Cert.Org Link This worm is very dangerous and is spreading fast, patch your machines. Symantec Link save the apple/linux BS....
Is your computer giving you 60 seconds to shut down? Here's some Blaster patches. Looks like we got another worm on the loose. I was infected this weekend. If you are running WinNT, Win2000, or WinXP I hope you got your latest security patch. There is a nasty virus that is exploiting a security hole and causing the computer to shutdown after an internet connection is established. My friend works for a major isp in the webhosting department and he says they have been getting slammed with calls about this all day. He says he has never seen a virus hit so many people so fast. The older Microsoft operating systems can be infected but they they do not have the "feature" that the virus is using to cause a shutdown. Here are the links to the Microsoft security patches for you folks with the fancy operating systems. WInXP Patch Win2000 Patch WinNT4.0 Patch Running a fire wall and closing port 135 works well too (along with every other port you don't need). Click this link to check if it's open... https://grc.com/x/portprobe=135 It is not a virus, it is a worm. It does not come from email, it comes straight through port 135 from other infected machines. This worm exploits an open vulnerability in Windows and you do not have to do anything but be on the Internet unprotected for it to affect you. Read more: http://www.cert.org/advisories/CA-2003-20.html EVERYONE should look into getting a personal firewall for their PC. ZoneAlarms, Tiny, Norton - there are a ton of them out there. Antivirus alone is no longer enough - by the time you need antivirus it is too late! This looks like a very informative site too: http://www.firewallguide.com/ Also, www.downloads.com offers Sygate for free. Very good firewall in my opinion, but complicated when figuring out how to block certain ports.
Yeah, I just got hit last night.(Windows XP home) Obviously you're going to have a hard time downloading stuff with this problem. Here's some steps to get to the point of actually being able to download. (or you could dowload the patch from an uninfected machine)
does anybody know how the remove this thing? My parents computer was infected last night and It shuts the computer down before I could download a Remover.
This worm has made me it's b**** for a couple days now, but I think I've got it figured out... First of all, the shutdown thing is weird. Even if you can stop that from happening, the worm is still repeatedly infecting the system. Something odd about it though is that not only is there an msblast.exe infecting, but there are these two odd, out of place folders in the Windows folder on your drive. Run a search for the file svchost.exe... While that's a normal file, some other long strange file names will come up along with it. Something like a svchost.exe.dmpp or so. Open the source folder (there are two of them) and you'll see that there are little notepad files, and if you open them up and read them, you'll see a bunch of code, and the exact text that comes up when your computer is shutting down. Delete both of those files and the folders that contain them. Now, open up your Windows task manager and shutdown msblast.exe Head into Windows, then System32 and find msblast.exe and delete it. Then go to run, regedit, then go to: HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS/RUN And find the file called 'windows auto update' or msblast.exe and delete it. Now download that patch! Hope this was somewhat helpful to you.
Ugh, I know I'm having a massive brainfart, but how do I find/get into the Windows folder on my hardrive? Thanks for that information, too. Big help! I've had this worm since Friday night, and there's no telling how many others my modem has helped infect.
Apollo....it hasn't hit me yet, but I've got a bunch of people asking me about it. The people who are complaining about it to me tell me their machines are shutting down within a few seconds of logging on. Are you doing this through safe mode? How did you get your machine to stop shutting down. From your instructions, you obviously are working IN windows, so how did you get to the point where you can do that?
My IT guy fixed his PC last night by logging on, but not connecting through his modem until he ran the 'msconfig' and deleted the program from loading during startup. I knew as soon as I hit submit I threw a hanging curve that someone would jack out of the park.
Well, maybe I'm one of the lucky ones, but I got about five minutes on my computer each time before it would initate the shutdown... And LonghornFan, to get to your windows folder, go through my computer, drive c, then windows....
Start - All Programs - Accessories - System Tools - Disk Cleanup We haven't been hit by the worm yet, several of our other offices have though. Actually one of our users come in from home and had it on his laptop but his ant-virus got updated and stopped it.
I emailed our network admin about this awhile ago. He apparently patched everyone's machine weeks ago. Keep up-to-date with those patches people... it's not difficult. A few clicks and all this can be avoided.
I'm still infected, even though I have already successfully installed the patch? I installed the patch yesterday with no problems and haven't encountered any problems since then.
