MSBlast W32.Blaster.Worm / LovSan :: removal instructions

And you just lit up again!

Yep, but this here vice won't give me lung cancer.

Ya know? whenever someone talks about quitting smoking, I get real tense. Know what I do when I get tense?

hmmmm.... play solitaire on your computer?

So.... how's eveyone recovering from the worm?

After numerous attempts, I do believe I got rid of it. While I was at it, I picked up on 27 MS downloads - mostly critical security things, did a defrag, and scan disk.

Don't play solitare and don't believe it's possible to play free cell with out a cigarette.

Eeyep, sounds like what I did.

Hmm, did W2K SP4 include the fix that would prevent Blaster?

Nope, and the patch needs to be installed AFTER SP4.

what's that mean?

good question!

The instructions on microsoft page require Service Pack 2 (or higher) before the patch is installed.
http://www.microsoft.com/security/incident/blast.asp


If this is still true, then maybe Craven is saying that if you install the service pack 4 you have to patch AFTERWARDS ( or "re-patch"). Conjecture on my part....

Having 3 friends and 20+ extremely non-savvy co-workers swarming around with hopes to have laptops and computers un-wormified has been a, well, can of worms.

Thanks billy G.

Hiya Gravy! On my thread about this (we didn't realize it was the worm right away) I've mentioned that something keeps trying to get through my new firewall. The thought amongst those who have a clue is that it's blaster. Persistent bugger!

I'm sure all this has been gone over beforre, but here are three fairly decent removal tools:

(If you're using Windows XP and you get a shutdown notification , immediately Click Start > Run.
In the open box(clear it first if anything is already there), type "Shutdown -A" ... without the quotes, of course.
Don't forget to place the dash (-) in front of "A"
Click OK. Then go to one of the removal tools)

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

http://www.webroot.com/services/msblastaudit.htm?rc=257&ac=552

http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15932 (which refers you to
http://housecall.trendmicro.com/ )

Whichever one you use, print out the instructions, make sure you understand them, and follow them to the letter. Some of what you will have to do must be done while your machine is offline.


For further information about the blaster worm, please visit:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.f-secure.com/v-descs/msblast.shtml
http://www.microsoft.com/security/incident/blast_faq.asp

There is a new variant of the worm out just today. Our work system is offline at the moment.

uhoh!

As long as your OS and security software are up-to-date, you've got nothin' to worry about. "Follow-on" or "Copycat" attacks are just about a given, BTW, when an exploit gets major attention. You can bet on 'em cropping up.

http://www.businessweek.com/technology/cnet/stories/5065117.htm



Even if its well intentioned, its still an exploit, and likely to create more problems than it solves.

AV programs will probably nab them simply on the basis of heuristics.

Yeah, hueristics should nail 'em on the basis of similarity. I get a kick, though, oughta some of the stuff that turns up via hueristics. A typical error is identifying a particular component of PestPatrol as a "Probable Virus". Ya still gotta stay ahead of the wave on your own ... read all the security-related stuff you conveniently can.

uh okiedokie

LOL ... I just notced the IP readback variant of your ever-changing signature, CdK ... thas COULD give some neophytes a heart attack! Another one that I get a kick out of is that spam "Warning" that "Your Computer is vulnerable" and "Proves" it to you by opening "My Computer" in a popup. Folks fall for that and freak ... its really a nasty advertising gimmick, and oughtta be illegal.

Of course, so should signature theft:

Ya know, I was worried about that. Maybe one day I should write one that tells all the plugins installed, the browser and version and the Operating System and version.Maybe add the number of pages in the history what page the user visted last, whether they are accepting cookies...

He he. That oughta scare some who doesn't understand how the web work.