Page 1 of 3 123 LastLast
Results 1 to 20 of 42

Thread: W32.Blaster.Worm If you have sudden problems with XP/2000 yesterday

  1. #1
    fusioncat
    Guests

    Default W32.Blaster.Worm If you have sudden problems with XP/2000 yesterday

    http://microsoft.com/downloads/details.asp...&displaylang=en

    http://www.sarc.com/avcenter/venc/data/w32...aster.worm.html

    Adapted:
    "W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe."

    This worm is discoverd on August 11 2003

    If anyone of you got this problem. Apply the patch and deactivate the file. I have another friend who also got it. BTW, I got the latest ver of NAV and Sygate Personal Firewall Pro and I still got it surprisingly, problems has been solved already.

    Anyone else who might have sudden strange problems of system displaying "initiated by nt authority system must restart remote procedure..." kindly give me a ring at 9007 0449 or pm me, I will help you with it.

    Regards

  2. #2
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Urm how to tell if you've got it, this morning my Win2K kept giving a svchost.exe generated error no matter how many times I reboot, I can't browse the winnt folder, etc etc.

  3. #3
    fusioncat
    Guests

    Default

    http://support.microsoft.com/default...ticle%3D298061

    There are quite a few errors. Can you PM me your actual messages? Alternatively, maybe the above can help you.

    Best regards

  4. #4
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Ok don't have to verify, I did get it, was trying to find out what's this msblast.exe doing in my task manager this morning. Just phoned home to shut down my system, sigh.

    Lucky me.

  5. #5
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Quote Originally Posted by fusioncat
    http://support.microsoft.com/default...ticle%3D298061

    There are quite a few errors. Can you PM me your actual messages? Alternatively, maybe the above can help you.

    Best regards
    I saw msblast.exe in my taskmanager, and some ms*.exe files in my taskmanager. Start patching your files, my PC at home is down already, one reason why I hate microsoft.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Location
    South Pole with Penguin
    Posts
    5,270

    Default

    Quote Originally Posted by espn
    I saw msblast.exe in my taskmanager, and some ms*.exe files in my taskmanager. Start patching your files, my PC at home is down already, one reason why I hate microsoft.
    btw, MSTask.exe is not a virus, so dun be alarm if u see that in your task manager

    thanks for reminding us, i will go back to double check once i reached home

  7. #7
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Quote Originally Posted by Wai
    btw, MSTask.exe is not a virus, so dun be alarm if u see that in your task manager

    thanks for reminding us, i will go back to double check once i reached home
    Yeah, that one I know, MSblast.exe was suspicious though, should have thought of it earlier. Hahaha too confident my Nav2002 is good, time to remove it and install firewall + Nav2003.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Location
    South Pole with Penguin
    Posts
    5,270

    Default

    Quote Originally Posted by espn
    Yeah, that one I know, MSblast.exe was suspicious though, should have thought of it earlier. Hahaha too confident my Nav2002 is good, time to remove it and install firewall + Nav2003.
    haha...that's the problem of relying too much on NAV or other AV software and not taking enough precaution yourself.

    Always remember, anti-virus software can only catch viruses that have been discovered. Mutation of a virus or new virus may not be able to detect, esp when pple dun bother to update their virus definition or subscribe to NAV virus definition update, it is as good as dun install the AV software at all.

    btw, how do u kenna the virus? email or files that u download?

  9. #9
    Member
    Join Date
    Sep 2002
    Location
    Sengkang
    Posts
    567

    Default

    sigh... my uni more worse. in library, pc mostly kena. then while attending lecture, lecturer's laptop also cannot start. now just rushed back and found out my pc also kena, in progress to remove it.

  10. #10
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Quote Originally Posted by Wai
    haha...that's the problem of relying too much on NAV or other AV software and not taking enough precaution yourself.

    Always remember, anti-virus software can only catch viruses that have been discovered. Mutation of a virus or new virus may not be able to detect, esp when pple dun bother to update their virus definition or subscribe to NAV virus definition update, it is as good as dun install the AV software at all.

    btw, how do u kenna the virus? email or files that u download?
    I updated it this very morning before I left home, but too late already kena before I updated. I was surfing the net in the morning and I was surfing my office webbie or CS when I suddenly hit the svchost.exe generated error problem.

    I update my definitions as often as possible. Heehee

  11. #11

    Default

    Quote Originally Posted by cheechee
    sigh... my uni more worse. in library, pc mostly kena. then while attending lecture, lecturer's laptop also cannot start. now just rushed back and found out my pc also kena, in progress to remove it.
    Thank God for Norton Internet Security. Good thing I upgraded. Can't be too careful these days.

  12. #12
    Senior Member ivor's Avatar
    Join Date
    Jan 2002
    Location
    SINGAPOUR
    Posts
    1,369

    Default

    System Not Affected by the W32.Blaster.Worm, are Linux Macintosh, OS/2, UNIX.

    Time to switch OS.

  13. #13
    Member
    Join Date
    Sep 2002
    Location
    Sengkang
    Posts
    567

    Default

    Quote Originally Posted by espn
    I updated it this very morning before I left home, but too late already kena before I updated. I was surfing the net in the morning and I was surfing my office webbie or CS when I suddenly hit the svchost.exe generated error problem.

    I update my definitions as often as possible. Heehee
    eii.. i tried the patcher by norton, but seems like mblaster not found.
    but my norton antivirus2003 cannot update virus definition coz it said internal error, cannot liveupdate.

    Then inside the taskmanager, there is this svchost.exe, but when try to terminate it, it says cant. same applies for other program i have in my taskmanager.

    So can shed some light on which solutions u tried?

  14. #14

    Default

    Quote Originally Posted by espn
    Urm how to tell if you've got it, this morning my Win2K kept giving a svchost.exe generated error no matter how many times I reboot, I can't browse the winnt folder, etc etc.
    Yup, you got it :P.....

    Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

    That is the file that is creating all the problems. .......

    To clear it, go to symantec website to get the program or do the follow :-

    start up the system in command prompt mode
    use regedit and search for "msblast"
    delete away that line in the registary.
    go to c:\winnt\system32 and delete away msblast.exe

    it's that simple .

    whahahahahaha

  15. #15

    Default

    i kena today.... lucky never format my pc... juz d/l e patch and it fine now......

  16. #16
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Quote Originally Posted by cheechee
    eii.. i tried the patcher by norton, but seems like mblaster not found.
    but my norton antivirus2003 cannot update virus definition coz it said internal error, cannot liveupdate.

    Then inside the taskmanager, there is this svchost.exe, but when try to terminate it, it says cant. same applies for other program i have in my taskmanager.

    So can shed some light on which solutions u tried?
    If it's not found then you don't have the virus, you are missing the MSblast.exe file then congrats. SVCHOST controls your TCP applications, ending task it can cause your system unstability.

    Quote Originally Posted by blurblock
    Yup, you got it :P.....

    Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

    That is the file that is creating all the problems. .......

    To clear it, go to symantec website to get the program or do the follow :-

    start up the system in command prompt mode
    use regedit and search for "msblast"
    delete away that line in the registary.
    go to c:\winnt\system32 and delete away msblast.exe

    it's that simple .

    whahahahahaha
    Yep I know I have it, I can't believe I'm so lucky, normally I buy 4D also not that lucky.

  17. #17
    Deregistered
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    6,601

    Default

    am i mistaken or what, does the worm spread itself to unpatched systems that are using NT/XP by itself without having a pre-infected file on the host system?

  18. #18
    andylee
    Guests

    Default

    juz kena!!!!!sucks right???!!!anyway got it fix..............

  19. #19
    andylee
    Guests

    Default

    Quote Originally Posted by sehsuan
    am i mistaken or what, does the worm spread itself to unpatched systems that are using NT/XP by itself without having a pre-infected file on the host system?


    Wa liao seems like it,just connect to internet then run the liveupdate then kena!!!someone can tellus why?
    Last edited by andylee; 13th August 2003 at 12:08 AM.

  20. #20
    Member
    Join Date
    Sep 2002
    Location
    Sengkang
    Posts
    567

    Default

    Quote Originally Posted by andylee
    Wa liao seems like it,just connect to internet then run the liveupdate then kena!!!someone can tellus why?
    ..
    .
    for me and my frens, it is always when u run norton antivirus 2002 or 2003 liveupdate, then halfway it shows quickly something abt "icq webmail protection" blah blah blah then it automatically clicks on OK.

    then after this,, will be svchost.exe problem or after restart it keep restarting...

    seems like norton antivirus is flawed.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •