HikeArizona.COM

Well - my computer is hosed. I got the "blaster worm" virus - and, BTW, doesn't that just sound just a little too male if you know what I mean?

I've been trying to clean that farging bastich from my hard drives for 2 days now with little success. My conclusion? Mcaffee sucks, Norton is slightly better. Mcaffee recognizes that the virus is there, but can't do anything about it, Norton is able to quarantine it, but can't seem to completely rid my computer of the effects of the virus.

The primary problem is that my svchost.exe is hosed, and that has created REAL problems for my Win 2K hard drive, meanwhile my Win XP HD may be a total loss.

Seriously - this has totally hosed my computer.

Not sure if we had the full blown Blaster...but, we had the one that popped up the window and then shut down the computers. I was able to edit the registry and delete a couple of files after rebooting in safe mode, and everything seems to be ok now. Also downloaded a free trail Personal Firewall from Norton. I was surprized at how many computers were trying to get in!

Do you know how your PC was compromised?

Not entirely - but the only online activity I had the day I got infected (besides some stuff from my corporate e-mail, but that was through a firewall, and some pretty secure computers - also I don't think I had any attachments that day) I downloaded a program from Download.com (spybot was the specific program).

I'm guessing the virus piggy-backed along with that file. Although it could also have come form the corporate e-mail. Who knows? Viruses are sneaky things, and this one is pretty small as far as file size goes, so it could have come from just about anywhere.

I finally cleared the thing tonight, but it managed to cause a little trouble with a few files that will have to be replaced, so the problems still continue.

I think the biggest problem was that the worm let in about 20 other viruses that did the actual damage. My anti-virus software cleaned about 40 programs from the two hard drives - a few duplicates.

Wow. Ugly.

In response to olesma's reply:

This attached file will clean the blaster viruses off your system. Follow the instructions in the .doc. Hope this helps .

Thanks for the fix Glenn - I appreciate the help.

I am back! I think we killed this nasty, vile, worm :twisted: that attacked our system Monday sometime. Got our system back up Thursday evening and have been holding my breath since.

If you are using a disk version of Mcaffee then I will have to agree with you. I use Mcafee virus online and it updated immediately to combat the Blaster worm, I also use ZoneAlarm firewall (free) and so far have not had a single virus yet......

If you have "Windows Update" active there shouldn't be anything to worry about at this point. Well, at least until the copy cats come out.

Once again, with all viruses they don't magically appear in your system. Don't open ANY attachments in e-mails unless you specifically expect it. If you download music, photos or programs that you darn well know aren't legal you are vulnerable.

I still recommend cleaning house as some piggyback the spy and adware
http://lavasoft.element5.com/software/adaware/
you'd be surprised what's lurking in your system

Yep - I absolutely agree with Joe. I am usually extremely careful about what I get on my computer - I don't download much, and the only e-mail I get is through my corporate service - I use Hotmail for most everything else and almost never download any attachments from there (unless I absolutely know who the e-mail is from). Yet I still got the virus. Those hackers are sneaky bastiches.

It is amazing the amount of crap that your computer can gather from random downloads.

BTW as an update - I finally cleaned my system and downloaded a couple of patches here and there, and my system is back up and running as good as ever. I've had viruses before - but this one was by far the most troubling one I've ever had.

I did find out though that it hit Bank of America pretty good though. Spanked quite a number of their servers. So I probably did get it through them.

Hey guys....

Just a heads up on the MSBlaster virus aka Blaster aka LovSan.


This is NOT something that arrives attached to an email....there is a vulnerability in the DCOM/RCP in OS of Win NT, XP and 2000 and this worm randomly seeks IP addresses searching for that vulnerability. You need to make sure you have downloaded the patch from Microsoft if you have any of these OS. Bill Gates must have pissed off one of his programmers to come up with this one! :

If your PC continually shuts down and restarts you probably have the virus.

If you go to Microsoft.com you can download the patch

Mcafee.com and Symantec.com offer good advice on how to clean your system if you think you're infected.

Hope this helps.

Trish

In response to Trishness' reply:

hey, thx Trish!

do tight port firewalls keep this badboy out?

In response to joe bartels' reply:

If you have a firewall, good UP TO DATE antiviral software AND have applied the patch from Microsoft....you should be OK. If you're running win 2000 (as I am) you can always change the TCP/IP settings manually......but all the servers I know of in the valley including Cox.net, Qwest.net and Mediacom.net are blocking data filtering in on port 135 (the port of choice for this virus). If you have no firewall, the link for instructions for the manual setup is as follows

http://support.microsoft.com/?id=309798

Anti viral software will detect the virus but you need a firewall and the patch from Microsoft to completely stop it from entering your system. I think that the link above will take you to the patch site as well. Otherwise go to Microsoft.com and you'll find it there. A good firewall to get (FREE) is Zone Alarm.......you can download it from CNET. If you already have a firewall, look for blocked incoming data on port 135. I've already seen it on mine, but it was successfully blocked. I hope this helps.


Trish