computer virus!

~god~ · #1 (**permalink**) Aug 12, 03

hallo. uum this stupid worm spreading pretty quickly where it 'endtasks' your SVChost automatically and your computer restarts repedetly.. its actually pretty well written, but was wonderin' where it came from. I already fixed it.. i checked and it was using ports 135 and 69, so i shut them.

but how the fuck did it form on my msblast.EXE?
uugghh. nice virus tho. two thumbs up!!

-sean.

rawb · #2 (**permalink**) Aug 12, 03

msblast.exe is part of the worm.

stop the process in task manager, delete it.

open up regedit, do a search for msblast and MSBLAST and delete those keys.

run windows update, because the dcom patch is in there.

rawb · #3 (**permalink**) Aug 12, 03

yeah fuck that noise i just said, symantec just released a removal tool:

http://securityresponse.symantec.com...oval.tool.html

but you still have to patch it. if you can't use msupdate you can download the patch straight from here:

http://www.microsoft.com/technet/tre...n/MS03-026.asp

even with the 60 second shutdown time, it's pretty easy to download both programs to your desktop. just unplug your interweb and use the removal tool and install the patch.

Lostcause · #4 (**permalink**) Aug 12, 03

easiest Way to remove this thing.

restart the unit.

#2. Click on Start | Right click on My Computer | Click on Manage.

#3. Under Services and Applications - click on Services

#4. Find Remote Procedure Call (RPC) on the right side, right click on it - Click on properties.

#5. Find the Recovery Tab - 3 columns, change 'Restart the computer' to 'Take no action.'

#6. Connect to the internet

#7. Browse to www.google.com

#8. Type in download stinger - first page at the top 'Network Associates, Inc.' - click on it.

#9. Click on Download Stinger - Click on 'Open' when the download dialogue appears.

#10. When Stinger opens, click on 'Scan Now'

While running the scan...

#11. Goto www.technet.com - First page you see, two articles down is 'Read Security Bulletin.' - Click on it

#12. Click on 'Windows XP 32 bit Edition' - On the right side, click on 'Download' - Now click on 'Open' when the download dialogue appears.

stringbeans · #5 (**permalink**) Aug 12, 03

our network at work is down.. im not sure if its because of this virus or something else, but yeah.. this sucks!

john
2899131

rawb · #6 (**permalink**) Aug 12, 03

Quote:

Originally posted by elguato
protect yourself, run a linux gateway firewall :P

if you have time to configure, run and maintain a firewall for your network you have time to run windows update on your windows boxes once a month. :c-tard:

miss.myra · #7 (**permalink**) Aug 12, 03

ugh. viruses.

we're not allowed to check our outside e-mail at work because of them and it drives me nuts because if you are stupid enough to get an e-mail virus (oh golly! look! someone I don't know is asking for my advice on a file, better open it!) should NOT be working at IBM in the first place!

stringbeans · #8 (**permalink**) Aug 12, 03

^^ i know what you mean! ive never gotten an email virus before. i've received them a bunch of times, but im always cautious when it comes to emails from people i dont know! but sometimes its because of that auto-preview feature in outlook which opens the email in that preview window as soon as you highlight it.

john
2899131

inkster · #9 (**permalink**) Aug 12, 03

Quote:

Originally posted by miss.myra
ugh. viruses.

we're not allowed to check our outside e-mail at work because of them and it drives me nuts because if you are stupid enough to get an e-mail virus (oh golly! look! someone I don't know is asking for my advice on a file, better open it!) should NOT be working at IBM in the first place!

what do you guys run there, anyways?

inkster · #10 (**permalink**) Aug 12, 03

Quote:

Originally posted by stringbeans
^^ i know what you mean! ive never gotten an email virus before. i've received them a bunch of times, but im always cautious when it comes to emails from people i dont know! but sometimes its because of that auto-preview feature in outlook which opens the email in that preview window as soon as you highlight it.

john
2899131

outlook is the devil!

stringbeans · #11 (**permalink**) Aug 12, 03

hah, our network (nokia) is hosted by ibm, and all of our nokia branches in north america are screwed

DJDeeb · #12 (**permalink**) Aug 12, 03

Fun times in IT land today!!!!!! :c-tard:
Spent most of the day dealing with this thing!!!

Now i come home and find it on my computer here!..lol:)

Kelster · #13 (**permalink**) Aug 12, 03

how else can you get a virus other then just opening bad emails?

lildonkey · #14 (**permalink**) Aug 12, 03

Actually easiest way to fix it is

Control Panel
-> Internet connections
-> right Click select properties
-> Select Advanced tab
-> Select Use firewall
-> Apply

Done.

DJDeeb · #15 (**permalink**) Aug 12, 03

Quote:

Originally posted by Kelster
how else can you get a virus other then just opening bad emails?

This virus just forces itself onto a computer that has not got the security patch ( noted above ) applied to it......Also if you have not updated your virus scanner software.
It uses a known "hole" in Windows!...........pretty sneaky shit!

AGROculture · #16 (**permalink**) Aug 12, 03

Can you get a virus from opening an email but not opening any attachments?

I think you can but not to sure

AGROout

sweet~kandy · #17 (**permalink**) Aug 12, 03

Oh thats not good, thats not good at all...

inkster · #18 (**permalink**) Aug 12, 03

Quote:

Originally posted by AGROculture
Can you get a virus from opening an email but not opening any attachments?

I think you can but not to sure

AGROout

with outlook express you definately can. outlook's a bit better, but still kind of sketchy. like john said, turn off your auto-preview. this'll prevent the opening of emails that you find to be suspect (since in order to delete it, you have to click on it, which opens it in the preview).

Sh4n3 · #19 (**permalink**) Aug 12, 03

Quote:

Originally posted by rawb

even with the 60 second shutdown time, it's pretty easy to download both programs to your desktop. just unplug your interweb and use the removal tool and install the patch.

lol, i just went through all of this yesterday.

took my dumbass a while to unplug the net so i could open that shit though.

inkster · #20 (**permalink**) Aug 12, 03

Quote:

Originally posted by lildonkey
Actually easiest way to fix it is

Control Panel
-> Internet connections
-> right Click select properties
-> Select Advanced tab
-> Select Use firewall
-> Apply

Done.

good advice. but not everyone of us has xp or a personal firewall.

in which case, the best way to prevent the issue is to just download the patch.

miss.myra · #21 (**permalink**) Aug 12, 03

Quote:

Originally posted by inkster

what do you guys run there, anyways?

We don't do the running.

We have a series of hamsters running on wheels in a small room on the third floor.

...

beach*bum · #22 (**permalink**) Aug 13, 03

omg i have this stupid thing. thx guys. this helped out alot.

Magi · #23 (**permalink**) Aug 13, 03

one of the few times using Windoze ME has been a good thing rather than a bad thing.

MissZiggy · #24 (**permalink**) Aug 13, 03

Apparently this ms.blast thing is set to hit microsoft on friday. All over the news.
I'm glad we got rid of ours a few days ago.

AGROculture · #25 (**permalink**) Aug 13, 03

How do I turn off the automatic viewing on outlook?

Thats the worst!!

AGROout