4
   

MSBlast W32.Blaster.Worm / LovSan :: removal instructions

 
 
dlowan
 
  1  
Reply Sun 17 Aug, 2003 07:58 am
And you just lit up again!
0 Replies
 
littlek
 
  1  
Reply Sun 17 Aug, 2003 08:15 am
Yep, but this here vice won't give me lung cancer.
0 Replies
 
roger
 
  1  
Reply Sun 17 Aug, 2003 11:58 am
Ya know? whenever someone talks about quitting smoking, I get real tense. Know what I do when I get tense?
0 Replies
 
littlek
 
  1  
Reply Sun 17 Aug, 2003 04:48 pm
hmmmm.... play solitaire on your computer?

So.... how's eveyone recovering from the worm?
0 Replies
 
roger
 
  1  
Reply Sun 17 Aug, 2003 07:07 pm
After numerous attempts, I do believe I got rid of it. While I was at it, I picked up on 27 MS downloads - mostly critical security things, did a defrag, and scan disk.

Don't play solitare and don't believe it's possible to play free cell with out a cigarette.
0 Replies
 
littlek
 
  1  
Reply Sun 17 Aug, 2003 07:35 pm
Eeyep, sounds like what I did.
0 Replies
 
Monger
 
  1  
Reply Sun 17 Aug, 2003 08:57 pm
Hmm, did W2K SP4 include the fix that would prevent Blaster?
0 Replies
 
Craven de Kere
 
  1  
Reply Sun 17 Aug, 2003 09:07 pm
Nope, and the patch needs to be installed AFTER SP4.
0 Replies
 
littlek
 
  1  
Reply Sun 17 Aug, 2003 10:11 pm
what's that mean?
0 Replies
 
gravy
 
  1  
Reply Sun 17 Aug, 2003 10:45 pm
good question!

The instructions on microsoft page require Service Pack 2 (or higher) before the patch is installed.
http://www.microsoft.com/security/incident/blast.asp


If this is still true, then maybe Craven is saying that if you install the service pack 4 you have to patch AFTERWARDS ( or "re-patch"). Conjecture on my part....

Having 3 friends and 20+ extremely non-savvy co-workers swarming around with hopes to have laptops and computers un-wormified has been a, well, can of worms.

Thanks billy G.
0 Replies
 
littlek
 
  1  
Reply Mon 18 Aug, 2003 06:19 pm
Hiya Gravy! On my thread about this (we didn't realize it was the worm right away) I've mentioned that something keeps trying to get through my new firewall. The thought amongst those who have a clue is that it's blaster. Persistent bugger!
0 Replies
 
timberlandko
 
  1  
Reply Mon 18 Aug, 2003 08:07 pm
I'm sure all this has been gone over beforre, but here are three fairly decent removal tools:

(If you're using Windows XP and you get a shutdown notification , immediately Click Start > Run.
In the open box(clear it first if anything is already there), type "Shutdown -A" ... without the quotes, of course.
Don't forget to place the dash (-) in front of "A"
Click OK. Then go to one of the removal tools)

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

http://www.webroot.com/services/msblastaudit.htm?rc=257&ac=552

http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15932 (which refers you to
http://housecall.trendmicro.com/ )

Whichever one you use, print out the instructions, make sure you understand them, and follow them to the letter. Some of what you will have to do must be done while your machine is offline.


For further information about the blaster worm, please visit:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.f-secure.com/v-descs/msblast.shtml
http://www.microsoft.com/security/incident/blast_faq.asp
0 Replies
 
Wilso
 
  1  
Reply Mon 18 Aug, 2003 08:10 pm
There is a new variant of the worm out just today. Our work system is offline at the moment.
0 Replies
 
littlek
 
  1  
Reply Mon 18 Aug, 2003 08:32 pm
uhoh!
0 Replies
 
timberlandko
 
  1  
Reply Mon 18 Aug, 2003 08:35 pm
As long as your OS and security software are up-to-date, you've got nothin' to worry about. "Follow-on" or "Copycat" attacks are just about a given, BTW, when an exploit gets major attention. You can bet on 'em cropping up.

http://www.businessweek.com/technology/cnet/stories/5065117.htm

Quote:
New MSBlast variant plugs hole
A new worm comes with an odd twist: It applies a patch for the vulnerability that it and other MSBlast worms use to infect Windows systems.


Even if its well intentioned, its still an exploit, and likely to create more problems than it solves.
0 Replies
 
Craven de Kere
 
  1  
Reply Mon 18 Aug, 2003 08:38 pm
AV programs will probably nab them simply on the basis of heuristics.
0 Replies
 
timberlandko
 
  1  
Reply Mon 18 Aug, 2003 08:44 pm
Yeah, hueristics should nail 'em on the basis of similarity. I get a kick, though, oughta some of the stuff that turns up via hueristics. A typical error is identifying a particular component of PestPatrol as a "Probable Virus". Ya still gotta stay ahead of the wave on your own ... read all the security-related stuff you conveniently can.
0 Replies
 
littlek
 
  1  
Reply Mon 18 Aug, 2003 08:45 pm
uh okiedokie
0 Replies
 
timberlandko
 
  1  
Reply Mon 18 Aug, 2003 08:52 pm
LOL ... I just notced the IP readback variant of your ever-changing signature, CdK ... thas COULD give some neophytes a heart attack! Another one that I get a kick out of is that spam "Warning" that "Your Computer is vulnerable" and "Proves" it to you by opening "My Computer" in a popup. Folks fall for that and freak ... its really a nasty advertising gimmick, and oughtta be illegal.

Of course, so should signature theft:
http://www.able2know.com/craven/sig.php Twisted Evil
0 Replies
 
Craven de Kere
 
  1  
Reply Mon 18 Aug, 2003 09:00 pm
Ya know, I was worried about that. Maybe one day I should write one that tells all the plugins installed, the browser and version and the Operating System and version.Maybe add the number of pages in the history what page the user visted last, whether they are accepting cookies...

He he. That oughta scare some who doesn't understand how the web work. Twisted Evil
0 Replies
 
 

Related Topics

 
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.09 seconds on 12/22/2024 at 03:18:19