Msblast/mspoza worm virus

[darbey]

Hope youve all got your virus protection up to date

The virus is due to start its dos attacks as from midnight.

Spent all damn week cleaning this , it even affected my home pc despite having NAV updated.

 

[mucking_fuppet]

It's Skynet...

 

[darbey]

Yes , u need to go into your cellars , stock up on tinned food and wrap yourszelf in tin foil. Judgement day is here.

 

[dukat_lionheart]

<hides> <eats tinned food>

 

[kinag]

Got my firewall up, had 42 attacks blocked in the last 2 hours, the Lovsan Worm is trying to hack my comp

 

[rynnor]

WIN98FORTEHWIN!!11!!!

 

[dukat_lionheart]

humm.. does it have to be tinned? have you got somthing against sealed packets? damn you!

 

[old.Dillinja]

Don't have any anti-virus software not planning on getting any, looks like I'm fucked.

 

[dukat_lionheart]

Originally posted by old.Dillinja
Don't have any anti-virus software not planning on getting any, looks like I'm fucked.

follow the expert advise in the 3rd post...

Originally posted by darbey
Yes , u need to go into your cellars , stock up on tinned food and wrap yourszelf in tin foil. Judgement day is here.

and yes, the tin foil is nessecary!

seriously tho.. cant u just like, stay off the net for a few hours?

 

[old.Dillinja]

I have broadband, computer is constantly connected unless I turn it off. I'll try to let you know if anything happens though.

 

[dukat_lionheart]

ok m8y, good luck though, i am going down to the cellar now hehe

TINNEDFOOD4TEHWIN

 

[old.Dillinja]

Hold on a sec, I think there's a T-1000 in my back garden.

 

[old.Hardbein]

Viruses pays my bills Next paycheck will have BLASTER written all over it. Givf more viruses imo

 

[dukat_lionheart]

hehe found and deleted msblast.exe, re-imaged comp.... seemed a bit too easy. i am still rapped in tin foil tho, just incase

 

[Brunore]

Originally posted by dukat_lionheart
i am still rapped in tin foil tho, just incase

Good man

 

[old.Dillinja]

Did a search for it... Found nothing, if it is on my computer, it's invisible.

 

[Cyradix]

Originally posted by mucking_fuppet
It's Skynet...

Skynet is actually the name of my ISP....

 

[kinag]

Good I got my firewall up Norton Internet Security

 

[darbey]

Originally posted by old.Dillinja
Did a search for it... Found nothing, if it is on my computer, it's invisible.

2 of my av scanners didnt pick it up and ive tried a couple since that didnt , the sysmptoms are what normally gives it away
for those not familiar with it ill be as non technical as possible.

If your computer is giving you an error with windows auto update, then counting down from 60 seconds before resetting, you are already infected. Check your task manager, if you see a program called msblast.exe, you are already infected.

Simply this is a worm that requires NO executions by the user, just an open and unprotected port on your connection. Once a computer is infected, it executes the virus and automatically spamming random IPs on port 135 (you are probably getting spammed now).. ISPs are basically overflowed with traffic right now with viruses spamming other systems. Once it finds an unprotected IP, it sends the 8kb msblast.exe file, and that user is then infected, and then begins spamming other IPs before shutting down the system.

Good news it its easy to get rid of

***First, if you are infected, hurry to this site and download Stinger.exe here. This will remove the different variants of worms including this one.

http://vil.nai.com/vil/stinger/

As soon as it is downloaded, disconnect and run Stinger to eradicate the virus from your system. Now would be a good time to start up firewall before continuing to the next step.

***Next, connect to the net through your firewall or behind a router and go download the MS Security Patch here:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

This will fix the security leak that the virus is using to access your computer through. Reset your computer after install, you now should be safe.

If youre infected and find you cannot stinger D/l in time u will need to stop the RPC from restarting your machine. As it counts down you will find Remote Procedure Call in your services list . Go to properties and switch the (restart when this device fails) to (takes no action).

Heres how to get there for win xp if you dont know how.
1. Go to control panel
2. Go to perfomance and maintenance
3. Then administrative tools
4. Double click the "services" icon
5. Find "Remote Procedure Call" about midway down
6. Right-click it and go to properties
7. On the recovery tab switch First Failure from (restart the computer) to (take no action), do the same on second failure and subsequent failures.


Hope this helps. I know theres a helluva lot of people been infected by this.

 

[Jonaldo]

I'll just chain my dog to the pc to scare off any worms

 

[speshneeds]

AV generally wont do sod all about it... firewall will flag it straight away tho

 

[kinag]

I have been SPAMMED WITH ATTACKS on my firewall, its like 64 an hour, its absolutly not fun at all, but my firewall is blocking them..

Its different IP's everytime I think.. si it is the worm trying to dig his hole in...

 

[dukat_lionheart]

hehe TINFOIL4TEHWIN!!! i got away scott-free, no msblasty on me comp, looks like darbey was spot on! good call that man!

 

[Tasans]

No anti-virus installed but i dont find anything on my pc
Looks like i got away this time.

 

[darbey]

Originally posted by dukat_lionheart
hehe TINFOIL4TEHWIN!!! i got away scott-free, no msblasty on me comp, looks like darbey was spot on! good call that man!

Woman 8) u dont think a man would be as good as me do u ? Heheh

 

[kinag]

Originally posted by darbey
Woman 8) u dont think a man would be as good as me do u ? Heheh

girls

 

[dukat_lionheart]

lmao, i aint getting into this discussion, it usually ends in tears

 

[Danya]

Originally posted by kinag
I have been SPAMMED WITH ATTACKS on my firewall, its like 64 an hour, its absolutly not fun at all, but my firewall is blocking them..

Its different IP's everytime I think.. si it is the worm trying to dig his hole in...

I'm getting 5-10 per hour, guess it hates you.