|
|
wayman Special user England - Sunderland 589 Posts |
I have just repaired 3 (including mine!!) and heard of localy another 6 systems that have been infected with this worm Virus.
ISPs everywhere are blocking all port 135 traffic in an attempt to slow the worm's growth and damage. W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability using TCP port 135. It will attempt to download and run a file, "msblast.exe". Infected machines will begin a concerted distributed denial of service attack (DDoS) on the domain "windowsupdate.com" this coming Saturday the 16th. The virus adds the value: "windows auto update"="msblast.exe" to the registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the worm runs when you start Windows. Symantec has a simple tool to detect and delete this automatically Here and Microsoft has a patch to close the loophole Here Press CTRL ALT DEL now and look for a running process called MSBLAST.EXE and disable it before it crashes your system. Install you firewalls!!! Any one else been bothered by this ****py miserable little virus??? |
jarrod New user 35 Posts |
Nothing here, and I haven't even patched until just now. Guess I'm just lucky =)
|
ChrisZampese Veteran user Hamilton, NZ 341 Posts |
Thanks Wayman,
We have had a couple of instances on our network. Be aware of this one. It's not very nice!
The most beautiful experience we can have is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. Whoever does not know it and can no longer wonder, no longer marvel, is as good as dead, and his eyes are
|
Payne Inner circle Seattle 4571 Posts |
Quote:
On 2003-08-13 20:38, ChrisZampese wrote: This one is incredibly nice as it really doesn't do anything, unless you're the Microsoft Update site. The ones you're going to have to watch out for are the next generations of this worm which will be ever so much more destructive and pervasive.
"America's Foremost Satirical Magician" -- Jeff McBride.
|
Reis O'Brien Inner circle Seattle, WA 2467 Posts |
My Dad's PC has been getting chewed a new one by this little bugger and now my computer at work caught it this afternoon. NOT a fun bug. Heads up, fellow computer nerds!
|
RiffClown Inner circle Yorktown, Virginia (Previously Germany) 1579 Posts |
I saw where it hit my firewall but Ive had my systems patched since Mid-Jul. I had no impact either here or at work except the Internet was a bit sluggish at home because of all the extra traffic.
Rob "Riff, the Magical Clown" Eubank aka RiffClown
<BR>http://www.riffclown.com <BR>Magic is not the method, but the presentation. |
PyroDevil Regular user Canada 156 Posts |
I hope everyone has their Firewalls installed. This virus sounds serious!!!
|
ChrisZampese Veteran user Hamilton, NZ 341 Posts |
For those that have it (especially on networks) it could (reportedly) cause some serious issues in a few hours. don't know the exact scheduled time, but it will attempt to create a DNS (Denial of Service) attack on Microsoft by using the email client on infected machines to send bulk emails to a microsoft email address. This could be very serious for Exchange servers and the like.
If you have it, and you are on a network, make sure your network administrator knows about it asap
The most beautiful experience we can have is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. Whoever does not know it and can no longer wonder, no longer marvel, is as good as dead, and his eyes are
|
MacGyver Inner circle St. Louis, MO 1419 Posts |
the date for the DOS attack is the 15th(today)
Here is what you do, first off Ctrl-alt-del and shutdown the process msblast.exe, then do a search for msblast.exe and delete it, very simple. Be sure your patched so you don't get it again right away. |
MacGyver Inner circle St. Louis, MO 1419 Posts |
Oh, I should also add that windowsupdate.com has already been DOS'd so you better find a different place to patch from =).
Its an instresting approach, taking out the patching software and all. Since the bug allows the hacker to execute arbitrary code, once he disables the patching system, he could put a new version of the worm out that could REALLY mess up some computers like deleteing files and editing windows. |
wayman Special user England - Sunderland 589 Posts |
I found a variant tonight on a friends PC
It was the W32.Blaster.C.Worm It adds the value: "Microsoft Inet Xp.."="teekids.exe" to the registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the worm runs when you start Windows. Apparently the local "Leading" PC store is charging about £30 a time to disinfect your machine!! THEN they will push an Antivirus software onto you at an extra cost. Press Ctrl+Alt+Delete once. Click Task Manager. Click the Processes tab. Double-click the Image Name column header to alphabetically sort the processes. Scroll through the list and look for teekids.exe. (or other listed below) If you find the file, click it, and then click End Process. Exit the Task Manager. index.exe root32.exe teekids.exe p.e.n.i.s.32.exe (without the dots) msblast.exe |
The Magic Cafe Forum Index » » Not very magical, still... » » Nasty Worm Virus (0 Likes) |
[ Top of Page ] |
All content & postings Copyright © 2001-2024 Steve Brooks. All Rights Reserved. This page was created in 0.02 seconds requiring 5 database queries. |
The views and comments expressed on The Magic Café are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic. > Privacy Statement < |