Jump to content


Photo

I have vent about this one...


  • Please log in to reply
5 replies to this topic

#1 aggscott

aggscott

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 21 July 2004 - 11:56 AM

Over the past weekend I had the MS Blaster worm on my computer, what a horrible thing to happen to someone.

First, it took right over my computer, it would shut it off when it wanted to, and I couldn't get onto anything. Then there was no way for me to get rid of it, so as a last resort we restarted the computer back to the very beginning. All those things we lost and now I have to re-do all my e-mail addresses, bookmarks, etc. What a pain in the :grrr: well, you know what I mean.....

Now, I have alot of things on my computer to protect it. I am alot more educated about spyware,virus's, all of it. I never read so much in my life as I have this past week but, I am learning and I will try to never let that happen again.

Anyone else ever have the MS Blaster worm? What did you do to get rid of it? It would be nice to talk with someone else who had that hijack there system on them.

Aggie :D

#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 21 July 2004 - 12:00 PM

Yeah i've got the blaster :worm: a year ago I think.

It was hard to get rid of him (her?). But now i'm feed with the following knowledge:

If you have the Blaster worm or Sasser worm on the computer, you may go to Start - Run, and type there: shutdown -a. Now your computer shouldn't reboot until you've found a fix for the worm.

Edited by H@ns, 21 July 2004 - 12:00 PM.

Nucia Security Forums - Dutch Anti-Malware Support

#3 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 21 July 2004 - 08:41 PM

I got the Blaster as soon as I installed XP and went online to get the M$ updates. :techsupport:

AVG caught it immediately but was unable to clean it completely - the PC kept rebooting even after AVG reported no more trace of the Blaster. I even ran the Symantec tool, and got the exact same result.

So I got my sister to download the patches and removal tools for Blaster from M$ on her own PC and put them on a Zip disk for me, then applied the patches, ran AVG again for good measure, activated the XP firewall and that was it. The Blaster was finally dead and gone. :thumbsup:

I confess I was a little disappointed to see this mishap occur right before my eyes just after I'd installed XP, and was ready to switch back to 98 SE (but in the end stuck with it and installed 98 SE on a second PC, used mostly for testing purposes). :p

R. :wave:

Edited by rosso_acido, 21 July 2004 - 08:58 PM.

I am the iron anchor.

#4 Egon_Freeman

Egon_Freeman

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 09 August 2004 - 07:29 AM

The MS Blast worm attacks RPC [Remote Procedure Call], so a quick-fix would be to set it in System Services to auto-restart the procedure [service] every time it's shut down (however it doesn't protect You anyways, it just makes sure You won't get the restart in the next two-three minutes so You have the time to download the patch and apply it). Also, the "shutdown -a" command is helpful. If someone doesn't know this - shutdown command controls the system shutdown on NT-based OS'es.

The best thing is to keep the patch ready on a CD and apply it right after a fresh install, even before going onto the internet. I usually keep my net unplugged physically [unplug the cable ;-)] before applying this patch. It's not that hard for me to do it, since I have every possible version of the patch available for English and Polish languages on my website for download, and thus on any website-backup CD. ;-)

Edited by Egon_Freeman, 09 August 2004 - 07:31 AM.


#5 DawsonV5

DawsonV5

    The Lurvely

  • Retired Staff - Helper
  • PipPipPip
  • 230 posts

Posted 21 August 2004 - 03:03 AM

Blaster worm got me aswell. Had me and a friend scratching our heads for a little while :scratchhead: Damn thing was annoying.

#6 Egon_Freeman

Egon_Freeman

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 06 March 2006 - 12:05 PM

I'm posting here even though this topic is prety much dead. I'm not trying to resurrect it, it's just that some people might find this in seek of information on how to remove the blaster worm.

The thing is, both blaster and sasser worms keep sending their propagation messages all the time, so it takes just one infected PC on a subnet for all of the unprotected computers to become infected within two or three seconds (and I'm talking about a class-C network). The only way to be sure is this:

a) go to the Microsoft site, browse their Knowledge Base for SASSER and BLASTER worms, download the patches for your operating system (it can be done on the same PC before the reformat, or at a freinds' PC / net cafe etc., but one must be sure to have the required storage space, I'd propose a pendrive or sth. because theose patches can be bigger than 1.4 MB);
b) reformat the PC (make a backup of all important data, y'know :p);
c) install Windows;
d) apply the patches (BOTH of them);
e) NOW connect to the internet to download other patches.

It's pretty much important to have these two patches ready at all times. ;-) You can also try and slipstream them into Your Windows installation disk (slipstreaming is incorporating patch file / service pack data into an existing Windows CD so that it all installs along with the system).

MS Blaster patch is listed in the Microsoft Knowledge Base as article KB823980, while MS Sasser is article KB835732.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button