MSBlast worm

  • Thread starter plus
  • Start date
167
1
Just had this worm:

http://news.bbc.co.uk/1/hi/technology/3147147.stm

It was quite annoying and turned the computer off after about 2minutes browsing the web, although used this thing to get rid of it.

http://vil.nai.com/vil/stinger/ [Broken]

What virus protectors do you reccomend, and would they have protected against this worm?
 
Last edited by a moderator:

jb

if this is the same worm i'm thinking of, it shuts you down when you connect to the internet... therefor, for any anti-virus to work, it would have to download the virus definition to stop it, but you can't connect.

so you'd have to get the patch or whatever through another computer.

very clever virus/worm.
 
167
1
Originally posted by jb
if this is the same worm i'm thinking of, it shuts you down when you connect to the internet... therefor, for any anti-virus to work, it would have to download the virus definition to stop it, but you can't connect.

so you'd have to get the patch or whatever through another computer.

very clever virus/worm.

It took on average about 2 minutes to shut the computer down, so I had to look on websites, and follow leads, and then write down the web page addresses. Thankfully, when downloading 'stinger', the computer didnt start shutting down - must be something programmed.
 

russ_watters

Mentor
18,848
5,039
Re: Worm

Originally posted by plus
What virus protectors do you reccomend, and would they have protected against this worm?
This worm did its thing by exploiting a security flaw in Windows itself. Microsoft released a fix for the problem a month ago, so anyone who updated their version of Windows in the past month was protected. A self proclaimed computer nerd, not even I did the update.

As soon as I read about it a couple of days ago, I updated all of my computers (home and work).
 
211
2
I read on symantec's website that when the worm strikes it creates a process called msblast.exe. I don't see that process being created on my machine but I have been experiencing a problem. Did anybody else look in Task Manager to see if msblast.exe was being created?

Based on what I read here I will download the repair tool anyway.
 

Integral

Staff Emeritus
Science Advisor
Gold Member
7,185
55
Worm? What worm?...Now would someone explain to me why I need to upgrade from Win98? :smile:

Sorry, I couldn't resist! I know of several people who have been infected with this nasty little bug. I am feeling safer now that there is a bigger and more challenging target then poor old Win98!
 
126
0
Well I'm with you Integral. Admittedly I did actually upgrade to XP. But I actually use the windows update on a VERY regular basis, and so had upgraded the patch to fix this problem the day after it was discovered. As a result I was blissfully unaware of the worm until friends all began complaining.
 
211
2
Well symantec's deworming tool says I do NOT have blaster worm. Too bad for me since I have the same symptoms but I don't think microsoft is going to do an update to fix my problem.
 
67
0
Poor silly windows users. You need to switch to linux! :wink: Anyway, i just learned about this worm today and i think a friend of mine has it. I was over at this house and he kept having to reboot his PC because RPC kept being "unexpectantly terminated". Probably from the worm attempting to exploit remote procedure call. Not that any of you probably care though .
Did anybody else look in Task Manager to see if msblast.exe was being created?
Programs can easily be hid from the task manager if they are being run as services, and probably many other ways.
so anyone who updated their version of Windows in the past month was protected.
Windows update prodcedure is very bad. Even though you "downloaded" the update you may not have really downloaded it. Let me explain, before windows patches your PC it scans your registry. Every time you install an update a key is added to your registry. So from scanning the registry MS can determine which updates you need. Sometimes the reg key is added but the patch is either not downloaded or was never installed. As a result of this there have been many reports of people that "updated" their PC but still became infected! You might want to manually download and install the patch just incase (although, i'm not sure if windows will let you concidering the reg key is there) *shrug*.
-HBar
 
Last edited:
211
2
I tried to download the windows updates to get the protection from the blaster worm and it told me to download "windows update V4 control". No information about what that is or why I need it. I searched the microsoft website and did a google search but got essentially nothing that describes this download. Just a lot of hits telling me to stop thinking and just say yes. It reminds of the Borg. It's not so bad restarting the computer everytime the problem hits. :wink:
 
191
0
I got it too on XP...but not on winMe...hehehe...bleah...so...bye bye MAGGOT...
 
28
0
personally, im stuck here on Win98, which isnt too bad. But I do have a problim. Everytime I go to windows to update, it takes me to the same dang page that says i dont have windows! Im starting to agree more with Hbar. Switch to linux or apple. Id go to apple in a heartbeat if they would make their computers compatible with PC's. Or atleast the programs. Well, if anyone could help with my problem, if possible, please. Unfortunately, i have the feeling that this is something that youd have to be sitting at my council to fix.

-----------------------
an odd paradox it is,
you cant live without death...
can you?
 
21
0
I've had that darn worm on my pc, been thru it all, and removed it with the fixblast.exe program on the symantec site, and now when I run the fixer, it says no infections found... Thats great, but my task manager still wont open (problem occured first time as I discovered the worm ) It pops up, and closes after 1 sec or so... cant see or do anything in there... Do any of you know how to fix it?

Best regards

Thomas Hansen
 
167
1
I've had that darn worm on my pc, been thru it all, and removed it with the fixblast.exe program on the symantec site, and now when I run the fixer, it says no infections found... Thats great, but my task manager still wont open (problem occured first time as I discovered the worm ) It pops up, and closes after 1 sec or so... cant see or do anything in there... Do any of you know how to fix it?
You might have to disable the system restore feature , as this can save files otherwise deleted. On XP you can do this by right clicking on my computer, then going down to properties and then disabling the system restore on all drives.
 
211
2
There are 2 current worms going around. MSblaster and Nachia worm. The free removal tool from mcaffe (STINGER) removes both but as of 8/19 the symantec tool did not detect the Nachia worm on my computer (probably been updated by now).

Both worms send out so much data that it was impossible to download any updates from microsoft over a 56K modem. I am trying to get the downloads on another computer and put them on CD to move to my machine.
 
17,538
7,140
One of my friends computer just got the blaster worm and I heard my school had 1500 infected computers, yikes! Luckily I installed the patch right away.
 

BoulderHead

My strategy is to keep an image file of a perfectly tweaked OS, complete with all updates and programs, stored not only on a separate hard drive which is physically isolated from my main unit (but slides into a bay in only seconds for immediate bootability), but to be double sure on CD-R’s as well. Any files that I want to keep are frequently backed up too.
In the event that the next bug should land on my hard drive it would be no more than a minor inconvenience to restore my drive and be running again. On my fastest computer, 5.5GB worth of OS, programs, and files, takes about 17 minutes to restore.
I know it isn’t always that simple for corporations to do, but on a personal system I think this is an excellent way to be prepared and never fear these things again.
 

BoulderHead

Greg,
No I don’t. I have used Ghost (forget which version) before but didn’t like it much. I thought that Nero ImageDrive was going to save me some money (because I already owned a copy of it) but it complained about NTFS partitioning so I had to look elsewhere (I’ve never used it on FAT partitions, it might work quite nice with those for all I know). Eventually, I stumbled on a good buy ($45 US) on Drive Image version 7 and really fell in love with it. It is extremely intuitive to use (unlike the version of Norton Ghost I had used) and has a great interface. You will have a bootable CD to load the program prior to directing it to your saved image file (be it on a hard drive or CD). What I don’t appreciate is that it forces you to install MS’s .NET, but everything else about it is superb.

Here is a review of it;
http://www.pcworld.com/reviews/article/0,aid,111800,00.asp [Broken]
 
Last edited by a moderator:
211
2
Originally posted by BoulderHead
My strategy is to keep an image file of a perfectly tweaked OS, complete with all updates and programs, stored not only on a separate hard drive which is physically isolated from my main unit (but slides into a bay in only seconds for immediate bootability), but to be double sure on CD-R’s as well. Any files that I want to keep are frequently backed up too.
awesome. I didn't know you could save an OS so conveniently. Does this work on a PC? Can you point me to the details?
 

BoulderHead

Originally posted by mmwave
awesome.
My thoughts exactly.
I didn't know you could save an OS so conveniently. Does this work on a PC?
Yes, my systems are all PC, and I can assure you it is so much easier than reinstalling an OS then one at a time installing your programs again (for me, that has gone the way of the dinosaur).
Can you point me to the details?
You can go here to read up on the brand I'm using;

http://www.powerquest.com/driveimage/didetails.cfm

You can also check ebay to see what kind of deals are available.
 
Last edited by a moderator:
17,538
7,140
I have used Ghost (forget which version) before but didn’t like it much.
I agree past versions of Ghost were a huge pain to setup, with all that DOS junk. But I just got my hands on Ghost 2003 and it's so easy now. Simple wizards. I just made an image last night. Yay!
 

BoulderHead

Can you boot from a CD or must you use a floppy?
 
57
0
I work for Symantec (Norton) and I have to agree that the 2003 Ghost is the most user friendly! I did not like any of the other versions...

That Worm is quite the bugger and now there are two others out that are horrible...I reccommend to all my customers that they purchase some kind of firewall....I truly helps against the internet threats!
 

Related Threads for: MSBlast worm

  • Posted
Replies
11
Views
2K
  • Posted
Replies
2
Views
1K

Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving
Top