Metropolis Reality Forums

Sponsored by: The Fans!

Welcome, Guest. Please Login or Register.
Nov 24^th, 2024, 7:29pm

Upcoming Premiere Dates:
Survivor 23, Season premiere
Thursday, September 14 (8:00-9:30 PM, ET/PT) on CBS

Metropolis Reality Forums Ť windows worm ť

   Metropolis Reality Forums
   Off-Topic Forums
   In the News (Moderators: lakelady, yesteach, MediaScribe, Bumper, Isle_be_back)
   windows worm

Previous topic | New Topic | Next topic »

Pages: all 1 2

Add Poll

Notify of replies

Send Topic

Author

Topic: windows worm (Read 848 times)

azure
ForumsNet Member

Gender:

Posts: 4087

windows worm
« on: Aug 12^th, 2003, 3:56pm »

Quote

Modify

Blaster zeroes in on computers running the Windows 2000, Windows XP, Windows NT and Windows Server 2003 operating systems.

   THE WORM, dubbed Blaster but also known as LoveSan or MSBlaster, first emerged on Monday carrying a message for the Microsoft chairman: Billy Gates why do you make this possible? Stop making money and fix your software!!
   Blaster zeroes in on computers running the popular Windows 2000, Windows XP, Windows NT and Windows Server 2003 operating systems, Microsoft said.
   It has also been timed to attack a Microsoft security Web site distributing the patch needed to stop the worm in its tracks before it hits millions of users, security experts warned.
   (MSNBC is a Microsoft-NBC joint venture.)
   The worm specifically targets the latest versions of the Windows software and experts predict home users will be the worst affected. The vast majority of the worlds computers are equipped with one form or other of Windows software.
   I anticipate that Blaster will have its biggest impact on the home user community as they are more laid back about keeping their anti-virus and patches up-to-date and may have insufficient firewalls in place, said Graham Cluley, a technology consultant at British-based Sophos Anti Virus.
   A Microsoft spokesman in Europe said the company would closely monitor the problem and provide updated information and prescriptive guidance when available.
   Blaster is unusual in that it does not spread specifically via e-mail as it can travel through a normal Internet connection making any computer running unsecured versions of Windows software vulnerable.
   Microsoft urged computer users to visit http://www.microsoft.com/security/ to download the patch to protect their system.
   Computer experts said the worm had been programmed to knock the security site offline on Aug. 16.
   Microsoft said it was taking precautions to keep the site up and running. We will do everything to ensure visiting the (security) Web site will be a safe and secure experience, the spokesman said.

If you are worried about being infected by MSBlast, the best step is to download and run a free "fixer" tool from an antivirus vendor. If you cant download a fixer, try the manual route. Either way, also install the free patch that Microsoft provides.
For more detailed instructions, go to the government sponsored online security site: http://www.cert.org

Fixer

The fixer programs are available at the following sites:
Symantec: http://securityresponse.symantec.com/avcenter/venc
/data/w32.blaster.worm.removal.tool.html

Trend Micro: http://www.trendmicro.com/download/tsc.asp

F-Secure: http://www.f-secure.com/v-descs/msblast.shtml

Computer Associates: http://www3.ca.com/virusinfo/virus.aspx?ID=36265

If you can't get onto the Internet, have a friend download the fixer onto a floppy disk and boot your computer from the floppy. Be sure to follow the vendor's instructions. If you are using Windows XP, for example, that means turning off the System Restore feature before running the tool -- otherwise the restore feature actually preserves a backup copy of the worm.

Manual method
If getting a fixer is impossible

1. Kill the program. Hit CTRL-ALT-DELETE and find MSBlaster.exe. Pick "end process." If unable to do so, restart your machine, and repeat the process.

2. Stop it from starting again. This requires a registry change. Click Start/Run, type RegEdit, hit enter. In left panel, navigate to HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>Run. Locate and delete the entry:
windows auto update" = MSBLAST.EXE. Close the editor

3. Get a cleaner and the patch: Reconnect to the Internetm download an antivirus cleaner (above) and install the MS patch at http://microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-026.asp.

Patch
Even if you are not infected, if you are running WindowsXP, Windows2000 or Windows NT 4.0, install the patch.

BLOCKING THE WORMS PATH
   A host of European and Asian anti-virus firms reported corporations had contacted them to say they had been infected as their systems went online on Tuesday.
   Following a quick patch job, many corporate systems were back up and running without a hitch. But as the greatest damage was expected to be in the home market, the actual toll of Blaster might be difficult to determine, the experts said.
   In South Korea, one of the worlds most wired nations, Blaster was having limited impact, officials said, as technicians took steps to block vital Internet ports that prevented the worms widespread movement.
   Once Blaster infects a computer, it scans the Internet for other vulnerable machines to infiltrate.

In some cases the worm causes the computer to crash, but does not infect it, said Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute in the United States.
   Its dangerous from the perspective that it can consume a lot of bandwidth, said Russ Cooper of TruSecure Corp. Every compromised machine is constantly attacking.
   Last month, Microsoft warned of the hole in its Windows system. After that, security experts warned it was only a matter of time before a worm appeared to exploit the vulnerability.
   In January, a worm dubbed Slammer that exploited a hole in Microsoft SQL database software brought automatic teller machines in the United States to a standstill, paralysed corporate networks worldwide and nearly shut down Web access to South Korea.

« Last Edit: Aug 12^th, 2003, 4:14pm by azure »

IP Logged

HELLO EVERYBODY!!

Addams
You Bet Your ASS Team
ForumsNet Member

Gender:

Posts: 5398

Re: windows worm
« Reply #1 on: Aug 12^th, 2003, 6:46pm »

Quote

Modify

I have received this notice from McAfee - it tells you how to tell if you are infected:

Quote:

(((((((((((((((((((( McAfee Dispatch )))))))))))))))))))))))

[This message is brought to you as a subscriber to the
McAfee Dispatch. To unsubscribe, please follow the
instructions at the bottom of the page.]

------------------------------------------------------------
   ** VIRUS ADVISORY - W32/Lovsan.worm **
------------------------------------------------------------

W32/Lovsan.worm is a Medium-On-Watch Internet Worm.

This worm spreads by exploiting a recent vulnerability in
Microsoft Windows. The worm scans random ranges of IP
addresses on TCP port 135. Discovered systems are targeted. Exploit code is sent to those systems, instructing them to
download and execute the file MSBLAST.EXE from a remote
system via TFTP.

Once run, the worm creates the registry key (may be either
of the following):

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "windows auto update" = msblast.exe
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "windows auto update" = msblast.exe I
just want to say LOVE YOU SAN!! bill

Indications of Infection

- Presence of unusual TFTP files
- Presence of the file msblast.exe in the WINDOWS SYSTEM32
  directory
- Error messages about the RPC service failing (causes
  system to reboot)

IMPORTANT SECURITY NOTE: Up-to-date McAfee VirusScan users
are protected from this threat. For dial-up connections,
we also recommend McAfee Personal Firewall Plus. An extra
layer of protection, it helps render your system invisible
to malicious code and break-ins like Lovsan.

Learn More about W32/Lovsan.worm:
==> http://us.mcafee.com/root/campaign.asp?cid=8340

Scan for W32/Lovsan.worm:
==> http://us.mcafee.com/root/campaign.asp?cid=8341

Subscribe to Personal Firewall Plus
==> http://us.mcafee.com/root/campaign.asp?cid=8350

____________________________________________________________

If you would like to receive the McAfee Dispatch in a
graphical (HTML) format in the future, please click here.
==> http://us.mcafee.com/root/campaign.asp?cid=8249

______________________Special Offers________________________

Subscribe to a full year of VirusScan Online for just $34.95
and get SpamKiller free*! Learn More...
==> http://us.mcafee.com/root/campaign.asp?cid=8241

* After $30 mail-in rebate.
------------------------------------------------------------

SpamKiller stops spam from polluting your inbox. SAVE $15,
now only $24.95. Get only the email you want and nothing else!
Learn More...
==> http://us.mcafee.com/root/campaign.asp?cid=8242


________________________Virus Fixes_________________________

VirusScan Online
The #1 anti-virus solution online. Protect your PC from
viruses and receive FREE automatic updates.

Is your protection current?
==> http://us.mcafee.com/root/campaign.asp?cid=8243

Subscribe to VirusScan Online
==> http://us.mcafee.com/root/campaign.asp?cid=8241

VirusScan 7.0
Stop viruses, trojans, worms, and more. Now includes enhanced
McAfee Firewall protection to keep hackers out of your PC.

Update DAT file
==> http://us.mcafee.com/root/campaign.asp?cid=8245

Purchase VirusScan 7.0
==> http://us.mcafee.com/root/campaign.asp?cid=8244

Upgrade Center
==> http://us.mcafee.com/root/campaign.asp?cid=8246

Personal Firewall Plus
Your Defense Against Hacker Attacks! See when someone is
trying to hack your system. Then track and report hacker
activity.

Subscribe to Personal Firewall Plus
==> http://us.mcafee.com/root/campaign.asp?cid=8350

Download a set of FREE security tools and also receive trial
versions of our world-class security services. Learn more...
==> http://us.mcafee.com/root/campaign.asp?cid=8247

Product Recommender! Find the right product for you,
click here.
==> http://us.mcafee.com/root/campaign.asp?cid=8248

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

McAfee is a business unit of Network Associates, Inc.
3965 Freedom Circle, Santa Clara, CA 95054, (40 Cool

992-8599
Š 2003, Networks Associates Technology, Inc. All Rights Reserved.

« Last Edit: Aug 12^th, 2003, 7:07pm by Addams »

IP Logged

david
Guest

Re: windows worm
« Reply #2 on: Aug 12^th, 2003, 10:50pm »

Quote

Modify

Remove

I tried to download patch from MSN site twice and got error messages both times

IP Logged

MzWings
ForumsNet Member

Praying for FN members/family health & happiness

Gender:

Posts: 0

Re: windows worm
« Reply #3 on: Aug 13^th, 2003, 11:22am »

Quote

Modify

I started receiving those error messages - on Monday I think.

Now, when I reboot, before that process is complete, a weird "bloopy" kind of sound. (Hard to explain)

I really don't know what to do. Help please! Sorry to be such a pain.

IP Logged

"Senility Prayer"...God grant me...
The senility to forget the people I never liked
The good fortune to run into the ones that I do
And the eyesight to tell the difference."

rcs_mum
ForumsNet Member

Proud Mom!

Gender:

Posts: 1744

Re: windows worm
« Reply #4 on: Aug 13^th, 2003, 2:08pm »

Quote

Modify

Since downloading the patch my computer will not show or download any attachments. When I click on the paperclip, I get a faded bar that does nothing when I click on it! Is that being caused by the patch??

IP Logged

azure
ForumsNet Member

Gender:

Posts: 4087

Re: windows worm
« Reply #5 on: Aug 13^th, 2003, 2:08pm »

Quote

Modify

ok, I got this link from another site, hope it works

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

IP Logged

HELLO EVERYBODY!!

david
Guest

Re: windows worm
« Reply #6 on: Aug 13^th, 2003, 6:35pm »

Quote

Modify

Remove

I updated my anti virus program I hope that does it

IP Logged

Sheisback
ForumsNet Member

Leave my Radio X alone!

Gender:

Posts: 611

Direct download links for the Windows patch
« Reply #7 on: Aug 13^th, 2003, 6:45pm »

Quote

Modify

Found this. Since the Microsoft web site is very slow due to the large number of people wanting to get the patch for Windows, here are 2 links from wich you can get a direct download. Dont click on then unless you want to download the patch. It is not the Worm removal tool, Azure already posted a link to get this, it is just the Windows patch against the worm.

Maybe someone could send it to MzWings? Sad

Link for Windows XP:

http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a 52a983f01/WindowsXP-KB823980-x86-ENU.exe

Windows 2000:

http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b 9d42049d5/Windows2000-KB823980-x86-ENU.exe

Getting rid of the worm is one thing, but you dont update your Windows, you will get it again.

* These download links works for all kinds of Windows users... Wink

if you know what I mean Wink

« Last Edit: Aug 13^th, 2003, 6:48pm by Sheisback »

IP Logged

Don't argue with idiots. They drag you down to their level and then they beat you up with experience.

Pau
ForumsNet Member

Proud to be Filipino!

Gender:

Posts: 3042

Re: windows worm
« Reply #8 on: Aug 13^th, 2003, 6:56pm »

Quote

Modify

ohh...last night, i intended to work overtime but... suddenly... the Blaster virus attacked us.... first the pc I was using, XP shuts down and errors occur on Win2000 beside me... then 5 more XP consequently shuts down...

well... because of that i went home early because the whole office was infected and our technical admin tried to cure and update our terminals... well today i'm updating the my virus scan.. we use AVG Anti-Virus which is a free edition... well i hope it i won't be infected again.... Grin

IP Logged

Check out my travel blogs at http://www.pautravels.com

MzWings
ForumsNet Member

Praying for FN members/family health & happiness

Gender:

Posts: 0

Re: windows worm
« Reply #9 on: Aug 14^th, 2003, 2:24pm »

Quote

Modify

I've tried so hard to get help with this thing. My problem is that I really don't understand 1/10th of pooter language. I opened my Norton handbook and called a phone number - who told me to call another number...and so on.

Earlier I used the "disk cleanup" and that's when it gave me the message about msblast.exe worm. I tried to defrag and up pop a msg - "access denied".

I've got:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm .html

and tried over and over to read and understand but I don't. The last phone number I called told me to have my credit card handy but no one came on. I sat there pushing so many buttons on the phone - no telling where I ended up. No "next available representative" came on. If I hear "due to the heavy traffic due to the....blah bla blah" I think I'll puke.

So, for whoever created this virus on 8/11 - to get sick thrills - they must be very ecstatically happy. I hope they DIE laughing.

IP Logged

"Senility Prayer"...God grant me...
The senility to forget the people I never liked
The good fortune to run into the ones that I do
And the eyesight to tell the difference."

Sheisback
ForumsNet Member

Leave my Radio X alone!

Gender:

Posts: 611

Re: windows worm
« Reply #10 on: Aug 14^th, 2003, 2:36pm »

Quote

Modify

MzWings.

You have to use the removal tool for the worm. You canget it there:
http://securityresponse.symantec.com/avcenter/FixBlast.exe
If this direct link doesnt work, try this one:
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.wor m.removal.tool.html

Once there scroll about to the middle of the page and look for Download the Fixblast.exe file: and then click on the link they give you.

Download the tool, run it, then restart you computer and run it again to make sure its clear. If you are lucky this will be enough to get rid of the worm. If not, I am afraid you will need a techie.

Good luck !

IP Logged

Don't argue with idiots. They drag you down to their level and then they beat you up with experience.

azure
ForumsNet Member

Gender:

Posts: 4087

Re: windows worm
« Reply #11 on: Aug 15^th, 2003, 9:44am »

Quote

Modify

you can do it wingsy

IP Logged

HELLO EVERYBODY!!

MzWings
ForumsNet Member

Praying for FN members/family health & happiness

Gender:

Posts: 0

Re: windows worm
« Reply #12 on: Aug 15^th, 2003, 10:11am »

Quote

Modify

SIB - when I click on the links you provided - I get nothing - they don't load. You're right - I need a techie and tried to contact one yesterday for over 3 hours and got no where. :cry:

IP Logged

"Senility Prayer"...God grant me...
The senility to forget the people I never liked
The good fortune to run into the ones that I do
And the eyesight to tell the difference."

Rhune
ForumsNet Administrator

Gender:

Posts: 292

Re: windows worm
« Reply #13 on: Aug 15^th, 2003, 12:01pm »

Quote

Modify

Sharon, can you still get incoming e-mail? I can try to download it for you and e-mail it to you.

IP Logged

azure
ForumsNet Member

Gender:

Posts: 4087

Re: windows worm
« Reply #14 on: Aug 15^th, 2003, 12:30pm »

Quote

Modify

wings

try to copy the link and put it into the web address bar, rather than clicking on it directly. Once you have it in the web address bar, hit enter. See if it works that way. My other computer does that sometimes and I cannot click on links.

Good luck babe!

IP Logged

HELLO EVERYBODY!!

Pages: all 1 2

Add Poll

Notify of replies

Send Topic


Previous topic \| New Topic \| Next topic »