Larian Studios Forums General Chat Chat (Anything) Alert : Blaster ! (Worm / Virus)

yep thay are......but i beat em! HA! <img src="/ubbthreads/images/graemlins/evilgrin1.gif" alt="" />

found 2 viruses the first being in mscache.dll known as trojan horse downloader skoob.B virus and the second being in my windows temp folder called Dload.exe

second one is healable first one is NOT! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" /> be wary!

I haven't ever had a virus. But in my inbox of my favourite e-mail program Pegasus Mail a *lot*. <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

That's why I always keep tellin' people they should use *that* ! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

Sorry bro. <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" />

You will just have to remove the trojan horse and recheck your puter.
Some of those are very nasty.

Like Alrik I have everything checked before I open or recieve something.
And inbetween automatic updates of my antivirus, firewall, and so I regularly check for updates myself.
Also windows. Becouse they regularly have security updates.

James Brown.......i feel good! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

done, fini, finito, kaput, gonzo, Pffffft!!, <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

might i add....... ALL CleaR!! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

The saga continues: I can't believe that this very big company I'm working for didn't do anything when they knew this worm was coming; but they didn't. I know the lost person hours they've had yesterday and today must have cost a fortune already.

The RPC worm and msblast came together(I think they're one and the same?) - I was told there was over 14 variations of msblast alone. The sad thing is that they (Sys Admin) came and "cleaned" my computers and then "pushed" a patch over the intranet. I worked really well for at least a couple of minutes <img src="/ubbthreads/images/graemlins/suspicion.gif" alt="" /> then I was "infected" again. The name changed from msblast.exe to MSBLAST.exe. Also another symptom I had was my explorer.exe was running at 98% which of course made my computer run like a dog.

Whoever said this worm didn't cause problems for the user wasn't sitting at my desk today. <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" />

oh yes it was a friggen nusiance to me as well......
trying to restart before cleansing was a b i t ch h! <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" />
every taskbar program i had going caused an error up to the point that it wouldn't even close and i had to ........... <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" /> push the dreaded "reset" kill switch.......then startup was another ball game..... i'll tell ya i had my plate full for a few hrs today! but i've nipped it in the bud and got my AVG updated, that was another strange thing....for 2 days i couldn't get the patch,
was the virus stopping me?? dunno but it seems so!

@Jurak
If you don't mind me asking, what did you do to work around this?

On a side note: It has been noticed that ISP's have block inbound and outbound traffic on Port 135. Will that help solve anything, I seriously doubt it. The internet will be super slow on saturday. The possiblity still remains that people will get infected. Why do people just disable something as a fix, it really doesn't solve very much (Look at the microsoft passport security flaw, it was just disabled, if you don't know about it, you could reset a users password without going through the "secret question" or putting in personal info)

dunyain

well i finally got to my AVG site and succeeded in finishing the >bin file for the A-V installed and did a scan....it found three offending culprits and were swiftly deposited into the virus vault! <img src="/ubbthreads/images/graemlins/suspicion.gif" alt="" />
Just finished another scan this morn..... and 100% virus-free

My AV software has already worked better than Norton's CRAP! and found viruses
that nort could not, so i switched to AVG.. simple! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

I usually use F-Prot for DOS - and it detects more than AVG Free Edition (yes, I have both).

For example, my copy of AVG Free Edition didn't detect the virus called "Klez" and variants.

I can only advise to use at least two scanners at the same time - what the one doesn't see, might be detected by the other one.

wait. isn't blaster the thing that will crash like all windows on Saturday?

Yes Lews, it continually shut down your computer.
Where you been? <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

he's been shutdown <img src="/ubbthreads/images/graemlins/ouch.gif" alt="" /> <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />

serious tho.....ya got a point there Alrik.... <img src="/ubbthreads/images/graemlins/think.gif" alt="" />
although my AV couldn't detect the worm,
until i finished getting the new update!
F-Prot eh? had that a long while ago.....yes for my DOS too!
maybe i should think about gettin it back!! <img src="/ubbthreads/images/graemlins/think.gif" alt="" />

it did? <img src="/ubbthreads/images/graemlins/confused.gif" alt="" />
hmm, I remember that I couldn't get on Lar yesturday, and had a minor problem, after Saturday all will be well, I hope.

one more day to go!! <img src="/ubbthreads/images/graemlins/eek.gif" alt="" />

MSBlast info

I have a very important question for the system smart folks out here. My laptop computer at work is definitely infected. It has a patch on it (of some sort) that keeps fighting off new attacks - it actually get the things like the little window that says "Your computer is shutting down in .50 ...". It no longer shuts down though.

Our computers at home are NOT infected and have all the right patches and we're behind a firewall.

Question is - if I bring that laptop home from work - would it be safe to do work on it behind my firewall or should I disconnect all of my computers if I want to work with this computer. I connect to work via VPN.

I'm going to ask my "desktop support" guys the same question, but I'm not sure I completely trust the answer. <img src="/ubbthreads/images/graemlins/puppyeyes.gif" alt="" />

I am not at all technically inclinded...but have you run the tool to remove it? The patch will let it not get in again...but you need the tool to remove it.

Yes you're probably right Carrie. The patch prevents from entering, but if it is already on, you have to remove it. The tool is good for that. also make sure you're antivirus is updated too. If you run the tool, disable the backup system otherwise the virus get backed up too and if you put it back--> the virus is back. I hope this makes any sence to you.

It makes perfect sence to me! I had to do it!

Ya, DQueene, if you are running Xp...turn off the system restore...then run it all again. I did it all twice to make sure i got everything.
And, it has to be in safe mode to do all this.

Not nessassary Carrie. I ran it with out safe mode <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" />. But then again, i wasnt infected in the first place <img src="/ubbthreads/images/graemlins/think.gif" alt="" />. So it might be better to run in safe mode as Carrie suggested.

My problem is that since it is a work computer I'm not sure what the "clean up" tool might do to the computer itself. It could undo some thing they've done with the patch. Grrr - they don't give you enough info on what they're doing to allow you to make a decision. <img src="/ubbthreads/images/graemlins/suspicion.gif" alt="" />

I'm going to get something like zone alarm and put this one outside my firewall - hopefully that'll keep everything else safe.

Thanks guys! I might just run the cleanup tool anyway. <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" />