|
MSBlast/RPC/Lovesan Worm!!!
IF YOU HAVE XP, 2000 OR NT4 READ THIS!!!
http://news.zdnet.co.uk/internet/sec...9115645,00.htm http://v4.windowsupdate.microsoft.com/en/default.asp the bulletin # is 823980 if you need it i got the patch with auto update back in July you can search ms to see if you already have the patch by viewing installation history |
I just downloaded the MS update for XP today after like 6 months, so that means I'm safe?
|
I know of 2 friends that got the worm. It keeps shutting down the computer so that you can't do anything. Just download all the windows updates and it goes away. If you already have it, the updates will fix it.
|
I suffered infection a while back, since then, every friday I scan for virus's as well as do the updates. In the end it has proven to be less expensive and less of a pain in my ass!!
|
I'VE GOT WORMS!!!!!!!
I contracted the worms at home from my work computer. Here is what they sent me to cover my XP at home: For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch. Instructions for disabling DCOM are available at Microsoft's Knowledge Base Web site <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;825750">here</a> edit: fixed the link |
Yet Another Reason not to run Windows.
|
sweet sweet pathy goodness thnx hanxter :)
|
my friends computer got the worm and my fathers computer had the worm. I'm just glad that i download those updates or i could have got it.... that would of sucked!
|
Quote:
|
Yeah, my computer got hit with the worm, but it's all fixed now, finally.
|
It is a nasty worm that has infected almost everyone I know already inculding both my home machines although it is relatively harmless if you can download the patch before it kills your comp.
|
|
The worm is good for local computer repair shops. Helps bring in bussiness and at $25 a pop people who have little or no computer knowledge are spending the cash to have this virus removed. lol
At my work we have seen at least 50 people come in to have it removed. evo |
Just another reason to get a firewall.
|
i lost everything due to this one, had to format my whole harddrive :( i am gutted... i have learnt a big lesson, get a firewall + av
|
my Dad got the worm, and I helped him throught it, I'll have to have a talk with him! He had Norton anti virus, and I beleive everything up to date, but will have to check with him on that one, afterall he is 1100 miles away.
All I have to say is thank god for all the freeware I use, and the safety measures. |
It looks like a lot of servers out there got hit and are still
tying to recover....of coarse my ISP used that as an excuse of why I could not get on and my neighbors could...... Trying to get to a lot of sites around the country this Sunday morning, and they are not responding... hooray for 98SE.......... |
i just wiped and reinstalled with xp friday night and that thing had me within 15 minutes. luckily iremembered seeing a thread on the computers forum about the rpc message.......thank you tfp
|
Quote:
|
the bottom line is if you have a static IP pointing to your machine, either put some firewall software on your computer or buy a router/firewall and block out all ports that you don't absolutely need open, which shouldn't be any since eventually someone will find a horrible exploit on a supposedly safe port.
|
I wish I had known this a little sooner, my friend got it the day it came out, so we just reformatted his pc. oh well...at least he has a fresh start. Thanks for the info, now I know I am protected.
|
the worms crawl in, the worms crawl out, the worms.... ahhh guess it wasn't that funny...
|
Quote:
|
|
Dont they say that these thing come in three's....... so whats next???
|
At work, the worm shut down both of our servers. We were internet free for 3 days. Can't get any work done with out the internet.
|
At least no one worked for Lockheed...
1200 pc' s infected according to Fark. (search the archives). Only caused me two weeks of 14 hr days :)/ |
Gotta love my iBook, no worms here. A couple of my windows machines got it, though.
|
This has been hitting my work really hard. It's a real pain in the ass because even if your machines are all patched all the infected machines from out side your network spike you traffic.
Here's an example of what I'm talking about: >Mike Hogsett <hogsett@csl.sri.com >Tue, 19 Aug 2003 14:07:14 -0700 >The following are the file sizes for our compressed daily firewall logs. >There are a few interesting dates. The spike for 26 Jan 2003 is the SQL >Slammer worm. The increase in early March is an exploit for port 445 on MS >products. Finally the major spike on Aug 12 is Blaster. >So, we have gone from about 2Mbytes/day of compressed log data at the >beginning of the year to about 20Mbytes/day now. There is no end in >sight. 1-Jan-2003 2M ** 2-Jan-2003 2M ** 3-Jan-2003 2M ** 4-Jan-2003 3M *** 5-Jan-2003 1M * 6-Jan-2003 2M ** 7-Jan-2003 2M ** 8-Jan-2003 3M *** 9-Jan-2003 3M *** 10-Jan-2003 3M *** 11-Jan-2003 3M *** 12-Jan-2003 3M *** 13-Jan-2003 3M *** 14-Jan-2003 3M *** 15-Jan-2003 3M *** 16-Jan-2003 3M *** 17-Jan-2003 2M ** 18-Jan-2003 3M *** 19-Jan-2003 3M *** 20-Jan-2003 3M *** 21-Jan-2003 2M ** 22-Jan-2003 2M ** 23-Jan-2003 3M *** 24-Jan-2003 3M *** 25-Jan-2003 9M ********* 26-Jan-2003 24M ************************ 27-Jan-2003 8M ******** 28-Jan-2003 5M ***** 29-Jan-2003 4M **** 30-Jan-2003 3M *** 31-Jan-2003 2M ** 1-Feb-2003 3M *** 2-Feb-2003 3M *** 3-Feb-2003 2M ** 4-Feb-2003 3M *** 5-Feb-2003 2M ** 6-Feb-2003 3M *** 7-Feb-2003 3M *** 8-Feb-2003 4M **** 9-Feb-2003 3M *** 10-Feb-2003 4M **** 11-Feb-2003 3M *** 12-Feb-2003 3M *** 13-Feb-2003 3M *** 14-Feb-2003 3M *** 15-Feb-2003 3M *** 16-Feb-2003 3M *** 17-Feb-2003 3M *** 18-Feb-2003 3M *** 19-Feb-2003 3M *** 20-Feb-2003 3M *** 21-Feb-2003 2M ** 22-Feb-2003 3M *** 23-Feb-2003 3M *** 24-Feb-2003 3M *** 25-Feb-2003 3M *** 26-Feb-2003 4M **** 27-Feb-2003 3M *** 28-Feb-2003 3M *** 1-Mar-2003 3M *** 2-Mar-2003 2M ** 3-Mar-2003 3M *** 4-Mar-2003 4M **** 5-Mar-2003 4M **** 6-Mar-2003 4M **** 7-Mar-2003 5M ***** 8-Mar-2003 6M ****** 9-Mar-2003 11M *********** 10-Mar-2003 12M ************ 11-Mar-2003 11M *********** 12-Mar-2003 10M ********** 13-Mar-2003 11M *********** 14-Mar-2003 12M ************ 15-Mar-2003 10M ********** 16-Mar-2003 10M ********** 17-Mar-2003 9M ********* 18-Mar-2003 9M ********* 19-Mar-2003 10M ********** 20-Mar-2003 11M *********** 21-Mar-2003 12M ************ 22-Mar-2003 10M ********** 23-Mar-2003 11M *********** 24-Mar-2003 6M ****** 25-Mar-2003 10M ********** 26-Mar-2003 10M ********** 27-Mar-2003 10M ********** 28-Mar-2003 12M ************ 29-Mar-2003 11M *********** 30-Mar-2003 10M ********** 31-Mar-2003 9M ********* 1-Apr-2003 12M ************ 2-Apr-2003 13M ************* 3-Apr-2003 11M *********** 4-Apr-2003 10M ********** 5-Apr-2003 10M ********** 6-Apr-2003 13M ************* 7-Apr-2003 9M ********* 8-Apr-2003 11M *********** 9-Apr-2003 11M *********** 10-Apr-2003 11M *********** 11-Apr-2003 11M *********** 12-Apr-2003 12M ************ 13-Apr-2003 12M ************ 14-Apr-2003 11M *********** 15-Apr-2003 12M ************ 16-Apr-2003 12M ************ 17-Apr-2003 10M ********** 18-Apr-2003 11M *********** 19-Apr-2003 11M *********** 20-Apr-2003 10M ********** 21-Apr-2003 10M ********** 22-Apr-2003 11M *********** 23-Apr-2003 13M ************* 24-Apr-2003 13M ************* 25-Apr-2003 13M ************* 26-Apr-2003 12M ************ 27-Apr-2003 10M ********** 28-Apr-2003 11M *********** 29-Apr-2003 15M *************** 30-Apr-2003 11M *********** 1-May-2003 11M *********** 2-May-2003 10M ********** 3-May-2003 11M *********** 4-May-2003 10M ********** 5-May-2003 9M ********* 6-May-2003 12M ************ 7-May-2003 11M *********** 8-May-2003 10M ********** 9-May-2003 9M ********* 10-May-2003 10M ********** 11-May-2003 9M ********* 12-May-2003 9M ********* 13-May-2003 13M ************* 14-May-2003 10M ********** 15-May-2003 10M ********** 16-May-2003 10M ********** 17-May-2003 11M *********** 18-May-2003 9M ********* 19-May-2003 10M ********** 20-May-2003 10M ********** 21-May-2003 11M *********** 22-May-2003 9M ********* 23-May-2003 10M ********** 24-May-2003 12M ************ 25-May-2003 10M ********** 26-May-2003 11M *********** 27-May-2003 10M ********** 28-May-2003 13M ************* 29-May-2003 10M ********** 30-May-2003 11M *********** 31-May-2003 10M ********** 1-Jun-2003 7M ******* 2-Jun-2003 8M ******** 3-Jun-2003 11M *********** 4-Jun-2003 10M ********** 5-Jun-2003 11M *********** 6-Jun-2003 10M ********** 7-Jun-2003 12M ************ 8-Jun-2003 12M ************ 9-Jun-2003 12M ************ 10-Jun-2003 14M ************** 11-Jun-2003 12M ************ 12-Jun-2003 13M ************* 13-Jun-2003 10M ********** 14-Jun-2003 11M *********** 15-Jun-2003 9M ********* 16-Jun-2003 10M ********** 17-Jun-2003 14M ************** 18-Jun-2003 13M ************* 19-Jun-2003 13M ************* 20-Jun-2003 11M *********** 21-Jun-2003 11M *********** 22-Jun-2003 9M ********* 23-Jun-2003 9M ********* 24-Jun-2003 11M *********** 25-Jun-2003 12M ************ 26-Jun-2003 10M ********** 27-Jun-2003 12M ************ 28-Jun-2003 14M ************** 29-Jun-2003 11M *********** 30-Jun-2003 10M ********** 1-Jul-2003 14M ************** 2-Jul-2003 9M ********* 3-Jul-2003 10M ********** 4-Jul-2003 11M *********** 5-Jul-2003 11M *********** 6-Jul-2003 8M ******** 7-Jul-2003 9M ********* 8-Jul-2003 14M ************** 9-Jul-2003 10M ********** 10-Jul-2003 8M ******** 11-Jul-2003 9M ********* 12-Jul-2003 10M ********** 13-Jul-2003 7M ******* 14-Jul-2003 8M ******** 15-Jul-2003 12M ************ 16-Jul-2003 10M ********** 17-Jul-2003 9M ********* 18-Jul-2003 10M ********** 19-Jul-2003 8M ******** 20-Jul-2003 9M ********* 21-Jul-2003 8M ******** 22-Jul-2003 11M *********** 23-Jul-2003 9M ********* 24-Jul-2003 8M ******** 25-Jul-2003 9M ********* 26-Jul-2003 8M ******** 27-Jul-2003 8M ******** 28-Jul-2003 7M ******* 29-Jul-2003 12M ************ 30-Jul-2003 9M ********* 31-Jul-2003 9M ********* 1-Aug-2003 9M ********* 2-Aug-2003 8M ******** 3-Aug-2003 7M ******* 4-Aug-2003 7M ******* 5-Aug-2003 11M *********** 6-Aug-2003 8M ******** 7-Aug-2003 7M ******* 8-Aug-2003 8M ******** 9-Aug-2003 6M ****** 10-Aug-2003 7M ******* 11-Aug-2003 7M ******* 12-Aug-2003 44M ******************************************** 13-Aug-2003 35M *********************************** 14-Aug-2003 24M ************************ 15-Aug-2003 20M ******************** 16-Aug-2003 15M *************** 17-Aug-2003 11M *********** 18-Aug-2003 12M ************ 19-Aug-2003 26M ************************** |
Quote:
|
My entire Department was shut down at a cost of 25OO dollars an hour. I was th only one who had installed the patch.... I was the hero of the day when I downloaded the files we needed to keep working... I always check for windows updates..
|
If you are having problems with this worm constantly rebooting your computer before you can patch it, as soon as you see the "your computer is shutting down" dialog box come up, open up a command prompt and type "shutdown -a" to abort the shutdown. Then go into your services administrative tool and restart the RPC service. In my experience, the computer is still a little messed up at that point, but it'll keep running well enough to run the patch and to do a virus scan.
|
WOW My whole department weas shut down at work ... 2500 dollars an hour.... very expensive.
The patch fixed us up though!! Woo hooo |
lol, i never got msblast.exe, i got dftjilrupv.exe...which was an earlier version of msblast.... :)
All fixed now though... |
I got it. Spinach Indeed helped me and just looked up the error message on google and downloaded what was needed.
You know the kid who started all of this was arrested? Well, he's 18 so he's legally not a kid. I ownder what happens. It will be revolutionary if he gets has to serve time won't it? I never keep up with the news so I don't know if anyone's been put in jail over starting a virus. |
My department has spent the last two weeks hitting every PC where we work applying the patch and other various upgrades.
The only good thing about this is that it opened the eyes of our dumbass net admin who was under the impression that we were safe because we were behind a router. |
ok i have no idea how i got the worm. i am on dial up AOL. i can only guess my dad downloaded it. anyway, i rebooted in safe mode and deleted the msblast.exe and the other files associated with it. will that do the trick in disarming it? its not running in the task manager anymore.
|
Quote:
|
Quote:
|
Hanxter it is great to have somebody as nice as you in this world. All I can say, is thanks, man. I reall y cant express how happy i am. I always thought it was just my computer. YOU KICK ASS
|
VIRUS WARNING!!! ALL MS OS USERS SHOULD READ!!!
I got hit with a stupid IRC virus recently. It's called Backdoor.IRC.Zcrew. If you already know about it, then great; if you don't, then this notice is for you. It's very easy to tell if you have this virus or not. I recommend for safety's sake you look for it and confirm you don't have it. Follow this Symantec link: http://securityresponse.symantec.com...irc.zcrew.html
It explains very clearly how to detect and rid yourself of the offensive bug. Much Luv -Azharen, Super Mod and Hater of ALL Virus Creators |
Quote:
I work as tech support for a major OEM at the moment, and here is our fix, or one of them, for the blaster virus. click start run type in services.msc then click ok look for the 'remote proceedure call' icon in the list (not 'remote procedure call locator') and double click on it click on the recovery tab make sure first, second and subsequent failures all say 'take no action' now you can connect to the internet without being kicked off your computer (which is one of the things the blaster worm does) now go to symantec.com and follow the instructions for downloading the FixBlast.exe file and running it for w32.blaster.worm at the end of running the fixblast.exe, you will be prompted to install the microsoft patch if you haven't done so already. Just installing the patch doesn't fix anything, it just kind of stops it. Other than that, watch out for the other worms, such as the w32.welchia.worm Also, these worms came in a MS update, so a firewall wouldn't have helped too much with getting them. |
I work for a state agency and somehow we got the worm and it would tell us on our laptops that the rcp was not responding & that the system was shutting down. It caused disruption of our system for the whole weekend and finally at the begining of the work week they got it fixed.
|
if your format or re-image make sure you patch, or you will get it again :/
|
Worms
Thanks! Haven't had a chance to get the virus software on my new (secondhand) computer loaded. I have a decent firewall, though (and a flu shot which should take care of some viruses).
|
| All times are GMT -8. The time now is 08:11 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project