannaggia l'America
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlackbirdSST
Lol!
25 posted on 08/12/2003 12:04:18 PM PDT by Bikers4Bush
[ Post Reply | Private Reply | To 23 | View Replies]

To: OXENinFLA
Update your virus software and run a full systems scan.
26 posted on 08/12/2003 12:04:38 PM PDT by TheBigB (Some say shoot to kill. Others say shoot to maim. I say empty the f'n clip and let God make the call)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Iowa Granny; OXENinFLA
See post #12.
27 posted on 08/12/2003 12:05:29 PM PDT by Bikers4Bush
[ Post Reply | Private Reply | To 22 | View Replies]

To: antivenom
Thanks.....
28 posted on 08/12/2003 12:06:54 PM PDT by Joe Hadenuf (1)
[ Post Reply | Private Reply | To 10 | View Replies]

To: OXENinFLA
How does one go about finding out if ones system has been infected?

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

29 posted on 08/12/2003 12:10:16 PM PDT by dfrussell
[ Post Reply | Private Reply | To 19 | View Replies]

To: Maigret
This worm is not spread through e-mail, but is a flaw in the Microsoft RPC code.

Interesting that your ISP would define a worm as "a flaw in the Microsoft RPC code". Makes me think that someone with a BA in English is writing announcements for your ISP.

30 posted on 08/12/2003 12:12:25 PM PDT by ClearCase_guy (France delenda est)
[ Post Reply | Private Reply | To 15 | View Replies]

To: OXENinFLA
go to your START menu, use SEARCH for File or Folders and enter MSBlast.exe it will show up if you have it.

If you have it, update your virus software and then run it. If you do not have a virus software, go to http://www.grisoft.com and download the free virus scanner (AVG), after you download it it will start to install it and will ask to check for updates on the free AVG software, make sure you let the software get the current updates after you install it, as the inital software does not have the fix in it, you have to update it after you download it. After you have have done all that then run it through a full virus scan and it will pick up and remove the MSBlast.exe worm from your system.
31 posted on 08/12/2003 12:16:01 PM PDT by stlnative
[ Post Reply | Private Reply | To 19 | View Replies]

To: OXENinFLA
If you know how to open your Task manager you can view currently running processes. If you find one called "msblast.exe" you have it. Kill the process. Then perform the update.

You can also kill it through the registry but unless you are very comfortable running around in there I don't recommend it. You can cause more damage than you can imagine. Still, if you're brave...

1. From the Start menu choose RUN
2. Type REGEDIT then click OK
3. Open the tree in the following sequence: HKEY_LOCAL_MACHINE
SOFTWARE
MICROSOFT
WINDOWS
CURRENT VERSION
RUN - click on this folder to open it. You will see a number of keys and values in the right hand pane.
If you see an entry under "Name" that says "windows auto update" with a value "msblast.exe" delete this key. Note - there is a folder down the tree called "Windows Auto Update" that is supposed to be there. Don't touch it. It's not the virus location.
-You will have to restart your PC for the registry change to take effect.

NOTE AGAIN - IT IS BEYOND FOOLISH TO RUN AROUND IN THE REGISTRY UNLESS YOU ARE VERY CONFIDENT OF WHAT YOU"RE DOING> PLEASE BE CAREFUL!

If you don't already have a firewall, get one and keep it up to date. Firewalls are your friend. Since I installed one on my home PC I can't believe how many times something's tried to hit me. Good luck.
32 posted on 08/12/2003 12:19:33 PM PDT by mitchbert (Facts are Stubborn Things)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Iowa Granny
I may just get a new computer

This assumes that the new ones will not be vulnerable, which is probably not a good assumption :)

You might want to just install a personal firewall and shut off most services you don't need/want (almost everything for most people).

ZoneAlarm, Sygate and BlackIce work reasonably well. Just don't get excited and start complaining to ISPs when you discover your system is being probed a lot... waste of time usually.

If you have a firewall, things like this are pretty much moot. You also might want to consider using a filtered ID from spamcop.net or hushmail.com rather than using your ISP... they run $30 a year and provide virus and spam filtering.

33 posted on 08/12/2003 12:20:01 PM PDT by dfrussell
[ Post Reply | Private Reply | To 22 | View Replies]

To: mitchbert
thanks, I opened my task manager and didn't see it.

I've update my Anti-Virus software (Panda) and am running a scan now, just to be sure.

34 posted on 08/12/2003 12:24:40 PM PDT by OXENinFLA
[ Post Reply | Private Reply | To 32 | View Replies]

To: mitchbert
Kill the process. Then perform the update.

Also, remember to stand on one foot, wave a dead chicken over the keyboard and chant praises to Microsoft while performing the update.

35 posted on 08/12/2003 12:30:46 PM PDT by HAL9000
[ Post Reply | Private Reply | To 32 | View Replies]

To: dfrussell
My company has been hit by a virus today. All MS office products are messed up. The network boys are working on it. Those of us in userland are out of luck.

36 posted on 08/12/2003 12:32:14 PM PDT by You Dirty Rats
[ Post Reply | Private Reply | To 1 | View Replies]

To: Joe Hadenuf
Affects NT 4, 2000, XP.
37 posted on 08/12/2003 12:32:53 PM PDT by New Horizon
[ Post Reply | Private Reply | To 3 | View Replies]

To: Mannaggia l'America
It depends upon what you permit through your firewall :)
38 posted on 08/12/2003 12:33:02 PM PDT by dfrussell
[ Post Reply | Private Reply | To 24 | View Replies]

To: New Horizon
Full list:

* Microsoft Windows NT 4.0
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
39 posted on 08/12/2003 12:34:15 PM PDT by dfrussell
[ Post Reply | Private Reply | To 37 | View Replies]

To: HAL9000
That was dirty. Now my boss is staring at me wondering what I'm laughing about! :-)
40 posted on 08/12/2003 12:35:18 PM PDT by mitchbert (Facts are Stubborn Things)
[ Post Reply | Private Reply | To 35 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson