Ok. I have been recently been getting kicked off my computer by this little pop up box that says your system is closing because of bla bla bla. Well I just scanned and I found out it was a worm, *gasp* The problem is, if I disable my firewall msblast.exe, the name of the gay worm, will shut me down again. But if I don't, I can't host. Anyone heard of it? I can't quarentene or delete it. Please help. Thanks.
Tseng
ID:275268
 Aug 12 2003, 5:27 am
|
|
|
Aug 12 2003, 5:35 am
|
|
Tseng True Guerilla
 |
Ok, I'm getting worried because I just scanned and it won't go away! Anyone, please! Oh yeah, I'm using Norton 2003.
|
I didn't have time to investigate, but upon returning to my computer earlier today and turning it on, I got a rather nasty message after about 30 seconds:
"Your computer is being shut down due to Remote Procedure Call (RPC) crashing." Anyone have any information on this? Tried digging around, but I can't seem to find much. Im at my sisters house at the moment, so I'd like to get some info on it before I return. Whatever needs to be done has to be done in a minute or so. Hmm :/ I can't seem to find a procedure being started thats causing it, either (Using WinXP Pro) Mayby its the same thing? | |
http://securityresponse.symantec.com/avcenter/venc/data/ w32.blaster.worm.html
There's also a fairly old update for windows that makes this worm non functional. Either you haven't updated windows for quite a while or it's one of those updates that doesn't make it into the autoupdate system. | |
Tseng True Guerilla wrote:
One more thing... eh. How do I dsiable system restore so I can run the tool? Thanks. I believe it has a link to it on that site (Atleast I found about 3-4 of them on how to do so). I have the page closed now though so I can't give you a link.. | |
Word of advice Alathon. When you get home and turn your computer on, you'll have about 20 seconds before it comes back. So if you don't have a firewall to keep it subdued while you get the tool, you're screwed.
| |
Tseng True Guerilla wrote:
Word of advice Alathon. When you get home and turn your computer on, you'll have about 20 seconds before it comes back. So if you don't have a firewall to keep it subdued while you get the tool, you're screwed. Well, actually, I'd say about 1 minute or so. Because it takes 60 seconds before it shuts down. Hopefully I'll be able to get the installer down on a disk here and install it fast enough, then reboot and run it like that. | |
Heads up, I went around asking on the G4 Forums and they said this was in USA Today. Me and Alathon are going to be on the News. :) But this is going to be happening alot more often. I suggest anyone who has ME and or XP get the patches at the link that Jon was provided below.
| |
You might have to boot up in safe-mode to install it (and/or download it). When I did the patch it took a little while for it to finish.
| |
yep u need to go on safemode to install or download it..oh well i dont 100% sure it will finish soon.. but it takes time..
- Nelly | |
Yea, The MSBlast is going around today. MS did relese a patch to fix the problem awhile ago. you can read a lot more about it here:
http://news.com.com/2009-1002_3-5062885.html?tag=fd_lede1_he d | |
Xzar wrote:
Yea, The MSBlast is going around today. MS did relese a patch to fix the problem. but even systems that are up-to-date are geting it. you can read a lot more about it here: Mine is up to date, well, not fully, but that worm can't even penetrate my system. That is because Lovsan (the actual name of the worm) searches for unsecure NT, ME and XP systems via the web, once it finds one, it installs itself through port 132 I think, then it acts as an FTP once it has written itself in the registry, it then opens a port which is port 4444, then it downloads MSBlast.exe and writes that within the boot sector of your registry, once MSBlast has been set to your boot, the next time you start your system, you get this problem with your RPC which shuts down your system. You can actually get rid of the virus online with a scan from somewhere, I forgot the link to it though, I think it is Sigate or something like that. I personally use AVG AntiVirus to protect myself from Virus', as it works and I have never had a Virus that it cannot take down :P --Lee | |
Same thing with me, No idea if it was already said because I havent read the rest of the posts. But update everything you need to from windowsupdate.com and it will be fixed. then you will have the time to scna for viruses and clean off your system.
| |
I got mine Sunday afternoon. Anywho, today is the 13th. If you don't move the worm by friday, it will perform dos attacks until next year. My mom's friend at work is infected and doesn't know what to do. All those hospitals got infected, man. This is serious.
| |
Yeah one of my friends towns is like shut down for like a day now all business is down cause of this thing.
Why do people do these things? Why ruin what isnt yours? I hate this stuff. Anyone that is even related to someone like this should be thrown in a pit ;) Everyone says an old update fixes it, but its apperent either the old patch didnt fix it or half of Amercia didnt update. Its starge cause my friend has Windows XP, but he also has Road Runner and he has set his PC to do like a everyday update thing while he is at work, It still got it. Itll only take a little bit to fix, this isnt as bad as some people are making it out to be. | |
All they have to do is download the virus remover from Symantec(creators of norton antivirus). I'm guessing that McAfee made one available as well. That update was supposed to fix it, so either very few people actually ever update XP(very possible), or that update wasn't added to the windows updater(possible, some aren't).
| |