Blaster Worm

Woody13

New Member
Originally posted by tigsmom
Now I'm getting nervous...we use Norton

I am talking about Norton SystemWorks. I wouldn't wish SystemWorks on my worst enemy (no, I take that back, it's the perfect thing for my worst enemy). The Norton Antivirus (NAV) and Norton Firewall are fine (just very expensive to buy and pay for the updates). There are other antivirus programs and firewalls that are just as effective (and less troublesome) and they are free.
 

shuflemstr

Well-Known Member
Unfortunately I got it too. I was up till 3am this morning talking to MSN on the phone after being on hold for 45 minutes. Here is the email that they sent me.

To resolve your issue you need to go to http://support.microsoft.com/?kbid=823980 and download the patch for your system. Once you download and install this patch you will need to go to http://housecall.antivirus.com and then run the free web based virus scan. If this does not resolve your issue you will need to contact the manufacture of your computer of the Microsoft Product Support Virus Center
For all windows updates
http://www.windowsupdates.com
http://www.microsoft.com/technet/treeview/?url=/technet/security/virus/alerts/
for more information on cleaning their system and fully removing the virus.
 

darthdarrel

New Member
Originally posted by Woody13
I am talking about Norton SystemWorks. I wouldn't wish SystemWorks on my worst enemy (no, I take that back, it's the perfect thing for my worst enemy). The Norton Antivirus (NAV) and Norton Firewall are fine (just very expensive to buy and pay for the updates). There are other antivirus programs and firewalls that are just as effective (and less troublesome) and they are free.
When Am I supposed to be having problems? I have used Norton system works for 3 years now.
 

Woody13

New Member
That's good advice. However for those folks who were infected, a good firewall would have prevented this worm. All it does (did) was look for systems with an open 135 port. A decent firewall will close that port on the Internet and save you the grief.
 

Woody13

New Member
Originally posted by darthdarrel
When Am I supposed to be having problems? I have used Norton system works for 3 years now.

There will come a time when you might have to perform a system restore in Windows ME or XP (I do not know your version). NSW does not play nice with system restore. Also if you use the included Roxio "Go Back" it may just go back to a point where you will no longer be able to boot your system. Also what version of the Norton Firewall are you using? Symantec no longer supports the 2001 version!
 

darthdarrel

New Member
Originally posted by Woody13
There will come a time when you might have to perform a system restore in Windows ME or XP (I do not know your version). NSW does not play nice with system restore. Also if you use the included Roxio "Go Back" it may just go back to a point where you will no longer be able to boot your system. Also what version of the Norton Firewall are you using? Symantec no longer supports the 2001 version!
I have windows 98SE and I have Norton Internet security 2003.
 

Blizz

New Member
Original Poster
Well it took me about 5 hours to kill it. This was because I used my ancient HP running Win 98 to invistigate all possible ways to kill the worm. I decided to get the patch first off of Microsoft.com. It was listed as a virus alert on the main site and I didnt go through the windows update site. If you cant find it search using the words "W32.Blaster.Worm". Then you download the patch to disk. Then I went to http://www.symantec.com and got the Symantec Virus Removal tool. (This is how Microsoft reccomends getting rid of it) Then i restarted the effected computer and quickly disabled the system restore (if not the worm will live in your system restore folder!!!). Then I installed the security patch and then restarted the computer. Then I ran the Symantec FixBlast.exe virus removal tool (which I saved to disk from my other computer). It scanned about 200,000 files and then alerted me that it found and removed the bug which was saved as msblast.exe in the System32 folder under the WINDOWS directory on the C drive, it also deleted the registry editor entry created as well as a vital system procedure that was effected. Then I ran it again in safe mode and then restarted and then ran it again in normal mode after i restarted again. the last two scans came up clean. Then I restarted again and put the patch on again. I know its overkill but I am clean as a wistle. I also did as Best Buy told me, and I updated all the Windows Updates (I got them from my friend in tech support at Best Buy but he told me you can get them from the windows update site).

I also am going out tomorrow and getting the latest update of Norton.

When I get my home network running I will be super covered. I have a friend who is giving me his old Cisco router/firewall/gateway. So hopefully this will be my last virus.


PS - becareful, Code Red II is also spreding. I read about it while researching the Blaster Worm. they say it spreads 4000 times faster then the first Code Red virus.

If you dont know how Blaster.Worm works and what its doing is this....

It uses a hole in almost all versions of Windows, even Server 2003. When the computer is connected to the net after the worm spred (which was a few days ago) the computer gets the worm (unless you have the patch or a hell of a firewall!). Then the worm launches the msblast.exe file it downloads and changes the regestry editor and blocks the Windows Update feature of windows. Then sometime this week when on the net it will send a DoS to the Windows Update site. This is a denial of serivce which will mean either longer download times on the site cause it is jammed or it will be so jammed it will prevent the site from downloading at all. This is what COde Red did to the White House website. Now the worm also effects users infected but restarting your system every 5-15 minutes by crrupting the Win32 and System32 processes.

PS-Norton and/or McAfee alone will not protect you from this because it was not included in the latest update of the anti virus software. The latest updates or Norton now include something to help with the Blaster Worm.

Well if you want more info please ask.
 

Woody13

New Member
Originally posted by darthdarrel
I have windows 98SE and I have Norton Internet security 2003.

That's bad because Windows 98 support is almost gone now. You're on a bumpy road. You need to start thinking about a new computer or an upgrade.
 

Blizz

New Member
Original Poster
Originally posted by Woody13
There will come a time when you might have to perform a system restore in Windows ME or XP (I do not know your version). NSW does not play nice with system restore. Also if you use the included Roxio "Go Back" it may just go back to a point where you will no longer be able to boot your system. Also what version of the Norton Firewall are you using? Symantec no longer supports the 2001 version!

Windows ME was not effected be W32.Blaster.Worm.

Also, system restore is horrible!!! System resore is the best place for a worm or virus to hide! It also eats part of your hard drive. I find its easier to back up my important files to a external drive or tape backup or other removable media and then doing a re format of my hard drive.

PS - I know this will start a tiff but I hate Windows. I am a user of Windows but I perfer Mac OSX or Linux over Windows. But to write my software programs I need Windows. Also, its hard to find software for Mac or Linux.
 

Blizz

New Member
Original Poster
Originally posted by Woody13
That's bad because Windows 98 support is almost gone now. You're on a bumpy road. You need to start thinking about a new computer or an upgrade.


Ehhh.... a Windows upgade is always a bad idea.

There is always problems when you upgrade an OS on an older computer unless you use a dual boot for like Linux and Windows.

A new version of windows is about $200 and a new E-Machines computer goes for about $400 if you get the right deal.

Its better just to go with a new system.




PS-I also just helped a few friends though the worm removal. I am like a pro at this now. LOL.
 

tigsmom

Well-Known Member
Originally posted by Woody13
I am talking about Norton SystemWorks. I wouldn't wish SystemWorks on my worst enemy (no, I take that back, it's the perfect thing for my worst enemy). The Norton Antivirus (NAV) and Norton Firewall are fine (just very expensive to buy and pay for the updates). There are other antivirus programs and firewalls that are just as effective (and less troublesome) and they are free.

Gotcha...thanks
 

pinkrose

Well-Known Member
Our computer is 3 yrs old (yes, I know time for a new one). I did the XP upgrade (we had Windows 98), and it did fine. I've had no problems so far.
 

monorail256

Member
Our newest computer (Sony) got it last night. I hadnt' turned it on since before we went down to Disney.. and I went on the net last night and all of the sudden all this weird stuff started happening. I'll let my dad or brother fix it.... I can never figure out all the virus stuff....:lol:

All that I can say is thank god I have a computer in my room that doesnt have the virus on it.. even if it is a few years old (Windows 98).:)
 

wdwhoneymooner

Well-Known Member
Originally posted by darthdarrel
How does one know when they have been infected?

Believe me, you'll know! :) Your PC still begin an automated shutdown sequence timed to 60 seconds. It hits a minute or two after booting.

I don't know if this has been posted yet so forgive me but here is what you can do:

By now most of the computer-using world is aware of the new Virus sweeping the Internet named W32.Blaster.Worm (also known as MBlaster, W32/Lovsan.worm, MSBlast, Win32.posa.worm, Win32.poza.worm).
The virus currently is said to be 4 times as widespread as the “CODE RED” “NIMDA” worms and this is only the 2nd day the virus has been on the rampage!

The possible symptoms of this virus are summarized as follows:
- Constant rebooting or crashing of your machine
- Scanning the local Subnets for other computers which have the same vulnerability
- Performing a distributed denial of Service (DDoS) on a Microsoft website starting on the 16th of August

Here are some quick Instructions, which will protect your system from the vulnerability the virus exploits on your computer:
1. Boot up your computer
2. Download and run the Microsoft patch (which is correct for your operating system) to close the Vulnerable RPC exploit.
· Critical Patch for MSBLASTER – Windows2000
· Critical Patch for MSBLASTER – Windows XP
· Critical Patch for MSBLASTER – Windows NT Server and Workstation


Once the patch is installed you will be asked to reboot your computer. If you do not reboot the changes will not be applied and the machine will still be open to attack.


If you suspect that your machine was infected with the virus follow these further steps to ensure that your machine is cleaned.
3. If you keep getting the “Shutdown in 60 seconds” dialog, click Start / Run, and execute command ‘shutdown -a’
4. Download and run a well known companies free MSBLASTER virus removal tool (Your choice of the vendor below – remember this is only useful for this virus)
· Norton Antivirus Removal tool: http://securityresponse.symantec.com/avcenter/FixBlast.exe
· F-Secure’s F-LOVSAN Removal tool: ftp://ftp.f-secure.com/anti-virus/tools/f-lovsan.zip (You must have winzip/pkunzip to extract this tool)
· CA: http://www3.ca.com/Files/VirusInformationAndPrevention/ClnPoza.zip
(You must have winzip/pkunzip to extract this tool)

Please remember to use the windows update features of Microsoft Windows products usually located on the START menu. This service is also available on the web at Microsoft Windowsupdate website

Best practices for home use would also include having up to date antivirus software loaded on your personal equipment that has the ability to auto update your computer.
 

tigsmom

Well-Known Member
We downloaded the patch last night...computer came up clean. My DH was using this computer earlier and he received an alert "infected file attempting to download". Asked if he wanted to stop it! Like asking who wants to be a millionaire?!:lol:
 

Blizz

New Member
Original Poster
LOL, yeah I love how Norton asks "Do you want to stop the incoming virus?" Well DUH! Of course I do.

Well hopefully this has helped anyone with the Blaster Worm.


PS-If you dont clean it out by Saturday it is said to start deleting files and get a lot worse. SOme of it you wont even see happening. Also, after these shut downs happen, a mutated version will spring up and let you use your computer for a longer time before a shut down is initated. This is so you will be allowed to go online to spread the virus more and create the DoS on the Microsoft Window's Update site. So even if you had it and it has stopped, run it anyway. This happened to my pal Lori and last night we got her all cleaned up.

So even if you think you had it and it stopped, still follow the Symantec directions and see if you have it. Better safe then sorry!
 

darthdarrel

New Member
So what your saying is that windows will shutdown on it`s own? Thank god my computer hasn`t done that.:) But yesterday I couldn`t get my internet explorer to work only netscape would work, and I couldn`t go to windows update. I reinstalled internet explorer and now everything is fine.:)
 

Blizz

New Member
Original Poster
Originally posted by darthdarrel
So what your saying is that windows will shutdown on it`s own? Thank god my computer hasn`t done that.:) But yesterday I couldn`t get my internet explorer to work only netscape would work, and I couldn`t go to windows update. I reinstalled internet explorer and now everything is fine.:)


Eehhhh, that could have been because of the attacks against the Windows Update site. the windows updates are also taking a long time to download.

Glad to hear its working. But I just told another friend to run the scan just in case and turns out he has it, so there is one more i will be helping. I think that this worm can mutate into diff. forms as it spreads.
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom