New kind of crash?

Not knowing when the next crash was coming, I typed that kind of quickly.

After receiving the messege, the counter in the block counts down from 60 to 0, and by golly it shuts the computer down. It reboots to the desktop without outside help (does it by itself, i mean).

This is not site specific as it has also occured in yahoo mail.

Using Windows XP Home and Earthlink as ISP.

Is this likely to go away by itself? I can't think of anything I'm doing differently tonight. If it happens from my office machine with a different connection,

Roger this is a serious exploit. Murray S. posted a warning about this worm W32.Blaster.Worm and it's one of those rare warnings that are actually usefull. This worm is wreaking MAJOR havok and I urge everyone to take the steps described in that thread to protect themselves.

In that thread you will find many resources on how to rid yourself of this very dangerous worm if you don't want to do a format.

It's brand spanking new and I have yet to have a look at the source code for this worm but it looks like one of the most clever yet.

Roger, this is no bug, this is a worm that is opening up specific ports on your computer for an outsider to access while it is doing things like shutting you down and using your computer in a DDos attack on Windowsupdates.

You need to address this immediately and if you need help with the various links and instructions Murray posted let me know.

Quick Fix
Roger:

The following instructions should let you stay on long enough to get and do what you need..

Boot to Safe Mode.

First open task manager, find and end the process 'msblast.exe' If it is there.

Second, delete the registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Find the value windows auto update
if its value in the right panel is C:\windows\system32\msblast.exe delete the key.

Finally, delete the file c:\windows\system32\msblast.exe

reboot.

Logon as Administrator.
Don't try the Internet yet. Enable the Windows native Firewall.

Start, Run, services.msc

See if the Remote Procedure Call service is started. If not try to start it.

If it is running, go to the Internet and get the patch.

Even if msblast.exe is not there, by enabling the native firewall you should have enough breathing room to download and apply the patch.

Murray

Okay, I printed this and am going to the other thread and will see what I can do with it when I get home. Thanks for the information.

Silly question maybe, but this can't be spread by using my own email address, but sending from work, can it? I'm sure it can't, but getting paranoid in my old age.

As long as your work computer has updated virus definitions and updated windows updates you should eb fine.

I have several company people who have their computers infected as well so I will write up some very detailed instructions shortly.

I will be doing it for Windows XP but if you have a different OS lemme know and I'll write up for that one as well.

Roger I did a full write-up here:

MSBlast W32.Blaster.Worm :: history and removal instructions

Same thing happened to me. It's the "LoveSan" worm. Here's a blurb from AP:

"Symantec Corp., F-Secure Corp. and other anti-virus companies have free tools for removing the worm. All users, whether their computers were infected or not, should also obtain Microsoft's fix by going to http://windowsupdate.microsoft.com.%mark-on (They should also update any anti-virus or firewall products they have by visiting the vendors' Web sites."

This happened to me when i came here last night, so the worm got in when i went on-line. I manually cut power to the computer the second time it said it was going to shut down, and haven't had any problems since then. I'm going to go to Norton's site to look for the tool to remove it, as i ran a McAffee scan, and it reported it had found no viruses.

Microsoft sucks.

Microsoft patched this almost a month ago. People who don't update their software are the problem.

Well, i update my software once a month, and it was not in the package i got from Microsoft. I have a good firewall, and i've deleted MS Inbox, Outlook Express and all MSN Programs--i think that accounts for the failure of the worm to execute its program. When i manually shut down the second time, the problem went away, and the OS has been operating "cleanly" for about 15 or 16 hours since then. I'm still gonna go to Symantec for the fix, both for this and for the blaster worm (i'm assuming we're discussing two different bugs). I got exactly the same error message which Roger has described, and the it matches the description from the AP article.

People who don't look for updates every day are not the problem, the arrogance of Microsoft, and their seeming inability to write an OS without gaping security holes is the problem.

Microsoft certainly does have security issues but what OS doesn't? On other operating systems I manage the patching is the same ole story.
All the info you need for removal can be found here:

http://www.able2know.com/forums/viewtopic.php?t=10489

All i'm pointing out CdK, is that not all of us are going to look for updates every day, which is the only way to guarantee that you never get a virus, worm or trojan horse--and even that would not necessarily be 100% reliable. The first time this happened, the very first thing i did was turn off the "surfboard" modem i have from Road Runner, which prevented the infection from spreading any further, if it had not already sent itself off. I keep no address books, don't use MS messenger or inbox, or outlook express. I try to be responsible about not being a part of any further problem if i do get an infection of this type. My PC is only partly for going on-line--no more than 10% of my use, and probably not that. To me, this is like catching a cold: i don't spread blame around for that.

I'm with you on that. In fact a few days ago I was too lazy to download a patch on dialup and was exploited in a very complicated and very sucessful hack. So I don't really 'blame' the end user that much.

Even the most vigilant people can be exploited. Heck I was once exploited 15 minutes after a linux patch was released.

But at the same time this is not necessarily Microsoft's fault. No operating system is released flawless and most of the exploits of Microsoft Products are made because of their popularity. After all writing an exploit for software that comprises less than 10% of the market is not attractive to hackers.

In addition, Microsoft is easily one of the best software vendors around when it comes to timely release of patches and the patch system itself. You can make it all automatic if you want.

So if blame needs to be placed it should really fault imperfection. Or maybe the malicious hackers and irresponsible "security" experts who publish exploits before the patches are out.

This particular vulnerability was something everyone has been waiting for. Even the department of Homeland security warned about it.

So other than the fact that MS can't be perfect (and nobody has managed that so far) there is little blame to place at their feet.

I fault MS when they do really stupid stuff. Recently they have been warned about very stupid things they do to XP etc and tehy ignored the warnings. This just wasn't one of those times.

Not sure if you are aware of this, but you can change the settings on the Windows Update so it automatically checks for downloads and installs critical updates. That way you don't have to be bothered by the inconvenience of having to manually check it yourself and your software will be protected as quickly as new patches are issued.

Yup, they have one of the best automatic patching systems there is.

I get notified of security patches by Microsoft - however, I notice that I have often rceived warnings about the virus/worm/flea whatever, and I am told that there is a patch available, days before I get the Microsoft warning. I went to updatesyesterday, and nothing came up as a new patch I needed to put on - this seems damned odd, given that I gather this is a new whatsit.

Is it normal to have a delay before the Microsoft warning appears?


(If you see this, Craven, and prefer that I make a separate topic in Computers for it, I am happy to do that - but it seems a dumb question to me.)

Deb,

It's not new. Microsoft released a patch last month. People have been warning about it for weeks. Hackers did a test run with attack bots.

And finally the worm came yesterday.

So if you have run updates since last month you have already patched.

Hold on, you have 98 right?

That's not a vulnerable system (for this particular exploit).

Your advice still holds though, Craven. Anyone with OS newer then Win 98 who has updated in the last month is patched.

McAfee also just issued updates to its virus scan and firewall today. Seems like they've been issuing updates every 2 days lately.

That's the really neat thing about using the automatic update feature of these programs. I don't have to worry about it at all, it is hardly noticable and I can rest assured that my PC is protected with the latest bells and whistles available.

Don't be too sure. Today I dealt with a user who had patched but the patch failed without giving due warning.

He he, that should oghta scare yew a bit.