Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

MSBlast worm

  1. Aug 13, 2003 #1
    Just had this worm:


    It was quite annoying and turned the computer off after about 2minutes browsing the web, although used this thing to get rid of it.

    http://vil.nai.com/vil/stinger/ [Broken]

    What virus protectors do you reccomend, and would they have protected against this worm?
    Last edited by a moderator: May 1, 2017
  2. jcsd
  3. Aug 13, 2003 #2


    User Avatar

    if this is the same worm i'm thinking of, it shuts you down when you connect to the internet... therefor, for any anti-virus to work, it would have to download the virus definition to stop it, but you can't connect.

    so you'd have to get the patch or whatever through another computer.

    very clever virus/worm.
  4. Aug 14, 2003 #3
  5. Aug 14, 2003 #4

    It took on average about 2 minutes to shut the computer down, so I had to look on websites, and follow leads, and then write down the web page addresses. Thankfully, when downloading 'stinger', the computer didnt start shutting down - must be something programmed.
  6. Aug 14, 2003 #5


    User Avatar

    Staff: Mentor

    Re: Worm

    This worm did its thing by exploiting a security flaw in Windows itself. Microsoft released a fix for the problem a month ago, so anyone who updated their version of Windows in the past month was protected. A self proclaimed computer nerd, not even I did the update.

    As soon as I read about it a couple of days ago, I updated all of my computers (home and work).
  7. Aug 14, 2003 #6
    I read on symantec's website that when the worm strikes it creates a process called msblast.exe. I don't see that process being created on my machine but I have been experiencing a problem. Did anybody else look in Task Manager to see if msblast.exe was being created?

    Based on what I read here I will download the repair tool anyway.
  8. Aug 15, 2003 #7


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Worm? What worm?...Now would someone explain to me why I need to upgrade from Win98? :smile:

    Sorry, I couldn't resist! I know of several people who have been infected with this nasty little bug. I am feeling safer now that there is a bigger and more challenging target then poor old Win98!
  9. Aug 15, 2003 #8
    Well I'm with you Integral. Admittedly I did actually upgrade to XP. But I actually use the windows update on a VERY regular basis, and so had upgraded the patch to fix this problem the day after it was discovered. As a result I was blissfully unaware of the worm until friends all began complaining.
  10. Aug 15, 2003 #9
    Well symantec's deworming tool says I do NOT have blaster worm. Too bad for me since I have the same symptoms but I don't think microsoft is going to do an update to fix my problem.
  11. Aug 15, 2003 #10
    Poor silly windows users. You need to switch to linux! :wink: Anyway, i just learned about this worm today and i think a friend of mine has it. I was over at this house and he kept having to reboot his PC because RPC kept being "unexpectantly terminated". Probably from the worm attempting to exploit remote procedure call. Not that any of you probably care though .
    Programs can easily be hid from the task manager if they are being run as services, and probably many other ways.
    Windows update prodcedure is very bad. Even though you "downloaded" the update you may not have really downloaded it. Let me explain, before windows patches your PC it scans your registry. Every time you install an update a key is added to your registry. So from scanning the registry MS can determine which updates you need. Sometimes the reg key is added but the patch is either not downloaded or was never installed. As a result of this there have been many reports of people that "updated" their PC but still became infected! You might want to manually download and install the patch just incase (although, i'm not sure if windows will let you concidering the reg key is there) *shrug*.
    Last edited: Aug 16, 2003
  12. Aug 16, 2003 #11
    I tried to download the windows updates to get the protection from the blaster worm and it told me to download "windows update V4 control". No information about what that is or why I need it. I searched the microsoft website and did a google search but got essentially nothing that describes this download. Just a lot of hits telling me to stop thinking and just say yes. It reminds of the Borg. It's not so bad restarting the computer everytime the problem hits. :wink:
  13. Aug 16, 2003 #12
    I got it too on XP...but not on winMe...hehehe...bleah...so...bye bye MAGGOT...
  14. Aug 19, 2003 #13
    personally, im stuck here on Win98, which isnt too bad. But I do have a problim. Everytime I go to windows to update, it takes me to the same dang page that says i dont have windows! Im starting to agree more with Hbar. Switch to linux or apple. Id go to apple in a heartbeat if they would make their computers compatible with PC's. Or atleast the programs. Well, if anyone could help with my problem, if possible, please. Unfortunately, i have the feeling that this is something that youd have to be sitting at my council to fix.

    an odd paradox it is,
    you cant live without death...
    can you?
  15. Aug 20, 2003 #14
    I've had that darn worm on my pc, been thru it all, and removed it with the fixblast.exe program on the symantec site, and now when I run the fixer, it says no infections found... Thats great, but my task manager still wont open (problem occured first time as I discovered the worm ) It pops up, and closes after 1 sec or so... cant see or do anything in there... Do any of you know how to fix it?

    Best regards

    Thomas Hansen
  16. Aug 20, 2003 #15
    You might have to disable the system restore feature , as this can save files otherwise deleted. On XP you can do this by right clicking on my computer, then going down to properties and then disabling the system restore on all drives.
  17. Aug 20, 2003 #16
    There are 2 current worms going around. MSblaster and Nachia worm. The free removal tool from mcaffe (STINGER) removes both but as of 8/19 the symantec tool did not detect the Nachia worm on my computer (probably been updated by now).

    Both worms send out so much data that it was impossible to download any updates from microsoft over a 56K modem. I am trying to get the downloads on another computer and put them on CD to move to my machine.
  18. Aug 21, 2003 #17
    One of my friends computer just got the blaster worm and I heard my school had 1500 infected computers, yikes! Luckily I installed the patch right away.
  19. Aug 21, 2003 #18
    My strategy is to keep an image file of a perfectly tweaked OS, complete with all updates and programs, stored not only on a separate hard drive which is physically isolated from my main unit (but slides into a bay in only seconds for immediate bootability), but to be double sure on CD-R’s as well. Any files that I want to keep are frequently backed up too.
    In the event that the next bug should land on my hard drive it would be no more than a minor inconvenience to restore my drive and be running again. On my fastest computer, 5.5GB worth of OS, programs, and files, takes about 17 minutes to restore.
    I know it isn’t always that simple for corporations to do, but on a personal system I think this is an excellent way to be prepared and never fear these things again.
  20. Aug 21, 2003 #19
    BH do you use Ghost for your drive imaging?
  21. Aug 21, 2003 #20
    No I don’t. I have used Ghost (forget which version) before but didn’t like it much. I thought that Nero ImageDrive was going to save me some money (because I already owned a copy of it) but it complained about NTFS partitioning so I had to look elsewhere (I’ve never used it on FAT partitions, it might work quite nice with those for all I know). Eventually, I stumbled on a good buy ($45 US) on Drive Image version 7 and really fell in love with it. It is extremely intuitive to use (unlike the version of Norton Ghost I had used) and has a great interface. You will have a bootable CD to load the program prior to directing it to your saved image file (be it on a hard drive or CD). What I don’t appreciate is that it forces you to install MS’s .NET, but everything else about it is superb.

    Here is a review of it;
    http://www.pcworld.com/reviews/article/0,aid,111800,00.asp [Broken]
    Last edited by a moderator: May 1, 2017
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook