Glasgow Guide Home

Whats On Glasgow Guide
  Glasgow What's On


    Glasgow Reviews


    Glasgow Gallery


      Glasgow Links
Discuss | Guestbook | Postcard | News | Weather | Feedback | Search | About | What's New
Glasgow Guide Discussion Boards

Welcome Guest ( Log In | Register )                >> View Today's Topics <<

 
Reply to this topicStart new topic
> Blaster Worm, This is affecting lots of PCs.
GG
post 12th Aug 2003, 05:41pm
Post #1


Administrator
Group Icon
Posts: 9,121
Joined: 25th Jul 2003
From: Glasgow
Member No.: 1
If you run a PC with Windows XP or 2000 you should check out the advice in the following news stories which are breaking around the world. Basically, if your PC does not have fairly up-to-date (within last month) patches for the operating system (or good, up-to-date anti-virus software)then you will be at risk. The problems it causes are diverse -- from shutting down your PC automatically to stopping some applications working -- and ultimately it will allow your PC to be used for a DNS (Denial of Service) attack on Microsoft Update servers.

To find more info go to Google News:

http://news.google.com/

and search for stories on the words:

blaster worm

I'll answer any questions I can on this later, but have a look first.

GG.


--------------------
Help: Register :: Login :: Forgot password? :: gg@glasgowguide.co.uk
Go to the top of the page
 
+Quote Post
thebardau
post 13th Aug 2003, 12:06am
Post #2


Super City Key Holder
******
Posts: 755
Joined: 27th Jul 2003
Member No.: 20
Thanks for that, GG. First thing to greet me today was a frantic email from a friend & I'd no idea which malware she had. There's nmore info about cleaning the pest here
http://www3.ca.com/solutions/collateral.as...27081&CID=48952
Go to the top of the page
 
+Quote Post
thebardau
post 13th Aug 2003, 01:48am
Post #3


Super City Key Holder
******
Posts: 755
Joined: 27th Jul 2003
Member No.: 20
Blaster must be a nasty one. Update your A/V & get your Windows patches ASAP because this worm is supposedly going to attempt a denial of service attack on the Windows Update site soon. Plenty of info from the Ziff-Davis n/letter - just arrived -

Windows Worm on the Lose

Don't say we didn't warn you. In mid July, we brought you
details about a DCOM hole inside many versions of Windows,
and showed you how to patch it. Curiously, not everyone did.
It's almost too late, because a nasty worm is making the
rounds that'll spring into life on Saturday and attempt a
denial of service attack on Microsoft's Windows Update site.
Don't delay! Patch today, and save the Internet. We've got
all the details on where and how to keep yourself safe, and
we'll be updating our special report as this fast-moving
situation develops.

Windows Vulnerable to DCom Hole:
http://eletters.wnn.ziffdavis.com/zd/cts?d...1-584694-1978-1

Protect Yourself From Fast Moving Windows Worm:
http://eletters.wnn.ziffdavis.com/zd/cts?d...1-584694-1981-1

Windows Security Special Report:
http://eletters.wnn.ziffdavis.com/zd/cts?d...1-584694-1984-1


Microsoft Sleeps With the Enemy

To get the message out about the DCOM vulnerability,
Microsoft turned to a surprising partner -- known bulk
e-mailer Digital Impact. Even worse, we uncovered some
serious flaws in that mail-blast, including violations of
Microsoft's own policies, and surreptitious tracking of
users. Why is Microsoft consorting with Sp@m vendors? Read
our shocking report.

Microsoft's Shady E-mail Partner:
http://eletters.wnn.ziffdavis.com/zd/cts?d...1-584694-1987-1
Go to the top of the page
 
+Quote Post
GG
post 13th Aug 2003, 12:00pm
Post #4


Administrator
Group Icon
Posts: 9,121
Joined: 25th Jul 2003
From: Glasgow
Member No.: 1
See here for more info and a solution:

http://www.rediff.com/netguide/2003/aug/13msblast.htm


--------------------
Help: Register :: Login :: Forgot password? :: gg@glasgowguide.co.uk
Go to the top of the page
 
+Quote Post
Melody
post 13th Aug 2003, 12:43pm
Post #5


Mega City Key Holder
******
Posts: 15,233
Joined: 2nd Aug 2003
From: Glasgow
Member No.: 235
Thanks Ed. and Martin, I've just downloaded that patch wizard thing, is that all I have to do? Not very technical as you see.
Go to the top of the page
 
+Quote Post
GG
post 13th Aug 2003, 03:14pm
Post #6


Administrator
Group Icon
Posts: 9,121
Joined: 25th Jul 2003
From: Glasgow
Member No.: 1
Yes, run the Symantec "FixBlast.exe" mini-programme which will dind and remove the worm (if present) and will then direct you to where you can download the patch to protect you from future occurences of this type of worm.

GG.


--------------------
Help: Register :: Login :: Forgot password? :: gg@glasgowguide.co.uk
Go to the top of the page
 
+Quote Post
Archie Millar
post 13th Aug 2003, 05:12pm
Post #7


Super City Key Holder
******
Posts: 813
Joined: 27th Jul 2003
From: HEREFORD ENGLAND
Member No.: 3
Thanks Martin
I think that is my trouble--as soon as I connect to the internet,I get the message

NT AUTHORITY/SYSTEM
REMOTE PROCEDURE CALL TERMINATED

The machine shuts down


--------------------
am still standin'

--
GG Update:

Sadly Archie passed away in March 2007:

http://discuss.glasgowguide.co.uk/index.php?showtopic=8646

GG.
Go to the top of the page
 
+Quote Post
GG
post 13th Aug 2003, 05:35pm
Post #8


Administrator
Group Icon
Posts: 9,121
Joined: 25th Jul 2003
From: Glasgow
Member No.: 1
That sounds very much like it (99.9%), you need to download:

http://securityresponse.symantec.com/avcen...er/FixBlast.exe

To confirm you have the virus. If you do this tool will confirm it and remove it. It's a small download so you might be able to save it before being shut down.

Full (and overly lengthy, beacuse it deals with multiple operating systems) instructions are here:

http://securityresponse.symantec.com/avcen...moval.tool.html

Basically you run the tool, it searches your hard drive for the Blaster trojan and removes it, then it takes you to a page where you can download the patch: to patch Port 135 on your PC which is where the trojan is 'getting in'.

Good Luck!

Let's know how you get on.


--------------------
Help: Register :: Login :: Forgot password? :: gg@glasgowguide.co.uk
Go to the top of the page
 
+Quote Post
GG
post 13th Aug 2003, 05:38pm
Post #9


Administrator
Group Icon
Posts: 9,121
Joined: 25th Jul 2003
From: Glasgow
Member No.: 1
Also note this easy way to confirm the wee beastie:

Are you infected?

Right click on the 'task bar' and select 'Task Manager'. Click on the 'Processes' tab. If you can find a process called msblast.exe, then your system is infected.

--

Note that most up-to-date anti-virus software will identify and remove the trojan, but you should also use the patch to block that port.


--------------------
Help: Register :: Login :: Forgot password? :: gg@glasgowguide.co.uk
Go to the top of the page
 
+Quote Post
thebardau
post 14th Aug 2003, 06:02am
Post #10


Super City Key Holder
******
Posts: 755
Joined: 27th Jul 2003
Member No.: 20
Saw this in a newsletter today - dunno if it's true or not, but maybe worth mentioning about this worm:-

"One of the symptoms reportedly is that your computer automatically restarts every 60 seconds, making it quite difficult for you to download and install the necessary patch.
Word is that you can delay the restart by double-clicking on your
computer's clock and then changing the year to 2002."

Wotta dirty trick if it is true!
Go to the top of the page
 
+Quote Post
Archie Millar
post 14th Aug 2003, 07:05am
Post #11


Super City Key Holder
******
Posts: 813
Joined: 27th Jul 2003
From: HEREFORD ENGLAND
Member No.: 3
DEFINATELY INFECTED
I did what you said Martin clicked on the Task Bar , followed your instructions and found msblast exe shutting down agai


--------------------
am still standin'

--
GG Update:

Sadly Archie passed away in March 2007:

http://discuss.glasgowguide.co.uk/index.php?showtopic=8646

GG.
Go to the top of the page
 
+Quote Post
Archie Millar
post 14th Aug 2003, 03:27pm
Post #12


Super City Key Holder
******
Posts: 813
Joined: 27th Jul 2003
From: HEREFORD ENGLAND
Member No.: 3
Got it fixed Martin--Installing an Anti virus prog. Archie


--------------------
am still standin'

--
GG Update:

Sadly Archie passed away in March 2007:

http://discuss.glasgowguide.co.uk/index.php?showtopic=8646

GG.
Go to the top of the page
 
+Quote Post
Fearn
post 14th Aug 2003, 04:30pm
Post #13


Super City Key Holder
******
Posts: 944
Joined: 28th Jul 2003
From: North of Toronto, Canada
Member No.: 59
The worm is here too - this might be helpful -


TORONTO STAR - Thu. Aug. 14, 2003. | Updated at 11:34 AM

http://www.thestar.com

Aug. 14, 2003. 06:33 AM
Here's how to deworm your computer


BY JOSH RUBIN
STAFF REPORTER THESTAR.COM
If you think you've got the lovsan worm on your computer, you can get rid of it with a few basic steps and a little time, says security expert Tom Slodichak.

The worm seems scary because users don't even have to open an e-mail to catch it, but it's relatively simple to take care of, according to Slodichak.

"This isn't really all that sophisticated a worm. It doesn't try to hide itself like some worms do,'' said Slodichak, chief security officer at WhiteHat Inc., a computer security firm. He suggests taking the following steps to clean up your computer. These instructions work for Windows XP, Windows NT and Windows 2000:

Hit control-alt-delete to call up the task manager;

In task manager, select the "processes'' tab;

In processes, look for a file named msblast.exe, then delete it by clicking "end process;''

That will keep the worm from running while you're still signed on. Next, according to Slodichak, comes getting it off your computer, and downloading a security patch from Microsoft to make sure it can't get on again:

Using the search tool found under the Start button, search for the file "msblast.exe,'' then delete it;

Right-click on the recycle bin on your desktop, then choose "empty recycle bin;''

From the Start button, choose the "Run'' option;

In the white box that comes up when you choose the "Run'' option, type in "regedit,'' then click OK or hit the Enter key;

Hit the F3 key, which brings up another search window;

Search for "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update,'' then delete it;

Go to Microsoft's Web site where they've provided a security patch;


Under the "Patch Availability'' section, choose the operating system you use, then download and install the patch..

To remove msblast.exe from your startup menu, click "Start,'' then "Run,'' then type "MSConfig'' into the space provided. Press "Enter'' and the startup box appears. Click on the rightmost tab "startup,'' look for msblast.exe and uncheck the box beside it

For people using Windows XP, the worm has the annoying habit of constantly rebooting the computer. If that's the case for you, you'll have to take an additional step before you start cleaning things up. When the shutdown dialog box appears on your screen, click Start / Run, then type "shutdown a'' and hit Enter. That will keep your computer from rebooting again.
------------------------------------------------------------------------

Good Luck to all.
Go to the top of the page
 
+Quote Post
thebardau
post 15th Aug 2003, 06:03am
Post #14


Super City Key Holder
******
Posts: 755
Joined: 27th Jul 2003
Member No.: 20
Glad you're all right now, Archie Miller - & my friend [of the frantic email to me] is too. And I'm rapt that you're installing A/V - everyone needs one, also a software firewall. Well, Fearn, you must be pretty pleased cos you use a Mac - & Windows98 users can also feel relieved cos they weren't affected by this either.
Go to the top of the page
 
+Quote Post
Fearn
post 15th Aug 2003, 09:16pm
Post #15


Super City Key Holder
******
Posts: 944
Joined: 28th Jul 2003
From: North of Toronto, Canada
Member No.: 59
There are times when your System, Hardware, Software does not matter - 4.11pm EST yesterday we were all shut down - no electricity.

Growing up in Glasgow during WW2 I was prepared - we have two antique pariffin lamps - I love them and keep them primed. Then I dug out my candle collection - ever the Scot, I had ''just lit, half used and (to others) not worth keeping stubs" - out they came. As darkness fell we had light. We also had kettles, pots and a bath tub filled with water - and from the basement we dug out a Coleman stove - we could cook and eat! Goofed on the battery powered radio - we had to start a car to get any news! Have to say that little trip took time - we live on the 19th floor of a building with 200+ suites - only one elevator was working- getting down to the parking level took time - getting back home was not easy.

Like everyone else it seems, I was trapped in the 'speed dial' thing with the 'phone - had to dig out my diary to call friends.....we just don't remember phone numbers any more......keep your diary up to date!

There were neighbours with real concerns - Marie, a floor below us, is a paraplegic, she's lived alone for 30 years now and seldom asks for assistance, preferring to be as independent as possible, a dear lady, we've respected that desire while making her aware that we're there when needed - we don't intrude - but her life depends on electricity and the assistance of health care professions, friends and neighbours. Without help she can't recharge her wheelchair battery, without that, she can't go anywhere to shop and pick up necessities.

This blackout (or whatever you chose to call it) has reinforced our concern for our neighbours - think it's safe to say that many new friendships have been started and the realisition that not one of us is totally self-sufficient has been reinforced. I'm kinda proud to say that the able bodied have banded together to look out for the less fortunate......it's to be hoped that we will not forget.

I'm probably in the wrong 'thread' but...........
Go to the top of the page
 
+Quote Post

Fast ReplyReply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 17th Oct 2019

All material in the site Glasgow Guide is copyright of the Glasgow Guide Organisation. This material is for your own private use only, and no part of the site may be reproduced, amended, modified, copied, or transmitted to third parties, by any means whatsoever without the prior written permission of the copyright owner. All rights reserved.

Glasgow Hotels: book cheap hotels in Glasgow online now.