Another damn virus

[bgreene2001]

Anyone else hit by Blaster?  We've got a lan of over 1000 comps here so it went through like wildfire.  It's crippled our network and overloaded our proxy so we only just got back net

Nasty piece of work

[CTechAstronomy]

copied from www.neowin.net
for the full article scroll down the page at the above address.


Removing the W32.Blaster.Worm
Posted by Neobond on 12 Aug 2003 - 13:57 CET | 55 Comments  

Thanks xStainDx for the following information posted in our Back Page News section of the forum.
Patch Your System with the appropriate MS03-026 Patch

After Installation of the Patch, Reboot your system.

Download and run "FIXBLAST".exe to remove the MSBLAST.exe file, terminate the process and remove added registry keys by the worm.

Reboot your pc one last time.

Visit WindowsUpdate.com more often and take note of our repeated warnings to keep your system updated.
Result:
Your System will no longer shutdown after 60secs, please follow the steps above to remove the worm off your computer and return your system to UPDATED safe status.

UPDATE: If your having problems installing the patch within the 60 sec, when you see the window pop up telling you 60 sec, Go to Start, Run and type in shutdown -a. This will cancel the shutdown attempt. Thanks Sub for this tip!

Download: Windows XP Patch | Windows 2000 Patch
Download: FixBlast - W32.Blaster.Worm Removal Tool
View: Symantec Security Response - W32.Blaster.Worm Removal Tool

[Adam Black]

Yeah, I was affected by Blaster since yesterday but everything's fixed now. Also a couple of people on the IRC chan were affected - I sent them the FixBlast.exe file.

This Blaster seems to be spreading through the Internet quite fast...it's front page news on MSN.

Boy, would I like to get my hands on the guy who created it...

[bgreene2001]

Yeah same.  I was fixed and patched 5 minutes after I got back from a lecture to find I had the virus (it only got into the uni while I was at the lecture).  Now I'm on to fixing other people's computers.  And, being a college, I've had to do it in about 5 languages so far

The thing's even taken out all the computer labs (all win2k), everything.  Practically no one on campus was patched because we pay for bandwidth.

[Adriac]

Well, I tried to install the update, but unfortunately it doesn't seem to run so well on Mac OS X... Man, I guess I'm screwed if I ever get hit by Blaster... Oh, wait :biggrin:

[Stewsburntmonkey]

It hasn't affected me yet, but I did just update Norton so I guess that got it.  I do think it would be ammusing for someone to get a Mac or Linux virus out.  As most of the Mac guys I know (myself included) don't even think about viruses, it'd be interesting to see what they all do when a real one gets them.  :)

[Adriac]

Usually you need vulnerabilities for viruses

I'm behind a hardware router with a firewall, I run a personal firewall (BSD) as well, I don't walk around giving my root password to just any app (let alone walk around as root)... I'd like to think I'm reasonably secure. And all this is just default OS X behavior.

But then, as Mac OS X is based on BSD, I guarantee that if there is a Mac virus that can cause any real damage the Macs will be the least of our worries

[Stewsburntmonkey]

I am fairly certain OSX has opened up some security holes in BSD that could be exploited, its just no one really cares enough to find them.  :)

[NeoThermic]

So are we saying that a Firewall can protect a computer from this nasty virus?
And are we talking any firewall, i.e. will ZoneAlarm do?

If not, can you turn off RPC until you have patched?
And last but not least, how do I check if I have the patch from M$?


Sorry for asking questions, but I certinaly dont want to be infected the minuite I turn my computer on to the net...


NeoThermic

[prozak]

i use zonealarm and am so far un affected by blaster, i also have to hardware firewalls tho, and my router.

[Adriac]

Quote: from Stewsburntmonkey on 11:10 pm on Aug. 12, 2003[br]I am fairly certain OSX has opened up some security holes in BSD that could be exploited, its just no one really cares enough to find them.  :)

Oh, I dunno about that. One could argue that a lot of Windows holes have been found with about the same level of apathy...

[Orderless Chaos]

..... i feel srry for all you new windows users.......... i am sure glad i am stuck in the dinosaur age, hehehe windows 98

[tabasco boy]

don't be sorry mate not everyone got infected (me included) thanks for billy boy for sending me a free w2k sp4 cd a while back..

and do you know why MS come out with patches so often?
Probably similar reasons as to why Linux-contributors release patches so often.

[Adriac]

Cuz it's a work in progress?

I dunno what that says about commercial software in general, but sounds about right to me...

[andrewas]

Quote: from NeoThermic on 4:18 am on Aug. 13, 2003[br]So are we saying that a Firewall can protect a computer from this nasty virus?
And are we talking any firewall, i.e. will ZoneAlarm do?

A hardware firewall can do some good, but I have seen two comps already that got infected through zonealarm, one of which had the pro  version and the other I dont know. The second was infected on a dialup connection.

I personaly wouldn't trust a hardware firewall either, unless its set up to block the right ports which I dont think it is by default.

The best thing to do is gt the symantech fixtool on write protected floppy, and get the patch installed ASAP. That way your safe, and if you happen to encounter the virus elsewhere you can deal with it without waiting for tech support to get round to it sometime next tuesday.