http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Patch up your machines people. This is an annoying one.. it will shut down your pc as if someone is doing it remotely. Some people get 2 to 5 mins of operating time and then you need to reboot.

how freaky is that......20 mins after reading this thread, my sister comes in and tells me that our main computer with windows xp just got infected with this so called worm...argh

funny how things work out cuz i didnt think the links or this thread would apply to me but now i do need it hehe....

thanks for the info and for keeping us informed lude!!!

I've been getting this crap 2 days ago. Luckily I read this thread.

a couple of weeks ago i did a major virus search on my computer and my program found 50 infected things in my computer, it fixed it but it couldnt delete them, but thye are harmless

Quick_Lude... you da man! i know a few people already affected.
Appreciate the timely info..

p.s. are you coming out tonite?

Yawp, this happened to me with my home computer.

However, I didn't realize it was a worm and thought my RPC server was actually corrupted. So I attempted to reinstall Windows. Somehow this got messed up, and now there are problems with the HDs. ARGH!!!

AND, the most competent computer company in San Diego (Net Edge) recently closed down. I don't suppose anybody else in San Diego can recommend a reliable, capable, honest place to take my computer to have them check it out?

OK, so I got hit by this MSBlaster worm yesterday.

However, I didn't realize it was a worm and thought my RPC server was actually corrupted. So I attempted to reinstall Windows. Somehow this got messed up, and now there are problems with the HDs. ARGH!!!

AND, the most competent computer company in San Diego (Net Edge) recently closed down. I don't suppose anybody else in San Diego can recommend a reliable, capable, honest place to take my computer to have them check it out?

Please?

Originally posted by DisneyDestroyer
I don't suppose anybody else in San Diego can recommend a reliable, capable, honest place to take my computer to have them check it out?

Uh, aren't you a software engineer? You can't fix it yourself? :)

I also had this worm hit both my computers yesterday, really annoying... fortunately the patch seems to work.

I just ran window update on both my computers. Would this patch the vulnerabiltiy?

Neither of my computers are running XP. One is 98 the other is ME, am I still at risk?

It should be "Latest Windows worm!"

You guys should all get firewalls, then you won't be affected by these problems.

I'm a software engineer, I've unfortunately been out of the IT side for a few years. That's all it takes.

I tried to work on it, I think I just made it worse.

how do i get a firewall?

mental,
If you are running Windows XP, go to my computer, click network connections, right click and go to properties, the top of the advanced tab, it should say Internet Firewall Connection. Make sure that is on. This should protect you from any worms..

Pardon my personal opinion, but the firewall feature built into XP is junk. It's not as customizable as Zonealarm (http://www.zonelabs.com/store/content/company/zap_za_grid.jsp), even the stripped free version they offer.

software firewalls are crap! get a real hardware firewall!

Originally posted by zoom44
software firewalls are crap! get a real hardware firewall!
I agree.
According to Symantec it's only the 2000 and XP that's affected.. Maybe NT too since it's a similar kernel? Read that Symantec link carefully and to the bottom. It gives you instructions on how to manually edit the registry and get rid of it. This one is spreading FAST.

Oh and yes, I should have titled it Latest WINDOWS worm. :p

i agree....get a real firewall...however, the one in XP is sufficient to hold off this particular worm....

Patch was realeased not too long ago... Funny how people apply the patch after they get infected.

I guess I'm covered on both fronts. I'm not running the affected OS and I have a hardware firewall.:cool:

For those of you who are unsure what a hardware firewall is, it can be many things, but a a regular Linksys of D Link router works fine.

Originally posted by cueball1029
I just ran window update on both my computers. Would this patch the vulnerabiltiy?

Neither of my computers are running XP. One is 98 the other is ME, am I still at risk?

No. 95, 98, 98SE, and ME are unaffected (they don't come with DCOM).

WinNT, Win2k, WinXP, and Win2k3 are all at risk if left unpatched. I don't think that NT4 has a patch available, as it is past its end of life date. If a patch is available for your machine, you can get it from the Windows Update site (assuming of course, you haven't already applied it).

The patch for this came out a month ago; for people who don't keep on top of os updates, set your windows update settings to download the patches for you (it can even apply the patches for you if you want it to).

Steps to do this on Win2k3 -- steps should be similar on WinXP and Win2k:
* Right click on "My Computer"
* Select "Properties"
* Click the "Automatic Updates" tab
* Ensure the "Keep my computer up to date" checkbox is checked.
* Select the update setting you want to use (I'd recommend at least "Download the updates automatically"; if you leave your computer on 24/7 ,having it automatically apply the patches overnight is a good idea).

As other people have suggested, having a good firewall between your computer and the cable/dsl modem is never a bad idea. Even the firewall that comes with XP is better than nothing.

i have zonealarm but it doesnt let me play medal of honor so i shut it down:(

OK ... this darned thing uses port 135 to do it's nasty business. If you go onto www.ntlworld.com they have instructions on how to protect your PC temporarily (using Windows XP firewall) and how to remove the little bleeder.

Here's Symantec's way to manually remove the worm:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Originally posted by downshift
Here's Symantec's way to manually remove the worm:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
Funny that link looks exactly the same as the one in my first post.. :p

This worm is big! It made the news... :p

heard about it on the radio this morning and then some coworkers were talking about it... quick little bugger.

-JiM

ok i decided to ge my zonealarm back up, and the firewall is in stealth mode, hackers cant even touch my computer:D

To answer earlier questions: If you go to the MS software update site and do ALL the critical updates you will be protected. If you did this maybe 3 weeks ago you might not be protected. Go back and do it again.

For anyone with high-speed access (cable modem or DSL), if you're computer is hooked directly to the digital modem, go to the local computer store and buy a router. Linksys, D-Link and many other good products out there. Just read the box carefully and make sure the device contains a firewall. These days, most do. With a router you'll be able to share your high-speed connection with every computer in the house. Some of these routers are wireless, meaning they broadcast wi-fi (aka 802.11b) throughout the house. You can get wireless cards for your other computers and don't have to string ethernet cable all over the place. It's very cool.

^ i have a links router but i cant find the box, how can i find the firewall for it?

Originally posted by mental pimp
^ i have a links router but i cant find the box, how can i find the firewall for it?

Either your router already includes the firewall or it doesn't. If it does, there's nothing more you need to do. If it doesn't, there's nothing you can do. Occasionally, Linksys posts firmware updates on its website which updates all the router coding; I would expect this would include firewall updates if needed.

I recommend you call Linksys 800 number and ask them. Give them your model number, maybe even serial number as older models may not have firewall while newer ones do. If yours is less than a couple years old you're probably in good shape.

For everyone: If you want to test your firewall or computer for vulnerability go to www.grc.com; click on "Shields Up" then click "ShieldsUP Port Probe test." This tests port 135 which is being exploited in the current infection. When you see the test result page, can click "Common Ports" or "All service ports" and it will check over 1000 potential ports on your computer. I did this Before and After I got my firewall and the difference is astounding. Without a firewall, if you're on a high-speed connection, your computer is essentially a little Internet beacon saying "Hack me hack me." Designed for interconnectivity, your computer is actually broadcasting to the world it's there and giving its port addresses. You are worse than a sitting duck. With a properly configured firewall, you go into stealth mode. Hackers and worms either can't tell you're there, or they just can't do anything about it. They will quickly move onto the next big, fat sitting duck vice wasting their time on you.

BTW, grc.com does these tests by actually trying to penetrate your ports (no, that is not meant to be sexual innuendo.) You need a level of trust to invite them to do this. I've been working with grc for years and have that level of trust, as do thousands of other computer professionals. I know it can be intimidating to ask a stranger to penetrate you (ok, now that WAS innuendo
;) ) Nevertheless, think of it this way... you're getting probed virtually every minute you're online, whether you know it or not. You might as well have someone do it who will share the results with you. Then you can decide what to do. These router/firewalls we're talking about can be found under $100. Figure the cost of smoking your hard driving and losing everything on it, and the time spent trying to figure it out, and the $100 is a bargain.

Finally, these routers are only for those on high-speed connections. If you're on dial-up, you can't use 'em (as far as I know.) You can buy software firewalls that just load on your computer. they are pretty good, but s/w firewalls can never be as good as hardware ones for certain technical reasons I'm not going to debate now. If that's your choice, at least get something. We were "lucky"; lovSan was widespread but not desstructive. someone was testing their capabilities. You can be assured one of the next ones will carry a destructive payload. Doing something after the fact will be too late, so make your move now.

Originally posted by Quick_lude

Funny that link looks exactly the same as the one in my first post.. :p

This worm is big! It made the news... :p

Ack, didn't see it! My bad.

I worked in IT, and the last two days have been hell. PLEASE INSTALL THE PATCH SO I CAN SLEEP.

Ha ha.. I do tech support too.. talk about great timing to take holidays. :D

Ok, here's a dumb question- how is this thing being passed around? Neither my husband nor I have found anything about how it's passed along, which is odd since he's a software engineer/database architect, and usually knows what's up practically before it happens.

We're ok, as we're behind our router's firewall and nothing, even the stuff we want, gets through. But I'm still curious about where it's coming from.

I am at work right now and this facility was messed up. They briefed us all on this for the classes. Apparently there are two NEW Worm viruses out there as of today--Lovespring joined the other one. They enter through set scans of IP addresses. The newer one is supposedly (we were told) attacking the MS web page that contains the patch for the other one! Anyway, Norton Live Update has the addition of the viral code added as of 8/11. The new one ??? dunno. Lovespring was announced today on national radio - easy to erradicate but know it is there is the trick.

I lost my data to the worm back in December (whatever that one's name was) not nice.

Get a good antivirus and internet protection. It will at least help. I have a hardware firewall too but that other worm got through anyway. The sofware firewalls, if updated regulary will help. Nothing is foolproof though.

Originally posted by zoom44
software firewalls are crap! get a real hardware firewall!

Software firewalls are always vulnerable to OS exploits. Get an OS which was written by someone with a clue about security (e.g not Microsoft.)

Bravo ECTOMORT!

I benefit from having a low market-share OS: Mac OS X. Low market-share means no one cares enough to write a worm for it.... ;)

Originally posted by Toadman
Pardon my personal opinion, but the firewall feature built into XP is junk. It's not as customizable as [.

It does work for this worm though and offers quick easy protection. It is built in and can be turned on in one second.


If you can get your system up to run windows in safe mode then run the fixblast.exe from Symantec.com.

Originally posted by the_doug
I benefit from having a low market-share OS: Mac OS X. Low market-share means no one cares enough to write a worm for it.... ;)

same here... and I love my OSX...it's great. hardly ever crashes, if at all. The new G5 looks pretty bad azz...i'm wanting to get one...but will wait for a faster one to come out.

Originally posted by the_doug
I benefit from having a low market-share OS: Mac OS X. Low market-share means no one cares enough to write a worm for it.... ;)

I'd disagree with your stated reason why OS X (or any *nix, for that matter) is more secure. (Even if your comment is tongue-in-cheek, someone might take it seriously.)

Security through obscurity won't get you too far. OS X is more secure than any Microsoft OS because it is a Unix-based system designed by folks who understand (and value) security. Furthermore, it benefits from having an open-sourced core OS: many eyes (experts, newbies and malfeasants) can look for themselves to see what's going on in the OS.