Bosco Posted August 12, 2003 Posted August 12, 2003 A new big bad worm is out! The worm, dubbed LoveSan, Blaster, or MSBlaster, exploits a vulnerability in the Distributed Component Object service that is hosted by a Remote Procedure Call feature in Windows 2000 and Windows XP. Once it gets onto a vulnerable computer, the program downloads code from a previously infected machine that enables it to propagate itself. Then, it scans the Internet for other vulnerable machines and attacks them. In some cases, the worm crashes the victim machine, but does not infect it. The worm also appears to instruct the computer to launch a distributed denial of service (DDOS) attack on August 16 against a Microsoft Web site. About the worm: Infected computer has key "windows auto update" in ..\CurrentVersion\Run in registry, which points to MSBLAST.EXE file (6176 bytes). Worm contains some texts: I just want to say LOVE YOU SAN!! billy gates why do you make this possible? Stop making money and fix your software How do you fix this? First, patch your system so you don't get the virus again! Patches: Windows XP Windows 2000 Windows NT 4.0 More information on this patch, at: http://www.microsoft.com/technet/treeview/...in/MS03-026.asp Removing the virus: Download and run "FIXBLAST".exe to remove the MSBLAST.exe file, terminate the process and remove added registry keys by the worm. Reboot your pc. If you DO have the virus, and the virus tries to shutdown your computer you may get a dialog that says your system is going to shut down in 60 sec. If that happens type: "shutdown /a" without the quotes at the run command and that will abort the shutdown. Firewall Protection Here are some ports you can block on your router or firewall to quickly protect your machines: TCP Port 135 "DCOM RPC Port" -- Used to access the RPC exploit UDP Port 69 "TFTP" -- Used to Spread msblast.exe TCP Port 4444 -- The worm uses this port to perform Denial of Service attacks against other computers. Share this post Link to post Share on other sites More sharing options...
justinal Posted August 12, 2003 Posted August 12, 2003 thanxs for the heads up lp Share this post Link to post Share on other sites More sharing options...
xboarder Posted August 12, 2003 Posted August 12, 2003 about 3 PM Mt. time it hit every XP machine in the Labs where I work....even got my brand new laptop...i hope there's a fix SOON! Share this post Link to post Share on other sites More sharing options...
justinal Posted August 12, 2003 Posted August 12, 2003 could you explain what you were talking about like checking your registry im checking it out but im trying to find it is it obvious? Share this post Link to post Share on other sites More sharing options...
Bosco Posted August 12, 2003 Posted August 12, 2003 Go to: \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run On the right side of the page, look for the "windows auto update" entry. If it's there.. you should see it Share this post Link to post Share on other sites More sharing options...
justinal Posted August 13, 2003 Posted August 13, 2003 ok thanxs then i dont have the virus Share this post Link to post Share on other sites More sharing options...
DevilMB3017 Posted August 13, 2003 Posted August 13, 2003 Man, I donwloaded Zone Alarm after my formatting, and this thing has been going crazy all night with TCP attacks, prolly from the Worm. At least 6 this hour alone. Share this post Link to post Share on other sites More sharing options...
william488 Posted August 13, 2003 Posted August 13, 2003 i have it on my computer dang, thanks linux for the link to this thread, i am running it all right now trying to fix it, getting off the net untell i fix it so i don't help spread it, got to fix 3 of my computer on my network now..... Share this post Link to post Share on other sites More sharing options...
LobbDogg Posted August 13, 2003 Posted August 13, 2003 about every 10 minutes we have had people bring in their computers with this virus to get fixed, I ended up getting pulled off the sales floor to help with the overflowing amount of computers in the tech room. Definitely one of the worst worms lately for sure. Share this post Link to post Share on other sites More sharing options...
william488 Posted August 13, 2003 Posted August 13, 2003 done, only had 2 files that the fixit program had to del. installed the patch, everything running good now. but still my virus scanner will not work now even re-installed it 2 times. Share this post Link to post Share on other sites More sharing options...
sYstEmATiC Posted August 13, 2003 Posted August 13, 2003 yeah most of my niebors with cable/dsl internet have it, but fortunatly me and my dad didnt get it. im tired of helping neighbors/dads frieds/my friends fix it....its getting to my head very fast. Share this post Link to post Share on other sites More sharing options...
LobbDogg Posted August 13, 2003 Posted August 13, 2003 especially if they don't pay you, that sucks. Feels like you are just giving information and services away. I have done it way too many times and I think people started to take advantage that I would just do it for free everytime they had a computer problem. You end up having no free time and no money to boot either. Share this post Link to post Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now