Another damn virus

Anything and Everything about Uplink

Moderators: bert_the_turtle, jelco, Chris, Icepick, Rkiver

bgreene2001
level5
level5
Posts: 1310
Joined: Sat Dec 22, 2001 3:46 pm
Location: Melbourne, Australia

Postby bgreene2001 » Tue Aug 12, 2003 2:22 pm

Anyone else hit by Blaster?  We've got a lan of over 1000 comps here so it went through like wildfire.  It's crippled our network and overloaded our proxy so we only just got back net :P

Nasty piece of work
I swear Officer, I didn't know she was 4!
My Profile, my mates site, Bloody Mongrel.  Great stuff.
Click here to help me get some free magnets :)  Pleeeease?
CTechAstronomy
level0
Posts: 9
Joined: Thu Jul 31, 2003 10:38 pm
Location: UK
Contact:

Postby CTechAstronomy » Tue Aug 12, 2003 8:38 pm

copied from www.neowin.net
for the full article scroll down the page at the above address.


Removing the W32.Blaster.Worm
Posted by Neobond on 12 Aug 2003 - 13:57 CET | 55 Comments  

Thanks xStainDx for the following information posted in our Back Page News section of the forum.
Patch Your System with the appropriate MS03-026 Patch

After Installation of the Patch, Reboot your system.

Download and run "FIXBLAST".exe to remove the MSBLAST.exe file, terminate the process and remove added registry keys by the worm.

Reboot your pc one last time.

Visit WindowsUpdate.com more often and take note of our repeated warnings to keep your system updated.
Result:
Your System will no longer shutdown after 60secs, please follow the steps above to remove the worm off your computer and return your system to UPDATED safe status.

UPDATE: If your having problems installing the patch within the 60 sec, when you see the window pop up telling you 60 sec, Go to Start, Run and type in shutdown -a. This will cancel the shutdown attempt. Thanks Sub for this tip!

Download: Windows XP Patch | Windows 2000 Patch
Download: FixBlast - W32.Blaster.Worm Removal Tool
View: Symantec Security Response - W32.Blaster.Worm Removal Tool
I am bilingually illiterate, I cannot read or write in two languages.
Adam Black
level4
level4
Posts: 594
Joined: Mon Mar 18, 2002 5:37 pm
Location: London, England

Postby Adam Black » Wed Aug 13, 2003 1:08 am

Yeah, I was affected by Blaster since yesterday but everything's fixed now. Also a couple of people on the IRC chan were affected - I sent them the FixBlast.exe file.

This Blaster seems to be spreading through the Internet quite fast...it's front page news on MSN.

Boy, would I like to get my hands on the guy who created it...
Let's kick this bitch into overdrive.
bgreene2001
level5
level5
Posts: 1310
Joined: Sat Dec 22, 2001 3:46 pm
Location: Melbourne, Australia

Postby bgreene2001 » Wed Aug 13, 2003 1:40 am

Yeah same.  I was fixed and patched 5 minutes after I got back from a lecture to find I had the virus (it only got into the uni while I was at the lecture).  Now I'm on to fixing other people's computers.  And, being a college, I've had to do it in about 5 languages so far :P

The thing's even taken out all the computer labs (all win2k), everything.  Practically no one on campus was patched because we pay for bandwidth.
I swear Officer, I didn't know she was 4!
My Profile, my mates site, Bloody Mongrel.  Great stuff.
Click here to help me get some free magnets :)  Pleeeease?
Adriac
level5
level5
Posts: 3504
Joined: Wed Jan 23, 2002 7:20 am

Postby Adriac » Wed Aug 13, 2003 3:03 am

Well, I tried to install the update, but unfortunately it doesn't seem to run so well on Mac OS X... Man, I guess I'm screwed if I ever get hit by Blaster... Oh, wait :biggrin:
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
Stewsburntmonkey
level5
level5
Posts: 11553
Joined: Wed Jul 10, 2002 7:44 pm
Location: Nashville, TN
Contact:

Postby Stewsburntmonkey » Wed Aug 13, 2003 3:36 am

It hasn't affected me yet, but I did just update Norton so I guess that got it.  I do think it would be ammusing for someone to get a Mac or Linux virus out.  As most of the Mac guys I know (myself included) don't even think about viruses, it'd be interesting to see what they all do when a real one gets them.  :)
Adriac
level5
level5
Posts: 3504
Joined: Wed Jan 23, 2002 7:20 am

Postby Adriac » Wed Aug 13, 2003 3:55 am

Usually you need vulnerabilities for viruses :)

I'm behind a hardware router with a firewall, I run a personal firewall (BSD) as well, I don't walk around giving my root password to just any app (let alone walk around as root)... I'd like to think I'm reasonably secure. And all this is just default OS X behavior.

But then, as Mac OS X is based on BSD, I guarantee that if there is a Mac virus that can cause any real damage the Macs will be the least of our worries :)
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
Stewsburntmonkey
level5
level5
Posts: 11553
Joined: Wed Jul 10, 2002 7:44 pm
Location: Nashville, TN
Contact:

Postby Stewsburntmonkey » Wed Aug 13, 2003 4:10 am

I am fairly certain OSX has opened up some security holes in BSD that could be exploited, its just no one really cares enough to find them.  :)
User avatar
NeoThermic
Introversion Staff
Introversion Staff
Posts: 6254
Joined: Sat Mar 02, 2002 10:55 am
Location: ::1
Contact:

Postby NeoThermic » Wed Aug 13, 2003 4:18 am

So are we saying that a Firewall can protect a computer from this nasty virus?
And are we talking any firewall, i.e. will ZoneAlarm do?

If not, can you turn off RPC until you have patched?
And last but not least, how do I check if I have the patch from M$?


Sorry for asking questions, but I certinaly dont want to be infected the minuite I turn my computer on to the net...


NeoThermic
prozak
level4
level4
Posts: 519
Joined: Thu Nov 28, 2002 4:03 pm
Location: behind you......
Contact:

Postby prozak » Wed Aug 13, 2003 4:24 am

i use zonealarm and am so far un affected by blaster, i also have to hardware firewalls tho, and my router.
Adriac
level5
level5
Posts: 3504
Joined: Wed Jan 23, 2002 7:20 am

Postby Adriac » Wed Aug 13, 2003 4:54 am

Quote: from Stewsburntmonkey on 11:10 pm on Aug. 12, 2003[br]I am fairly certain OSX has opened up some security holes in BSD that could be exploited, its just no one really cares enough to find them.  :)


Oh, I dunno about that. One could argue that a lot of Windows holes have been found with about the same level of apathy...
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
Orderless Chaos
level1
level1
Posts: 47
Joined: Mon Mar 24, 2003 5:04 am

Postby Orderless Chaos » Wed Aug 13, 2003 5:34 am

..... i feel srry for all you new windows users.......... i am sure glad i am stuck in the dinosaur age, hehehe windows 98 :P
User avatar
tabasco boy
level5
level5
Posts: 1180
Joined: Sun Mar 10, 2002 4:25 pm
Location: Lovely Planet Earth
Contact:

Postby tabasco boy » Wed Aug 13, 2003 5:48 am

don't be sorry mate not everyone got infected (me included) thanks for billy boy for sending me a free w2k sp4 cd a while back..:smile:

and do you know why MS come out with patches so often?
Probably similar reasons as to why Linux-contributors release patches so often.:wink:
Eating without Tabasco® Sauce is like a computer without a OS.
Adriac
level5
level5
Posts: 3504
Joined: Wed Jan 23, 2002 7:20 am

Postby Adriac » Wed Aug 13, 2003 5:54 am

Cuz it's a work in progress?

I dunno what that says about commercial software in general, but sounds about right to me...
00010001000100000000101100010111000 10110000100010001100001011111000101 10000100100000111100010000000011010 0001011000111100001000100001011
andrewas
level4
level4
Posts: 621
Joined: Sun Mar 16, 2003 10:57 pm
Location: Scotland

Postby andrewas » Wed Aug 13, 2003 10:24 am

Quote: from NeoThermic on 4:18 am on Aug. 13, 2003[br]So are we saying that a Firewall can protect a computer from this nasty virus?
And are we talking any firewall, i.e. will ZoneAlarm do?


A hardware firewall can do some good, but I have seen two comps already that got infected through zonealarm, one of which had the pro  version and the other I dont know. The second was infected on a dialup connection.

I personaly wouldn't trust a hardware firewall either, unless its set up to block the right ports which I dont think it is by default.

The best thing to do is gt the symantech fixtool on write protected floppy, and get the patch installed ASAP. That way your safe, and if you happen to encounter the virus elsewhere you can deal with it without waiting for tech support to get round to it sometime next tuesday.

Return to “General”

Who is online

Users browsing this forum: No registered users and 18 guests