|
old hand
|
old hand
Joined: Mar 2003
|
It (the blaster worm) hit us really hard at work today! I have two computers on my desk and both got hit by the worm. One of the computers couldn't find it by doing a search either. I had to go to C:\WINNT\System32\ to find it so it was trying to hide. - Weird! <img src="/ubbthreads/images/graemlins/eek.gif" alt="" />
~DragonQueen~
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
Jelp - fast - before it shuts this machine down again...i have windows XP - how do i turn it onto safe mode??????
|
|
|
|
old hand
|
old hand
Joined: Mar 2003
|
Reboot and hold control key down the whole time until it asks how you want to restart (safe mode). Hope this helps!!
~DragonQueen~
|
|
|
|
old hand
|
old hand
Joined: Jun 2003
|
My isp has a strange habit of turning on and off just like when i got up 9 hours ago my connection to the internet was down, so I pretty sure im still clean. Thanks for the heads up though. <img src="/ubbthreads/images/graemlins/shhh.gif" alt="" />
This is SpArTa!! oh im sorry, I must have took a wrong turn..somewhere...(runs away)
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
how does one become infected with this virus? and what's it do? crash your comp a lot?
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
it's a worm faile, so you can get infected by just being online, it uses a fault in windows to enter your system, your PC doesn't crash, but it can lock or it can turn your PC off, use the tool I'v linked before and after you've scanned your PC, answer 'yes' when it asks to install the vulnerability patch for your system
Viper
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
|
|
|
|
apprentice
|
apprentice
Joined: Mar 2003
|
@DQueene:
A fix that could perfectly block the worm has been online on the Microsoft Update site for over a month.
It so stupid that most people just don't keep theirs systems up-to-date. If the computers at work were infected by this worm, it's basically the fault of the companies sytem-administrator. Also, a solid firewall could have spared you alot of throubles. (Here @ work we have a double Linux firewall <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> )
Uther Pendragon
Truly great madness cannot be achieved
without significant intelligence.
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
I keep my PC up-to-date, haven't had probs so far
Viper
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
I have something else here: everytime i run the removaltool, after a few minutes it just shuts down (the tool i mean) <img src="/ubbthreads/images/graemlins/confused.gif" alt="" /> <img src="/ubbthreads/images/graemlins/confused.gif" alt="" />
Joliekiller, paladin on a crusade against (almost) all evil.
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
and what does the LOG say?? did you close all programs?
did you disable System Restore in XP??
Viper
|
|
|
|
veteran
|
veteran
Joined: Apr 2003
|
Hehe, my boss came with his notebook complaining that it automatically closes any programs right after he openes them. Connecting to internet makes PC to reboot. Daamn, it took long to find tha cause and solution.
I couldn't connect notebook to our office network to update a-virus software, because I thought the virus will go to other machines.
And it closed Kaspersky right after I start virus scan <img src="/ubbthreads/images/graemlins/disagree.gif" alt="" />
Only at evening we have found that Stinger program - removal for virus.
Yes and virus name was MS Blast. Nasty. Beware.
"Endure. In enduring, grow strong."
-Githzerai adage.
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
and what does the LOG say?? did you close all programs?
did you disable System Restore in XP?? Cool hé log is empty. Restore disabled. But i've solved the problem. It appeared that it always stopped in my temp files. SO i deleted them and temp internet files--> problem solved <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />
Joliekiller, paladin on a crusade against (almost) all evil.
|
|
|
|
old hand
|
old hand
Joined: Jun 2003
|
According to one news story: Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft's chairman: "billy gates why do you make this possible? Stop making money and fix your software!" A "security expert" quoted in the same article said: But to expect home users to keep their systems current is unreasonable, said Bruce Schneier, chief technology officer with Counterpane Internet Security Inc. He blames software developers for writing bad software that constantly need "critical" patches.
"My mother will never install the patch until I come visit," he said. "I couldn't even call her and walk her through it. The industry is wrong to expect her to do it. The fact that she sends me e-mail is incredible enough." While I agree that software developers (read "Microsoft"!) are often at fault, it doesn't follow that home users (that's us, dammit!) are quite so naive....It's a sweeping generalization; I think his mom should slap him silly for being so arrogant!
Last edited by Rincewind; 13/08/03 01:34 PM.
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
Well, it took me forever to get rid of this last night...but now it is all good. I had to try to help my dad do it. <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> Don't i feel special...he is too impatient sometimes. <img src="/ubbthreads/images/graemlins/smile.gif" alt="" /> But, i love him anyway.
Then, i had to reinstall Noton - for some reason it was screwed...had to dump/re-install...but, scanned the whole computer again after that - everything is good to go! <img src="/ubbthreads/images/graemlins/biggrin.gif" alt="" />
|
|
|
|
apprentice
|
apprentice
Joined: Aug 2003
|
IMHO this virus is long overdue. Some info on this: It's a vulnerability in the windows system itself b/c it comes in through Port 135. The exploit has been known for over a month now, all's you have to do is update windows, which you really should b/c if you leave yourself open to this, you'd be silly. It automatically scans for IP address, presumed random at this moment, and looks for Port 135 to enter. It was made to make a DDOS attack on microsoft's update page on the 16th of August I believe. It add's a new registry key to your computer and boots itself up. Filename is msblast.exe . It's a worm based on dcom.c (the vulnerability is that itself and NEEDS to be updated). Also this can be used to take over your system, people can send a trojan and completely exploit/takeover your system without having to do any background work except knowing that you run Win 2000, NT, and XP. Earlier versions of window's are not affected. Thankfully this worm is not coded very well (seems to have been a rush job on someone's part) and does no malicious damage as of yet. Though on the 16th things could get very interesting.
So in short: UPDATE your windows system or else someone can remotely administrate your computer and do nasty things to it or other computers that will get you in trouble. EDIT: oops thats wrong up there, its not the Port that is the vulnerablity it is RPC DCOM. sorry bout that.
Dunyain
Last edited by dunyain; 13/08/03 02:31 PM.
|
|
|
|
veteran
|
veteran
Joined: Mar 2003
|
Why shoudl things get intresting on the 16th? From what i have heard, they actually knew about this since 4.0, but it does only effect the newer ones...
|
|
|
|
apprentice
|
apprentice
Joined: Aug 2003
|
Things may get interesting b/c people are just patching with the removal tool or updating virus definitions. I know of at least 3 programs right now that have been built in a few days that have become remote admin tools. Who's to say that everyone will go and update window's. As that one security guy said about his mother, some people just won't do it. Now you multiply that across the world and say you have 4000-5000 PCs that are not updated and infected with msblast.exe. Launching a DDOS attack on a scale that large could definitly cause some serious problems. And who's also to say someone doesn't take advantage of this, poses as the original author of the virus and codes in an extra few lines of maliciuos code, you could have all newer versions of windows PC's formatting they're (or their, not sure) HD's. Kinda hard to update your version of windows when each time you get it installed, it starts formatting your drive before you can download the vulnerability.
Plus there are so many people that can and are starting to mutate this virus. And with a huge DDOS attack being launched on the 16th, things could get very interesting for window's users.
EDIT: Did I mention some business' are just too damn lazy to update they're software. I know I had to go to each and every damn new machine and update it myself as the users just didn't listen to me (sys admin/security man)
Last edited by dunyain; 13/08/03 02:48 PM.
|
|
|
|
old hand
|
old hand
Joined: Jun 2003
|
Carrie - From the Symantic site:
"If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on Windows Update. The worm will activate the DoS attack on the 16th of this month, and continue until the end of the year"
|
|
|
|
|