Reply to THIS thread
Start a NEW Talkback Thread
Talkback Home

Blaster worm virus - Freddie Dawkins (13th Aug 2003 - 11:10:47) I was unlucky enough to get caught by this on Monday night, as I run Windows 2000 Professional. After a very frustrating day yesterday, finding patches which would not run, I've managed to use both the MS and Symantec patches and dumped the evil worm file. If anyone is still having problems and wants some free help, just ask. Freddie Dawkins

Re: Blaster worm virus - Liphook.co.uk Editor (14th Aug 2003 - 10:33:27) Hi Freddie, We've had a lot of our clients with this problem, the following instructions work very well to remove the virus from your PC. ** USE AT YOUR OWN RISK ** Symptoms of Infection : Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory Error messages about the RPC service failing (causes system to reboot) This worm spreads by exploiting a recent vulnerability in Microsoft Windows. The worm scans random ranges of IP addresses on port 135. 1. As soon as you get into windows, go to task manager and end process on msblast.exe 2. Run regedit and remove the key, HKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsCurrentVersion Run "windows auto update" = msblast.exe 3. Search for msblast.exe on the system drive and delete any copy that is found. 4. Disconnect any connection to the internet or to the network. 5. Reboot the computer. Hope that helps. Mark Editor

Re: Blaster worm virus - Freddie Dawkins (14th Aug 2003 - 11:13:13) Hi, Mark - Good advice. But also watch out for another version, it calls itself lovDan.exe and also places itself in the system file. It's not as common but some kind of corruption of the Blaster worm. I found this out through BT Broadband's helpdesk opn Monday. Also, the Blaster worm will not necessarily shut down your computer. It will certainly attack your Network/Dial Up connections folder and it will make them disappear. To get a connection to the Internet, you have to manually go into Dialup/Network connection folder within Control Panels, and make a new dial up connection script. Then you can dial up both MS Security site and download the patch, and also Symantec, to run the virus out subset. Symantec are offering this free to anyone and it works really well. Means it finds all/any versions of Blaster/lovDan that it finds on your hard disk. Of course, it helps if you have remembered to write down your account name/passwords/dial up number etc. Some people forget! Still, made me update all my vius protection software and firewall subscriptions. cheers Freddie

Re: Blaster worm virus - Freddie Dawkins (2nd Sep 2003 - 11:27:04) And if anyone's wondering why I've been so quiet for 2 weeks, well I eat humble pie. I got caught by a variant of the original virus and it's taken 2 weeks to get a CD fix from Microsoft. The problem was that I could not even make a manual diasl-up connection, to get the right patch to sort the problem, and my OS level was too low (This was L1 under Prof2000). I've now got Service Pack Level 4, so if anyone needs help, let me know and I'd be happy to assist. Reconnected Freddie!

Reply to THIS thread
Talkback Home