BLASTER WORM (Where From???)
Just the other day I had my Windows XP system totally up to date with no problems what so ever. . . Always on top of the computer updates and drivers etc. and the going ons in the business, IT, MIT, it's what I do for a living.
This topic was started by Cellar_Dweller,
Just the other day I had my Windows XP system totally up to date with no problems what so ever...
Always on top of the computer updates and drivers etc. and the going ons in the business, IT, MIT, it's what I do for a living...
A lot of people I know and chat with on voice chat were talking to me on Sunday night early morning when they mentioned the SHUTDOWN screen that popped up on their screen while we were actually talking.
I mentioned that, that sounds funny because it sounded like a REMOTE SHUTDOWN that we use in the business and stated never knew it could be done over the net, but just on local networks...
Anyway on Monday the news hit and I was right sort of and the virus began...
I didn't have it and this is where I was headed in the first place but come Wednesday I had problems with one of my many systems and couldn't get my video card to install kept giving me errors. It was because I used NFR.exe to remove all my Nvidia drivers which removed something from the OS that my motherboard needed being an A7N8X Deluxe - probably for AGP to PCI or something...
Well I did a REPAIR and when this is done you have to re-enter your XP code and the like and re-authenticate with Microsoft, it did this over the net and everything was back the way I remember - WELL SORT OF...
Immediately after Authenticating with Microsoft - I got the SHUTDOWN Screen of course knowing already how to eliminate the bugger and the virus I went through the steps manually and of couse everything was there the registry entry the msblast.exe in both prefetch and system32,
So did it come straight from Microsoft???
SO BE WARNED!!! If you do a fresh re-install even with an fdisk /mbr a format and a nice clean install of Windows or even a simple repair you will immediately be infected until you are able to get the Fix installed from Windows Update... That is if you can get there... Also the fix file that is going around from Symantec and others for the clean up of the virus isn't always working for everyone... Best bet is to do everything manually as described here at Warp2Search in their one article about a manual un-install of it on their site...
The problem is that doing a repair makes the OS think that none of the updates are there and of course we all know a fresh install period doesn't have any fixes or updates either...
Well happy Windows 2000, XP, 2003 Server installs and repairs... This may be something that will need to be done from here on out as standard procedure.
Always on top of the computer updates and drivers etc. and the going ons in the business, IT, MIT, it's what I do for a living...
A lot of people I know and chat with on voice chat were talking to me on Sunday night early morning when they mentioned the SHUTDOWN screen that popped up on their screen while we were actually talking.
I mentioned that, that sounds funny because it sounded like a REMOTE SHUTDOWN that we use in the business and stated never knew it could be done over the net, but just on local networks...
Anyway on Monday the news hit and I was right sort of and the virus began...
I didn't have it and this is where I was headed in the first place but come Wednesday I had problems with one of my many systems and couldn't get my video card to install kept giving me errors. It was because I used NFR.exe to remove all my Nvidia drivers which removed something from the OS that my motherboard needed being an A7N8X Deluxe - probably for AGP to PCI or something...
Well I did a REPAIR and when this is done you have to re-enter your XP code and the like and re-authenticate with Microsoft, it did this over the net and everything was back the way I remember - WELL SORT OF...
Immediately after Authenticating with Microsoft - I got the SHUTDOWN Screen of course knowing already how to eliminate the bugger and the virus I went through the steps manually and of couse everything was there the registry entry the msblast.exe in both prefetch and system32,
So did it come straight from Microsoft???
SO BE WARNED!!! If you do a fresh re-install even with an fdisk /mbr a format and a nice clean install of Windows or even a simple repair you will immediately be infected until you are able to get the Fix installed from Windows Update... That is if you can get there... Also the fix file that is going around from Symantec and others for the clean up of the virus isn't always working for everyone... Best bet is to do everything manually as described here at Warp2Search in their one article about a manual un-install of it on their site...
The problem is that doing a repair makes the OS think that none of the updates are there and of course we all know a fresh install period doesn't have any fixes or updates either...
Well happy Windows 2000, XP, 2003 Server installs and repairs... This may be something that will need to be done from here on out as standard procedure.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
You are not alone... or i should rather say we are not alone..
I have a slightly different story to tell :-
I use WindowsXp Home and Windows Server2003 server editon RC2 3718 (selected for beta-testing) by dual-boot on same machine .
I started getting this shutdown messages for the past 3-4 days .. and was bummed out. I forgot the cancellation cmd .. and the lazy that i am .. booted to linux redhat 9 to stay online and find out what has happening . then i came to know the bast... blaster stiry .. and booted again to Win2k3 .. downloaded and the pacth and tried to applied. (I know you all are stuck to the previous line thinking , A sys-admin and a Editor of a Tech news site yelling everybody to patch forgot his own pc .... well i am guilty and hav suffered for it .. listened to 3 celine dion songs.... non - stop .. also repeating in mind .. "I will be always up-to-date" .)
I kinda drifted there.
Coming back to story,...
I booted to winxp. quickly applied the WinXp home blaster patch. and rebooted too winserver 2003, ran the winserver2003 blast patch, then the whole saga started. the patch flashed a message on screen "This will install only on 3790 ".
.....
.....
.....
I dont wanna type what i said for the next half hour.
I know all you peeps will tell me , "why are you still using RC2 3718 and continuing beta-testing. the product is released . MS is thankfull for your sevices, stop using the beta and get full versiion".
well peeps, when i got selected for beta . in the mail, i was told that i will be use the release/build for period of 1 yr and on 10 machines legally. also i have sent numerous crash reports during the beta period. it shurely must have helped MS to get to bugs and make MS2003 more secure. i atleast deserve to be able to use patchable RC i beta-tested for a year. But MS has decided other-wise, fine i dont hav anything against that.
In the mean while i downloaded the removal tool from symantec and scanned the whole machine twice. Once from win2k3 and once from WinXP . both times it failed to detect any infection my PC is having . Maybe i am infected by a diff varient of it. Investigation is still on.
For all info about the worm and the remedy read this post :- http://www.warp2search.net/modules.php?nam...ticle&sid=13855
I have a slightly different story to tell :-
I use WindowsXp Home and Windows Server2003 server editon RC2 3718 (selected for beta-testing) by dual-boot on same machine .
I started getting this shutdown messages for the past 3-4 days .. and was bummed out. I forgot the cancellation cmd .. and the lazy that i am .. booted to linux redhat 9 to stay online and find out what has happening . then i came to know the bast... blaster stiry .. and booted again to Win2k3 .. downloaded and the pacth and tried to applied. (I know you all are stuck to the previous line thinking , A sys-admin and a Editor of a Tech news site yelling everybody to patch forgot his own pc .... well i am guilty and hav suffered for it .. listened to 3 celine dion songs.... non - stop .. also repeating in mind .. "I will be always up-to-date" .)
I kinda drifted there.
Coming back to story,...
I booted to winxp. quickly applied the WinXp home blaster patch. and rebooted too winserver 2003, ran the winserver2003 blast patch, then the whole saga started. the patch flashed a message on screen "This will install only on 3790 ".
.....
.....
.....
I dont wanna type what i said for the next half hour.
I know all you peeps will tell me , "why are you still using RC2 3718 and continuing beta-testing. the product is released . MS is thankfull for your sevices, stop using the beta and get full versiion".
well peeps, when i got selected for beta . in the mail, i was told that i will be use the release/build for period of 1 yr and on 10 machines legally. also i have sent numerous crash reports during the beta period. it shurely must have helped MS to get to bugs and make MS2003 more secure. i atleast deserve to be able to use patchable RC i beta-tested for a year. But MS has decided other-wise, fine i dont hav anything against that.
In the mean while i downloaded the removal tool from symantec and scanned the whole machine twice. Once from win2k3 and once from WinXP . both times it failed to detect any infection my PC is having . Maybe i am infected by a diff varient of it. Investigation is still on.
For all info about the worm and the remedy read this post :- http://www.warp2search.net/modules.php?nam...ticle&sid=13855
I think you're misinformed about how this vulnerability works. Microsoft IS NOT the proprietor of the spread of this attack. This attack simply exploits a hole in windows security, existing in the NT kernel itself. the attack uses port 135 and UDP port 69 to packet your computer remotely, which causes a buffer underrun, and terminates the RPC service, which is windows critical. Once this takes place, the worm is free to copy itself to your seystem and then begins using your computer to transfer itself to others. So, there are 2 parts to this attack, the vulnerability in windows, and the worm that you get as a result. When you re-installed windows, you restored the OS to a state which was not protected against the vulnerability, and you opened yourelf to the attack. The best solution for a temp fix to this problem is to unplug your internet connection. Get the fixes on a CD, so you can run them without a connection.
Funny you say all that Kyro but I also have many systems (Actual Computers) One with Windows 2003 Server Enterprise, One with Windows XP SP1 Pro, One with Windows 2000, One with Windows 98SE and last but not least One with Linux Red Hat 9. Of course 98 doesn't get the worm and either does Linux but none of my systems had it because of how I am...
I've never used a virus scan (Don't believe in them) and (Never will) which wouldn't have helped in this case... All systems are updated daily if available... But that's just how I am...
Obviously you understood my post and knew most of it was joking around and got the point.
Now on to Agent Orange:
Yes I understand exactly what the worm is and what is going on with it and all the technical jargon you used...
I'm just stating that with this sort of exploit and now that it's there that now people doing fresh installs or even doing repairs will get infected immediately especially if connected to the internet via cable, dsl, etc.
I got it just authenticating Windows XP, "IT WAS THAT QUICK"...
Didn't realize it would be there and working within 3 minutes of being on the net, my damn net card was just initialized when I got the SHUTDOWN Screen.
Yes I understand you can wait to do that and you could unhook the cable, add the patch then hook up cable and then authenticate...
I was just making the point that now there will be a new way to have to set up computers instead of the regular normal way...
As I'm glad you stated the few that now will probably be common place due to this thing...
Windows has become that much harder to install and repair thanks to this worm...
As I said I've been in the computer field for 10 years actually I stated I'm IT, MIT for a living and have seen it all and have fixed it all, this is not a problem for me but for the layman things just got a little more complicated...
PS. Forgot to add... The Microsoft thing was a joke...
I've never used a virus scan (Don't believe in them) and (Never will) which wouldn't have helped in this case... All systems are updated daily if available... But that's just how I am...
Obviously you understood my post and knew most of it was joking around and got the point.
Now on to Agent Orange:
Yes I understand exactly what the worm is and what is going on with it and all the technical jargon you used...
I'm just stating that with this sort of exploit and now that it's there that now people doing fresh installs or even doing repairs will get infected immediately especially if connected to the internet via cable, dsl, etc.
I got it just authenticating Windows XP, "IT WAS THAT QUICK"...
Didn't realize it would be there and working within 3 minutes of being on the net, my damn net card was just initialized when I got the SHUTDOWN Screen.
Yes I understand you can wait to do that and you could unhook the cable, add the patch then hook up cable and then authenticate...
I was just making the point that now there will be a new way to have to set up computers instead of the regular normal way...
As I'm glad you stated the few that now will probably be common place due to this thing...
Windows has become that much harder to install and repair thanks to this worm...
As I said I've been in the computer field for 10 years actually I stated I'm IT, MIT for a living and have seen it all and have fixed it all, this is not a problem for me but for the layman things just got a little more complicated...
PS. Forgot to add... The Microsoft thing was a joke...
But the Thing is No one has even sudjested that with a firewall and Virus checker enabled you dont get the Blaster worm, does no one use then these days ??
Yeah considering it's free and built into XP...
I don't use anything for protection... Not even a condom...
The firewall stops from being able to use remote administration and voice chat, when the firewall is enable you can't even ping the system...
Virus Scanners are a waist of resources and my personal feeling about those are that the virus's are created by the virus companies or people that they pay so that you buy their product... (Lets open up a can of WOMRS here) No pun intended...
Which product are you going to buy the one that fixes the problems the fastest and the most, well if the guy is on your team you already know the cure...
I've never had a virus scanner or use a firewall and I download gigs of info daily from all over and have been for over 10 years and have 5 systems connected 24/7 and nothing on any of them...
And as I mentioned earlier the only reason I got it or anything this time was my REPAIR of Windows... And it was a breeze to stop and fix manually... I knew most of the cure without reading about it...
Besides if you get one just fdisk /mbr and format and re-install - YOUR BACK!!!
Now for the layman a virus scanner is good because they open all emails and don't know how to fdisk and format and re-install...
All my email is deleted except those on my contact list... I don't read their emails either if it's just garbage...
Oh well that was fun... My fingers are tired of talking... :lol:
I don't use anything for protection... Not even a condom...
The firewall stops from being able to use remote administration and voice chat, when the firewall is enable you can't even ping the system...
Virus Scanners are a waist of resources and my personal feeling about those are that the virus's are created by the virus companies or people that they pay so that you buy their product... (Lets open up a can of WOMRS here) No pun intended...
Which product are you going to buy the one that fixes the problems the fastest and the most, well if the guy is on your team you already know the cure...
I've never had a virus scanner or use a firewall and I download gigs of info daily from all over and have been for over 10 years and have 5 systems connected 24/7 and nothing on any of them...
And as I mentioned earlier the only reason I got it or anything this time was my REPAIR of Windows... And it was a breeze to stop and fix manually... I knew most of the cure without reading about it...
Besides if you get one just fdisk /mbr and format and re-install - YOUR BACK!!!
Now for the layman a virus scanner is good because they open all emails and don't know how to fdisk and format and re-install...
All my email is deleted except those on my contact list... I don't read their emails either if it's just garbage...
Oh well that was fun... My fingers are tired of talking... :lol:
I had that worm thing that shuts down you're pc. If anybody has it and the want the link to get the patch here it is
http://www.microsoft.com/downloads/details...&displaylang=en
Its only about 1 meg or so.
http://www.microsoft.com/downloads/details...&displaylang=en
Its only about 1 meg or so.