Internet Worm Plaguing Computers Worldwide

Washington Post ^ | Brian Krebs

[WaterDragon]

A fast-spreading Internet worm infecting more than a million computers worldwide forced the Maryland Motor Vehicle Administration to shut its offices for the day and is causing problems for other computer networks in the Washington region. The worm, dubbed "Blaster" by security experts, is having a "sporadic" effect on federal agency networks, said a spokesman for the U.S. Department of Homeland Security......(snip) [Article is long but good]

[WaterDragon]

My laptop was infected yesterday afternoon. Windows repeatedly crashed (Windows shut down, then rebooted itself. Each time had to reconnect to the internet. Would stay connected only about 10 or 15 minutes before crashing again). Finally, I got a request from Microsoft to 'report the error' which I did, and was then provided with a link to the patch. I downloaded the patch, just barely got it downloaded before the worm crashed me once again, and have had NO problem since! Whew!

I shoulda downloaded that patch when MS first notified me.

[xrp]

Problem is that it has only been about 3-4 weeks since MS first made the patch available. Many companies run into difficulties here because patching an MS OS usually requires a reboot of the system and companies can sometimes only reboot their servers once a month, once a quarter or even once a year.

[Agnes Heep]

I maintain a local area network at a military installation. So far, no problems.

[Lazamataz]

That's nothing! I got a counterfeit $20 bill!

[Agnes Heep]

That's nothing! I got a counterfeit $20 bill!

I used to typeset a number of prominent numismatic journals which were always running stories about counterfeiting in the 19th century. I never ceased to be amazed at the inventive ways counterfeiters would use to get good money in exchange for bad. Incidentally, one of the terms used to describe counterfeiting was "shoving the queer." I wonder how that would play out nowadays?

[South40]

[tallhappy]

You still want to delete msblast.exe and change the registry.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:

"windows auto update"="msblast.exe"

[xzins]

While I'm not up on David Copperfield, I fondly remember a 70's rock group, Uriah Heep, who used to rock the rafters. I was privileged to catch a performance in Nurnberg Germany about 1972. One song still sticks in my mind, "Woman in Black." (Or something close to that.)

Remembering makes me want to find the album that is probably totally out of print and non-recoverable. :>)

[tallhappy]

The error message is part of the worm.

You may or may not have got the right patch.

Kill the msblast.exe process as soon as your machine starts. Get the latest Norton definitions via live update. Run the scan. It will find msblast.exe and any other files, if any, associated. It could be only msblast.exe.

Then get and install the patch.

www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

[King Prout]

you have a link to the patch?
Is it needed for a PC running MS Win200pro?

[tallhappy]

See 9

[xrp]

Screw that. Norton is made by Symantec which automatically blocks pro-conservative and pro-gun websites in its URL content filtering software.

[xrp]

ANY Windows operating system.

[balrog666]

Remembering makes me want to find the album that is probably totally out of print and non-recoverable. :>)

I wouldn't bet on that ...

[Lazamataz]

I used to typeset a number of prominent numismatic journals which were always running stories about counterfeiting in the 19th century. I never ceased to be amazed at the inventive ways counterfeiters would use to get good money in exchange for bad.

The problem is, these days they don't barely need to try hard. A deskjet, some heavy stock paper, and away they go.

And the stuff looks REAL! I have invested in a counterfeit detection pen and now use it on all bills, 10 and above, that I get.

[discostu]

"Lady in Black" The Heep is still quite available, even doing new stuff. Starting point:
http://www.amazon.com/exec/obidos/tg/detail/-/B000001F7H/qid=1060723843/sr=1-40/ref=sr_1_40/002-2166143-8350454?v=glance&s=music

[Leroy S. Mort]

Hah! My Atari 800 is IMMUNE !!

[KansasConservative1]

"Screw that. Norton is made by Symantec which automatically blocks pro-conservative and pro-gun websites in its URL content filtering software."


Not true by default for internet security pro 2003. You have to turn it on or indicate that you are a young kid (thus turning on all catagories).

Rest assured your foil hat will protect you from the gun control of Symantec!

[Ronin]

bump

[Revolting cat!]

That was an excellent excuse to slack off all morning at work! Thank you Microsoft!

[Timesink]

[kipj]

One would assume that Freepers would be smart enough to keep up on critical updates and avoid Symantic products with the exception of Norton Anti-Virus . . .

Well, I guess not!

[antivenom]

YUP...

[wiseone]

it screwed up yahoo,and other mail sites,

you dont need to pay,look up AVG free virus

[WaterDragon]

Last night I ran Spybot a couple of times, and it pulled up several of the HKEY....registries. I deleted them all!

I'm not sure I know how to do what you suggest.

[Ronin]

Last night I updated everything off the Windows Japan site, which Microsoft (in their benign tyranny) insists on directing me to because I have the Japanese XP installed.

It was a total of 10 updates, one of whom I sincerely hope was the patch.

I also set the XP firewall. Hopefully, I am covered now.

[antivenom]

Folks who want to do this...

Go the START button...select RUN...enter Regedit....you will see the

HKEY_LOCAL_MACHINE

Do a EDIT -> FIND

type in msblast.exe

get rid of it if it is in your registry

[WaterDragon]

I don't think the error message was part of the worm. My computer stopped crashing once I downloaded the patch at Microsoft's url.

[kayak]

For us real computer dummies .... how do we get rid of it if we find it? Just highlight it and delete?

[oyez]

Reminds me off old joke we've all heard.

Punchline: And the drunk says "Preacher, it proves if you drink whiskey you won't get worms."

[Revolting cat!]

"I didn't do it, nobody saw me do it, you can't prove anything!"

[Vermonter]

Pause for the obligatory 'Macs hardly ever get hit with viruses' post

Please resume venting your frustrations at Microsoft. :-}

[TheBigB]

Detailed instructions:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

[PoorMuttly]

Muttly has been known to eat worms.

Never tried a Digital one, though.

Yet.

[RayBob]

Question: I did a search of my registry and found MSBlast.exe in the registry, but not anywhere else. The search of the registry for "msblast.exe" brought up the following:

ab(default) (value not set)

ab a ""

ab b "temp"

ab c "msblast.exe"

ab MRUList "Cab"

What do I do with these?

Your help would be appreciated.

[Dante3]

bttt

[Enterprise]

Thank you. Your post gave me peace of mind. I followed your instructions and msblast.exe did not appear in the registry. But I wouldn't have known without following your instructions.

[San Jacinto]

That's nothing! I got a counterfeit $20 bill!

A friend of mine was busted for passing a counterfeit $100 dollar bill at Wal-Mart. Turns out the bill was not counterfeit, just old. He spent the night in jail, though.

[Danette]

bump-for rubber-neckers

[6ppc]

Affects only Nt4, 2000 and XP. 95 and 98 are safe.

[Howlin]

Do a Start, Search, Find MSblast.exe.

I bet you have it.

[WaterDragon]

Back in the seventies, my husband cashed his paycheck at the bank. He had NO money in his wallet before going to the bank, and came straight home. He handed me housekeeping money and I noticed that one of the twenties did not have "In God we trust" on it. He immediately returned to the bank and without telling them a thing, exchanged that twenty for two tens. I suppose it was risky, but he was SO incensed at being given a counterfeit bill BY THE BANK! LOL!

[Howlin]

Go here:

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

and get the worm removal tool.

Follow the directions EXACTLY.

[Howlin]

You can also do a CONTROL/ALT/DELETE to bring up what Windows Task thingy.

If you've got it, it will be there.

[Howlin]

And thank YOU for asking your question on the other thread; my niece had the same thing your son did, so I just followed along!

:-)

[San Jacinto]

I noticed that one of the twenties did not have "In God we trust" on it.

Didn't you see that story about the freak twenty dollar bill? Back in the seventies a hippie type worked at the Denver mint. He blocked out the "in God We Trust" stamp on a run of bills. He was caught and almost none of the bills made it out of the mint. The few that made it into circulation are quite valuable, though. There are thought to be less than ten of the bills in existence and each one has an estimated value of $6 million dollars.

Don't forget to read my tagline.

[TheRedSoxWinThePennant]

my laptop was also infected yesterday every time I tried to do a virus scan to find my infected files my system would restart it took me about 8 hours to complete a virus scan so my mcafee could clean them up

[GSWarrior]

My home computer has it. So you just download the patch and it takes care of the problem? Does it include instructions on how to execute it?

[WaterDragon]

The patch stopped the crashes. As is noted in this thread, I guess I still have to hunt down the registry to get it completely out of my computer.