Lovesan, Blaster & MSblaster worm

I'm posting this in General Discussion rather than the Computer Talk forum because it needs to be seen by as many as possible. There is a new worm out in the wilds of the Internet and those of us using Windows 2000 and Windows XP need to be certain our antivirus is currently updated and that we've run all the security updates from Microsoft.

It's bad. It's being compared to the Code Red and Nimda worms. Here some articles about this worm:

Siliconvalley.com: http://www.siliconvalley.com/mld/siliconvalley/6511962.htm

TechTV.com (especially this article!): http://www.techtv.com/news/securityalert/story/0,24195,3498394,00.html

Symantec.com (Norton AV's site): http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

What to do: http://www.techtv.com/screensavers/windowstips/story/0,24330,3498721,00.html


This message was edited Wednesday, Aug 13th 3:19 AM

Thanks for posting all of this gw!
Are those of us with Win98 immune?

I believe this particular one hits 2000 and XP, according to the Symantec link above. I'd read through it, though, just to be safe.

Yes, thanks
I've updated Windows, got my Antivirus and Firewall on etc
Thanks for all the info - I'm off to read it :)

If you check out Symantec's website http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html -- you will be surprised to see that this virus scans for open TCP Port 135, and uses it! The best way to avoid infection is to follow these instructions:

1. From Symantec (Norton Anti-Virus):

Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

2. From Microsoft:

Visit the following: http://www.microsoft.com/security/incident/blast.asp
The above link will allow to download and install a patch for Windows 2000, Windows XP and Windows 2003 Server. Microsoft also instructs on port blocking for Windows 2000.

If you already have the W32.Blaster.Worm, you can obtain a clean-up (viral remover) utility here: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Make sure you follow all the directions to a "T" on the above link or the utility may not work. I highly recommend saving the utility to a floppy disk, even if you don't have the virus. In that case, you have the utility, if you ever get the virus and can't access the internet to obtain the utility.

Dave

Edited to include Hyperlinks.

This message was edited Wednesday, Aug 13th 11:41 AM

Trust me folks, this one is a biggy. Took me nearly five hrs to get rid of it yesterday. This one is so tricky it even blocks your ability to update Windows...it won't let you get there.

Everyone should download the patch from microsoft, and the repair utility from symantec, and save both files onto floppy disks. If you become infected, run the repair utility first *****{MAKE SURE TO TURN OFF SYSTEM RESTORE IN WINDOWS XP}***** If you are running Windows XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details.

CAUTION: If you are running Windows XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.


Then run the patch! Better off yet, install the patch now! It will prevent your system from attack!

Always make sure you are running the most current Anti-virus software with the most current virus definition files installed!

Yes, this one hit our ISP and we couldnot even get online.

Thanks Goodness theyc aught it before It penetrated all the individual users!

But it IS a mess!

On the TechTV site link I gave above, they have a way for you to keep the system from shutting down:

Stop the countdown

Go to the command line interface by clicking on the START button and selecting RUN. Type "command" (without quotes) and click OK.

At the command prompt, type "shutdown -a" (without quotes). This effectively orders the computer to abort shutdown.

Run your antivirus tools and download patches to remove the worm.


This message was edited Wednesday, Aug 13th 1:38 PM

Well, I was having problems and could not open hyperlinks. I downloaded the above and can now hyperlink myself into oblivion! LOL THANKS!

Yep I got it - took about 20 minutes total to find what was wrong, download the fix, and repair the problem. But it was scary till I figured it out!

All safe now and new Norton installed... thanks GW for this warning

Love
Janie

20 minutes, JanieJoy? Shazaam... I spent nearly five hrs, running scans, supposedly getting rid of the virus, trying to get to Microsoft for the needed downloads, etc. 20 minutes! I'm so proud of you!

I have NAV installed and Live Update on. I update it daily, and NAV is set to scan whenever the computer is idle for more than 3 hours. I have Windows 98 OS so I believe I am safe from this nasty virus. However I am on broadband and do not have a firewall. Can anyone recommend a site to download a free firewall that a computer idiot (like myself) could install? Thanks. All this talk about viruses is making me very nervous.

I always used ZD NET Downloads. enter Zone Alarm.....it's the 5th one on the page that will come up. I Used this before I got Norton Suite which has everything.
This Zone Alarm is free,install it and then go shopping at that site,there are many more, free,shareware or buy. Some that need to be purchased are free for home use.
While you are safely shoppin if you find one you like better,download it.go off line ...uninstall zone alarm and install the new one you picked after.
As a newbie I used Zone Alarm for 2 years and liked it, very easy to use... Good Luck. >^,,^< SB

This message was edited Thursday, Aug 14th 4:22 PM

Get it downloaded and installed befor you spend anymore time unprotected!!!!

Thanks, SB. With the help of tcfromky and flowox I got it installed last night. I drove them a little (well, maybe a lot) crazy before it was done - they were probably hopin' the virus would take me down and spare them any more misery. LOL

Whew!!! No one should be without a firewall,Happy Surfing, SB

XP has a built in firewall, all you have to do is turn it on from the control panel.

Thanks GW I didn't know anythig about it

Horseshoe,

I am a former systems administrator so I admit to a bit more knowledge than the average bear but I am also quite rusty - just had a problem with the 'puter crashing on me, and I didn't see what was happening till it escalated to about 10 times an hour (!!) - then I researched the error message and found the msblast worm info and downloaded the fix and eliminated the file by changing its tag from exe to bak (via DOS)...

Once I knew what was going on, I was fine but it had me hornswoggled for a while.

Maddening!

JJ...you don't sound too rusty to me!

One day, when I grow up, I wanna be younger so I can know as much about computers as I need to.

Shoe, you could take a class -- I taught some at the local community college once and the folks loved learning more about how things worked...

OR you could pick Howie & GW's brains!

Its scary when you think how many people leave themselves open to viruses.
These days firewalls are a must as are anti virus scanners. Make sure you update from your anti virus supplier regularly (they are free and take no time at all) and never open an email attachment unless you know who it is from.

My cable company just sent a big page of info about this. They said you can check for the worm by doing control/alt/delete then when the task manager opens, select processes, click on Image name to sort them in alphabetical order, then look for msblast.exe and if you find it highlight it and hit "end task" then go download the patch.

One more step calalily - If you found it in the processes - also use "Search" to file msblast.exe and delete the file, after you have ended the task. Do this before installing the patch. I have talked 3 people through the process this week because they had been hit.

The computer sure was a lot more secure when I used punch cards. (But not near so much fun!)

George, I knew I'd forget something! I don't have the masterblaster thing. I already have the patch installed and the firewall is working so hopefully all is well here.

Me too,hope to see you after Sat. night!

I am going to a friend's house Monday to clean her computer of this. I'm taking notes on what y'all have learned in cleaning this thing up, believe me!