Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 42

Thread: W32.Blaster.Worm If you have sudden problems with XP/2000 yesterday

  1. #21
    andylee
    Guests

    Default

    Wa liao eh, my It support call up 2day late morning to tell me to run liveupdate.says head office got 10+ pcs' kena.when i was connecting to the internet this morning in my office, got liao!!! must be a busy day for him.......

  2. #22
    Senior Member
    Join Date
    Jan 2002
    Location
    WAT? WAN TO STALK MI AH? LOLZ
    Posts
    1,916

    Default

    Internet worm hits Windows users, crashes computers



    An Internet worm that targets the latest versions of Microsoft's Windows operating system is spreading rapidly around the world.

    The worm, known as "Blaster", "Love-San" or "MS-Blaster", triggers computer crashes and slows Web connections.



    It specifically targets computers running Windows XP and Windows 2000.

    Security analysts say the worm is unusual, as it does not spread via e-mail but through Web connections.

    At least 124,000 computers using Microsoft's Windows software have been infected worldwide, according to a sample by Symantec's Security Response sensor network.

    Though the origins of the virus are unknown, it is creating havoc for people using Microsoft operating systems.

    "This virus is a virus that actually reboots your machine. You can be typing and all of a sudden a screen will come up and say, your machine will reboot in about five minutes, or ten seconds, and it starts counting down," said Adrian Duncan, Associate Press broadcast engineer.

    Computers infected by Blaster scan the Internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft.

    The worm then sends itself to those computers.

    Although some corporate networks were slowed by the worm, no impact on overall Internet traffic was detected.

    The worm surfaced on Monday in the US and quickly spread, taking advantage of a security hole discovered last month in Windows 2000, Windows XP, Windows NT, and Windows Server 2003 operating systems.

    Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.

    Both Microsoft and the US Department of Homeland Security have been warning about the loophole since mid-July.

    But according to experts, many office and home users apparently failed to heed those warnings.

    The worm crashes some systems and infects others, but otherwise does no damage, Microsoft said.

    Experts say the worm is poorly written, but new variations of it could be more virulent.

    The patch is available at www.microsoft.com/security.

    *luckily i managed to download e patch within 1 mins time before my com auto reboot*
    Last edited by RuthBaby; 13th August 2003 at 09:20 AM.

  3. #23
    Member Jer76's Avatar
    Join Date
    Apr 2002
    Location
    West
    Posts
    1,047

    Default

    piangz me com oso got it.. thanks for the info on the patch guys.. my com's ok liao

  4. #24
    Deregistered
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    6,601

    Default

    so let's see... this worm spreads itself without a need for an infected file on the host computer, right?... all that it needs is an available network connection...

  5. #25

    Default

    Quote Originally Posted by sehsuan
    so let's see... this worm spreads itself without a need for an infected file on the host computer, right?... all that it needs is an available network connection...
    Yeah, scary, ainit?

  6. #26

    Default

    Quote Originally Posted by blurblock
    Yup, you got it :P.....

    Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

    That is the file that is creating all the problems. .......

    To clear it, go to symantec website to get the program or do the follow :-

    start up the system in command prompt mode
    use regedit and search for "msblast"
    delete away that line in the registary.
    go to c:\winnt\system32 and delete away msblast.exe

    it's that simple .

    whahahahahaha

    It doesn't seem work on win2k profesional. BUt it does work on win2k server. I can't find msblast.exe in c:\winnt\system32 nor msblast in registry

  7. #27
    Deregistered
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    6,601

    Default

    Quote Originally Posted by StreetShooter
    Yeah, scary, ainit?
    reminds me of exactly why i avoided XP like the plague initially, because of the UPnP security flaw that www.grc.com picked up...

  8. #28

    Default

    hey ... my Norton said it found the Msblast ... it prompt me every i switch on my computer ... yesterday i already fix the virus and download the patch liao , but it seem tat the msblast still in my comp ... i located it and try to delete it, but was prompt tat file was denied access ...

    HOW HOW HOW HOW ????

  9. #29

    Default

    Quote Originally Posted by West_ray
    hey ... my Norton said it found the Msblast ... it prompt me every i switch on my computer ... yesterday i already fix the virus and download the patch liao , but it seem tat the msblast still in my comp ... i located it and try to delete it, but was prompt tat file was denied access ...

    HOW HOW HOW HOW ????
    Here:
    Originally Posted by blurblock

    Yup, you got it :P.....

    Don't believe, just go to the directory c:\winnt\system32\ and look for the flile msblast.exe

    That is the file that is creating all the problems. .......

    To clear it, go to symantec website to get the program or do the follow :-

    start up the system in command prompt mode
    use regedit and search for "msblast"
    delete away that line in the registary.
    go to c:\winnt\system32 and delete away msblast.exe

    it's that simple .

    whahahahahaha

  10. #30

    Default

    oh i see .... but i still dun understand ... haha .. anyway the prob of msblast didnt really bothers me anymore ...

  11. #31
    Senior Member
    Join Date
    Apr 2002
    Location
    singapore
    Posts
    5,499

    Default

    got the damn thing last night, killed it today. very nuisance.

  12. #32
    Member
    Join Date
    Jun 2003
    Location
    Singapore
    Posts
    222

    Default problems?

    what is the problem cause by this virus???
    i suspect that i aLSO because i on the pc in the morning to transfer some photo to school and the pc suddenly say that it is going to shot down the system in 1 minutes time with countdown.
    i on the pc again and it show me the same problem...

    Then i go to school and head about the virus.
    When i return home and the pc is baCK TO NORMAL.
    Do i still need to download the patch to recover?
    i very afraid that my photo kena deleted or what....
    Heard that is spreads thru kazaa.

  13. #33

    Default

    no worry jus install the patch from MS n get started.. if cannot solve then better think of changing OS

    Quote Originally Posted by green_leaf
    what is the problem cause by this virus???
    i suspect that i aLSO because i on the pc in the morning to transfer some photo to school and the pc suddenly say that it is going to shot down the system in 1 minutes time with countdown.
    i on the pc again and it show me the same problem...

    Then i go to school and head about the virus.
    When i return home and the pc is baCK TO NORMAL.
    Do i still need to download the patch to recover?
    i very afraid that my photo kena deleted or what....
    Heard that is spreads thru kazaa.
    Olympus C730 -> Nikon 5700 -> Nikon D90!

  14. #34

    Default

    fwah.
    Freaking scary man.

    All my friends kerna the virus liao, and they have been calling and SMS-ing me on how to remove the virus... sigh.

    Luckily I patched all my systems yesterday night... heng ah.

  15. #35

    Default

    Quote Originally Posted by ivor
    System Not Affected by the W32.Blaster.Worm, are Linux Macintosh, OS/2, UNIX.

    Time to switch OS.
    Yep !.

    I have 3 computers in my office. A Linux machine that is my 'main' workstation I do most tasks from, and two 'test' machines, a Mac G4 and a Athlon PC with XP.

    The test machines are both dual head and I have Dell flat screens with dual DVI/VGA input. I have the pair of screens wired to the pair of machines and switch back and worth with the input select buttons. (And can thus run dual head on either, or one on both, etc with out changing cables around).

    This particular morning both screens were on the G4, although the PC was running.
    The PC talks when it POSTs. It spoke. Odd. Oh well windows crashed. I ignored it. About 5 minutes later it POSTed again. odd. I still ignored it. The Mac was displaying a multicast video transmission of Deutche Welle TV that was more interesting than a spontaniously rebooting PC. :-). I was doing my 'real' work on the Linux machine.

    Then my wife rings and says their data security officer was running around the building trying to contain the effects of some new PC crashing worm. (My wife uses a Unix 'X-Terminal', she wasn't affected...)

    Then I look at the Althon PC, realize it's been infected and turn it off....
    Left it that way until my Mac using offsider needed to test some windows software. I let him de-blaster it

    Fortunatly for me, the Windows2k server thats in my 'server farm' was completely up todate with it's patches, so it didn't get infected. (Not that I think any one would have noticed if it had crashed :-). Our key services run on Unix machines. (Which are also kept up todate with patches).

    Doesn't matter what OS you run, if you don't keep the patches up todate, some looser will take you down. Some OSs just require more patches than others.

  16. #36

    Default

    i also experience svchost.exe error but it did not crash.

    read from ST this morning:
    "But it's not over: Blaster installs instructions in infected computers for an attack at midnight on Aug 16 on Microsoft's Windows Update website - the same site that offers a patch that users should download as protection."

    What does this mean??

  17. #37
    Deregistered
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    6,601

    Default

    berryhappy, this means that you can set your computer's date to anywhen before august 15 and you won't be affected by the worm's blockade to windowsupdate.com

  18. #38
    Member
    Join Date
    Dec 2002
    Location
    Cantonment
    Posts
    385

    Default

    DL this pls --> http://vil.nai.com/vil/stinger/

    This is a good one too !

  19. #39

    Default

    Quote Originally Posted by popeye
    It doesn't seem work on win2k profesional. BUt it does work on win2k server. I can't find msblast.exe in c:\winnt\system32 nor msblast in registry

    slight difference, depending on whether you are the "rebroadcaster" or the "trasmitter" ..... transmitter will get Msblast.exe .... if you are dedicated as the rebrodcaster it will normally be a TFTP file in the name of TFTP00xx ...... whahahahaha ......

    That's how it transmit "without" a need for a host .... actually, it still need a host .....
    Last edited by blurblock; 15th August 2003 at 12:43 PM.

  20. #40

    Default

    Quote Originally Posted by sehsuan
    am i mistaken or what, does the worm spread itself to unpatched systems that are using NT/XP by itself without having a pre-infected file on the host system?
    The worm spreads by RPC so you don't need to do anything to get infected ! The first thing you should do is run the MS RPC patch.
    This will prevent your machine from getting infected again. Then get the latest virus signature and reboot your machine.

    You should setup your XP/2000 machines to automatically accept critical update.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •