[Weimer]

I was up until 5:30 this morning repairing my PC. I got home at 1:00 last night and the wifey says the PC is all hosed up. Kept getting a RPC error then would reboot itself in 60 sec. Figured out how to stop the reboot and then tried to dowload MS's patch to fix...PC would lock up Finally got it straightened out now, so if anyone runs into this W32.BLASTER.WORM give me a message...I got it nailed down now.
It really sucks when you start losing things on your PC as you are sitting there watching.
Got it fixed now so, all is good!
P.S. KAZAA does NOT have anything to do this worm...its a anti-firewall thing.
Later,
WEIMER

[gt2betubbed]

I took Kazaa off my PC last week. I saw on the news that comcast is complying with our local police dept. and they have already hit a couple of homes. They say the fine can be up to $150,000 per song downloaded. It all sounded like a scare tactic, but still scared me enough to take it off. What sucks is NOW I can think of songs I want to download.....

[Hippie]

Just received a warning from my ISP about this one and downloaded and installed the patch from Microsoft on my PC. Now to do the other 3. I also downloaded the removal tool from Symantec just in case. I got nailed with the W32 Klez virus a few months ago. I'd like to get my hands on the SOB's that do this.

[Jon]

You can use a cheap mac for email (under $200 on ebay), and you'll be virtually guaranteed to never get a virus.

gt2betubbed -- it looks like the crackdown on illegal file-sharing may be more than just a scare tactic. I just read a decent article about it in SearchDay. A few quotes:

Quote:

The battle has escalated this year, with the RIAA shifting its targets from companies to individual users. On June 25, 2003, the RIAA announced that it will begin suing users of peer-to-peer (P2P) file-sharing systems beginning at the end of August.

Quote:

How does the RIAA identify those users? By using software that scans users' publicly available P2P directories, and then identifies the ISP of each user. Then, under the provisions of the controversial Digital Millennium Copyright Act (DMCA), the RIAA subpoenas ISPs for each user's name, address, and other personal information. The RIAA will then sue those individuals.

The Electronic Frontier Foundation (EFF) is helping users deal with the draconian tactics of the music industry cartel. It has created a Subpoena Database that lets you check the user names and IP addresses used on a file sharing service against a database of those user names specified in hundreds of subpoenas the RIAA issued to Internet Service Providers (ISPs).

If you're concerned, it wouldn't hurt to run a quick check of your username or IP against the subpoena database.

Also, most of those file-sharing programs are known among webmasters as "scumware". Not because of the illegal exchange of software, but because the way those programs make money is by illegally changing websites by adding popups, advertisements, or links to advertisers. I can't tell you how many angry emails I've received from people who are disappointed at the popups, advertising, or pornography on Hotrodders.com. Trying to explain that it's not our doing is usually impossible. More info is at http://www.scumware.com .

[CET]

Ah, Jon, by typing in your IP are you not just adding it to their database. IE they can now search for yours cause if you are checking you obviously file share?

I know it says they don't log anything but I never trust those I don't know.

[Jon]

Quote:

Originally posted by CET
Ah, Jon, by typing in your IP are you not just adding it to their database. IE they can now search for yours cause if you are checking you obviously file share?

The EFF and the RIAA are on opposite sides in this battle. The subpoena database is provided by the EFF, so it would be unlikely that they'd use information against file sharers. Either way, it's academic -- they either already have your username/IP, or you're not on the list. Entering it doesn't change things one way or the other.

[dmorris1200]

Hey Weimer, if you're still there can I assume I don't have this virus if my computer isn't rebooting itself? Should I be looking for anything else?

[gt2betubbed]

Thanks for the info Jon. That sucks to hear about the pop-ups, luckily I haven't gotten any. It wouldn't be too great if I were here at work, and then a big pop up of a naked lady came up. lol.

[syclone]

The RPC error is very simple to fix and weimer you should not have lost anything because it is a nondestructive worm. It is effecting any microsoft software the has internet explorer.
Got to start, then run
type REGEDIT hit enter
select HKEY_LOCAL_MACHINE
then SOFTWARE
then MICROSOFT
then WINDOWS
then CURRENTVERSION
then RUN
then on the right go to and select WINDOWS AUTOUPDATE MSBLAST.EXE and delete it

the worm opens up everytime your cpu is started

[Forkliftguy]

Since we're all talking viruses, I'm having an issue with IE6.0. I did a virus scan and my system comes up clean. The problem I have is when I open a link like the spell checker for example (not just on this site, any link of any sites) the new window opens like it should, but the window thats in behind the new window remains in view and nothing else shows up in the new window. If I move the new window around the section of the old window that was behind it moves with it. I hven't found anything in microsofts database that could fix it. I tried to reinstall IE, no good. If anyone has encountered this and knows how to fix it or can direct to where I might find the info to fix that would be awesome, I'm running Win98a.


Thanks
Marc

Update to my question. I noticed that when I revert back to version 5.whatever everything works fine, once I do the upgrade again to the latest version it starts to screw up.

[senor_limpio]

In addition to syclone's message, you will also want to go in to your windows explorer and navigate to your C:\Windows\System32 directory and delete mblast.exe from there as well.

Señor

[Weimer]

I am not going to get into a long/heated discussion about how this worm works or why....but Syclone you may want to check your resources...and I was starting to lose thngs because I learned the hard way of how to fix it.

Here is an easier way to fix it.
Note the Symantec download is a REMOVAL TOOL and the Microsoft Download is a PATCH...2 seperate things.

If your PC keeps rebooting and you cannot download anything do this:
1)Click START
2)Click RUN
3)Type SHUTDOWN -A
4)Click OK
5)Go to Symantec Removal Tool
6)FOLLOW INSTRUCTIONS EXACTLY...pretty easy to understand
7)Go to Microsoft Patch
8) Download the PATCH
9)Install the Patch
10) Reboot your system.

I hope that this works for you...PS make sure that you follow the EXACT directions from SYMANTEC

Later,
WEIMER


08-13-2003 02:30 PM

[Jon]

Quote:

Originally posted by Forkliftguy
The problem I have is when I open a link like the spell checker for example (not just on this site, any link of any sites) the new window opens like it should, but the window thats in behind the new window remains in view and nothing else shows up in the new window. If I move the new window around the section of the old window that was behind it moves with it...I noticed that when I revert back to version 5.whatever everything works fine, once I do the upgrade again to the latest version it starts to screw up.

If you have a version that works fine, stick with it. No need to upgrade. I have plenty of software versions that are 3 years old, 5 years old, or more. The window display issue is a common error; it relies on a touchy programming language (JavaScript) that is prone to inconsistencies with version upgrades. If there's a feature in a newer software version that you can't live without, go for it. Otherwise, no need to upgrade. Many software upgrades now are simply to incorporate new advertising partnerships, and offer no significant end-user advantages.

[Weimer]

Quote:

Originally posted by Jon
If you have a version that works fine, stick with it. Many software upgrades now are simply to incorporate new advertising partnerships, and offer no significant end-user advantages.

AMEN TO THAT BRO!!! I have been having problems with my BRAND NEW router that I just got in the mail a few days ago...could not get it to connect for nothing. I did get it to connect today for a little while then it disconnected and was all she wrote. After talking to 3 or 4 people that I couldn't understand, I figured out that I needed to upgrade the router's FIRMware(as opposed to SOFTware?!)
Who the hell thought up this crap?!!!
Anyways...got the kiddies back on line now, they should be happy to be 'net-bound when they wake up in the morn.
Later,
WEIMER

[Kevin45]

Here is the info and what to do. http://www.symantec.com/avcenter/ven...ster.worm.html

Also off of the Symantec site...what it affects and what it doesn't.

Also Known As: W32/Lovsan.worm [McAfee], Win32.Poza [CA], Lovsan [F-Secure], WORM_MSBLAST.A [Trend], W32/Blaster-A [Sophos], W32/Blaster [Panda]

Type: Worm
Infection Length: 6,176 bytes



Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me, Windows NT
CVE References: CAN-2003-0352




Kevin