Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Internet Worm Plaguing Computers Worldwide
Washington Post ^ | Brian Krebs

Posted on 08/12/2003 2:09:59 PM PDT by WaterDragon

A fast-spreading Internet worm infecting more than a million computers worldwide forced the Maryland Motor Vehicle Administration to shut its offices for the day and is causing problems for other computer networks in the Washington region. The worm, dubbed "Blaster" by security experts, is having a "sporadic" effect on federal agency networks, said a spokesman for the U.S. Department of Homeland Security......(snip) [Article is long but good]

(Excerpt) Read more at washingtonpost.com ...


TOPICS: Business/Economy; Crime/Corruption; Extended News; Foreign Affairs; Government; Miscellaneous; News/Current Events; War on Terror
KEYWORDS: computers; computervirus; crashes; denialofservice; download; microsoft; ms; msblast; patch; portal; servicesmsc; virus; vulnerable; worm
Navigation: use the links below to view more comments.
first 1-5051-100101-150151-200201-208 next last
My laptop was infected yesterday afternoon. Windows repeatedly crashed (Windows shut down, then rebooted itself. Each time had to reconnect to the internet. Would stay connected only about 10 or 15 minutes before crashing again). Finally, I got a request from Microsoft to 'report the error' which I did, and was then provided with a link to the patch. I downloaded the patch, just barely got it downloaded before the worm crashed me once again, and have had NO problem since! Whew!

I shoulda downloaded that patch when MS first notified me.

1 posted on 08/12/2003 2:09:59 PM PDT by WaterDragon
[ Post Reply | Private Reply | View Replies]

To: WaterDragon
Problem is that it has only been about 3-4 weeks since MS first made the patch available. Many companies run into difficulties here because patching an MS OS usually requires a reboot of the system and companies can sometimes only reboot their servers once a month, once a quarter or even once a year.
2 posted on 08/12/2003 2:11:25 PM PDT by xrp
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon
I maintain a local area network at a military installation. So far, no problems.
3 posted on 08/12/2003 2:12:08 PM PDT by Agnes Heep
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon
That's nothing! I got a counterfeit $20 bill!
4 posted on 08/12/2003 2:12:08 PM PDT by Lazamataz (PROUDLY POSTING WITHOUT READING THE ARTICLE SINCE 1999!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz
That's nothing! I got a counterfeit $20 bill!

I used to typeset a number of prominent numismatic journals which were always running stories about counterfeiting in the 19th century. I never ceased to be amazed at the inventive ways counterfeiters would use to get good money in exchange for bad. Incidentally, one of the terms used to describe counterfeiting was "shoving the queer." I wonder how that would play out nowadays?

5 posted on 08/12/2003 2:14:12 PM PDT by Agnes Heep
[ Post Reply | Private Reply | To 4 | View Replies]

To: WaterDragon

6 posted on 08/12/2003 2:15:01 PM PDT by South40 (Get Right Or Get Left)
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon
You still want to delete msblast.exe and change the registry.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:

"windows auto update"="msblast.exe"

7 posted on 08/12/2003 2:15:15 PM PDT by tallhappy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Agnes Heep
While I'm not up on David Copperfield, I fondly remember a 70's rock group, Uriah Heep, who used to rock the rafters. I was privileged to catch a performance in Nurnberg Germany about 1972. One song still sticks in my mind, "Woman in Black." (Or something close to that.)

Remembering makes me want to find the album that is probably totally out of print and non-recoverable. :>)

8 posted on 08/12/2003 2:18:37 PM PDT by xzins
[ Post Reply | Private Reply | To 3 | View Replies]

To: WaterDragon
The error message is part of the worm.

You may or may not have got the right patch.

Kill the msblast.exe process as soon as your machine starts. Get the latest Norton definitions via live update. Run the scan. It will find msblast.exe and any other files, if any, associated. It could be only msblast.exe.

Then get and install the patch.

www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

9 posted on 08/12/2003 2:18:37 PM PDT by tallhappy
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon
you have a link to the patch?
Is it needed for a PC running MS Win200pro?
10 posted on 08/12/2003 2:19:14 PM PDT by King Prout (people hear and do not listen, see and do not observe, speak without thought, post and not edit)
[ Post Reply | Private Reply | To 1 | View Replies]

To: King Prout
See 9
11 posted on 08/12/2003 2:21:25 PM PDT by tallhappy
[ Post Reply | Private Reply | To 10 | View Replies]

To: tallhappy
Screw that. Norton is made by Symantec which automatically blocks pro-conservative and pro-gun websites in its URL content filtering software.
12 posted on 08/12/2003 2:24:58 PM PDT by xrp
[ Post Reply | Private Reply | To 9 | View Replies]

To: King Prout
ANY Windows operating system.
13 posted on 08/12/2003 2:25:21 PM PDT by xrp
[ Post Reply | Private Reply | To 10 | View Replies]

To: xzins
Remembering makes me want to find the album that is probably totally out of print and non-recoverable. :>)

I wouldn't bet on that ...

14 posted on 08/12/2003 2:26:05 PM PDT by balrog666 (Against logic there is no armor like ignorance.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Agnes Heep
I used to typeset a number of prominent numismatic journals which were always running stories about counterfeiting in the 19th century. I never ceased to be amazed at the inventive ways counterfeiters would use to get good money in exchange for bad.

The problem is, these days they don't barely need to try hard. A deskjet, some heavy stock paper, and away they go.

And the stuff looks REAL! I have invested in a counterfeit detection pen and now use it on all bills, 10 and above, that I get.

15 posted on 08/12/2003 2:28:55 PM PDT by Lazamataz (PROUDLY POSTING WITHOUT READING THE ARTICLE SINCE 1999!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: xzins
"Lady in Black" The Heep is still quite available, even doing new stuff. Starting point:
http://www.amazon.com/exec/obidos/tg/detail/-/B000001F7H/qid=1060723843/sr=1-40/ref=sr_1_40/002-2166143-8350454?v=glance&s=music
16 posted on 08/12/2003 2:31:30 PM PDT by discostu (the train that won't stop going, no way to slow down)
[ Post Reply | Private Reply | To 8 | View Replies]

To: WaterDragon
Hah! My Atari 800 is IMMUNE !!
17 posted on 08/12/2003 2:33:38 PM PDT by Leroy S. Mort
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp
"Screw that. Norton is made by Symantec which automatically blocks pro-conservative and pro-gun websites in its URL content filtering software."


Not true by default for internet security pro 2003. You have to turn it on or indicate that you are a young kid (thus turning on all catagories).

Rest assured your foil hat will protect you from the gun control of Symantec!
18 posted on 08/12/2003 2:35:30 PM PDT by KansasConservative1
[ Post Reply | Private Reply | To 12 | View Replies]

To: discostu
bump
19 posted on 08/12/2003 2:35:56 PM PDT by Ronin (Qui tacet consentit!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: WaterDragon
That was an excellent excuse to slack off all morning at work! Thank you Microsoft!
20 posted on 08/12/2003 2:36:18 PM PDT by Revolting cat! (Go ahead, make my day and re-state the obvious! Again!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

21 posted on 08/12/2003 2:37:44 PM PDT by Timesink
[ Post Reply | Private Reply | To 15 | View Replies]

To: xrp
One would assume that Freepers would be smart enough to keep up on critical updates and avoid Symantic products with the exception of Norton Anti-Virus . . .

Well, I guess not!
22 posted on 08/12/2003 2:37:57 PM PDT by kipj
[ Post Reply | Private Reply | To 12 | View Replies]

To: tallhappy
YUP...
23 posted on 08/12/2003 2:38:13 PM PDT by antivenom (BEING OFFENDED means never having to answer an argument)
[ Post Reply | Private Reply | To 7 | View Replies]

To: discostu
it screwed up yahoo,and other mail sites,

you dont need to pay,look up AVG free virus
24 posted on 08/12/2003 2:38:19 PM PDT by wiseone
[ Post Reply | Private Reply | To 16 | View Replies]

To: tallhappy
Last night I ran Spybot a couple of times, and it pulled up several of the HKEY....registries. I deleted them all!

I'm not sure I know how to do what you suggest.
25 posted on 08/12/2003 2:38:39 PM PDT by WaterDragon (America the beautiful, I love this nation of immigrants.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ronin
Last night I updated everything off the Windows Japan site, which Microsoft (in their benign tyranny) insists on directing me to because I have the Japanese XP installed.

It was a total of 10 updates, one of whom I sincerely hope was the patch.

I also set the XP firewall. Hopefully, I am covered now.
26 posted on 08/12/2003 2:39:52 PM PDT by Ronin (Qui tacet consentit!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: tallhappy
Folks who want to do this...

Go the START button...select RUN...enter Regedit....you will see the

HKEY_LOCAL_MACHINE

Do a EDIT -> FIND

type in msblast.exe

get rid of it if it is in your registry

27 posted on 08/12/2003 2:40:24 PM PDT by antivenom (BEING OFFENDED means never having to answer an argument)
[ Post Reply | Private Reply | To 7 | View Replies]

To: tallhappy
I don't think the error message was part of the worm. My computer stopped crashing once I downloaded the patch at Microsoft's url.
28 posted on 08/12/2003 2:46:04 PM PDT by WaterDragon (America the beautiful, I love this nation of immigrants.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: antivenom
For us real computer dummies .... how do we get rid of it if we find it? Just highlight it and delete?
29 posted on 08/12/2003 2:47:47 PM PDT by kayak (God bless President Bush, our military, and our nation!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: South40
Reminds me off old joke we've all heard.

Punchline: And the drunk says "Preacher, it proves if you drink whiskey you won't get worms."

30 posted on 08/12/2003 2:48:02 PM PDT by oyez
[ Post Reply | Private Reply | To 6 | View Replies]

To: WaterDragon

"I didn't do it, nobody saw me do it, you can't prove anything!"

31 posted on 08/12/2003 2:48:12 PM PDT by Revolting cat! (Go ahead, make my day and re-state the obvious! Again!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Leroy S. Mort
Pause for the obligatory 'Macs hardly ever get hit with viruses' post

Please resume venting your frustrations at Microsoft. :-}

32 posted on 08/12/2003 2:48:44 PM PDT by Vermonter
[ Post Reply | Private Reply | To 17 | View Replies]

To: kayak
Detailed instructions:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

33 posted on 08/12/2003 2:50:45 PM PDT by TheBigB (Some say shoot to kill. Others say shoot to maim. I say empty the f'n clip and let God make the call)
[ Post Reply | Private Reply | To 29 | View Replies]

To: WaterDragon
Muttly has been known to eat worms.

Never tried a Digital one, though.

Yet.
34 posted on 08/12/2003 2:52:31 PM PDT by PoorMuttly (A Muttly Bribed is a Muttly Earned)
[ Post Reply | Private Reply | To 1 | View Replies]

To: tallhappy
Question: I did a search of my registry and found MSBlast.exe in the registry, but not anywhere else. The search of the registry for "msblast.exe" brought up the following:

ab(default) (value not set)

ab a ""

ab b "temp"

ab c "msblast.exe"

ab MRUList "Cab"

What do I do with these?

Your help would be appreciated.

35 posted on 08/12/2003 2:56:54 PM PDT by RayBob
[ Post Reply | Private Reply | To 7 | View Replies]

To: WaterDragon
bttt
36 posted on 08/12/2003 3:02:03 PM PDT by Dante3
[ Post Reply | Private Reply | To 1 | View Replies]

To: antivenom
Thank you. Your post gave me peace of mind. I followed your instructions and msblast.exe did not appear in the registry. But I wouldn't have known without following your instructions.
37 posted on 08/12/2003 3:02:36 PM PDT by Enterprise
[ Post Reply | Private Reply | To 27 | View Replies]

To: Lazamataz
That's nothing! I got a counterfeit $20 bill!

A friend of mine was busted for passing a counterfeit $100 dollar bill at Wal-Mart. Turns out the bill was not counterfeit, just old. He spent the night in jail, though.

38 posted on 08/12/2003 3:05:39 PM PDT by San Jacinto
[ Post Reply | Private Reply | To 4 | View Replies]

Comment #39 Removed by Moderator

To: WaterDragon
bump-for rubber-neckers
40 posted on 08/12/2003 3:11:35 PM PDT by Danette (Bush 2004)
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp; WaterDragon
Affects only Nt4, 2000 and XP. 95 and 98 are safe.
41 posted on 08/12/2003 3:15:15 PM PDT by 6ppc
[ Post Reply | Private Reply | To 13 | View Replies]

To: WaterDragon
Do a Start, Search, Find MSblast.exe.

I bet you have it.
42 posted on 08/12/2003 3:24:09 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 28 | View Replies]

To: San Jacinto
Back in the seventies, my husband cashed his paycheck at the bank. He had NO money in his wallet before going to the bank, and came straight home. He handed me housekeeping money and I noticed that one of the twenties did not have "In God we trust" on it. He immediately returned to the bank and without telling them a thing, exchanged that twenty for two tens. I suppose it was risky, but he was SO incensed at being given a counterfeit bill BY THE BANK! LOL!
43 posted on 08/12/2003 3:24:59 PM PDT by WaterDragon (America the beautiful, I love this nation of immigrants.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: kayak
Go here:

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

and get the worm removal tool.

Follow the directions EXACTLY.
44 posted on 08/12/2003 3:25:31 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Enterprise
You can also do a CONTROL/ALT/DELETE to bring up what Windows Task thingy.

If you've got it, it will be there.
45 posted on 08/12/2003 3:27:02 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Danette
And thank YOU for asking your question on the other thread; my niece had the same thing your son did, so I just followed along!

:-)
46 posted on 08/12/2003 3:28:04 PM PDT by Howlin (If we don't post, will he exist?)
[ Post Reply | Private Reply | To 40 | View Replies]

To: WaterDragon
I noticed that one of the twenties did not have "In God we trust" on it.

Didn't you see that story about the freak twenty dollar bill? Back in the seventies a hippie type worked at the Denver mint. He blocked out the "in God We Trust" stamp on a run of bills. He was caught and almost none of the bills made it out of the mint. The few that made it into circulation are quite valuable, though. There are thought to be less than ten of the bills in existence and each one has an estimated value of $6 million dollars.

Don't forget to read my tagline.

47 posted on 08/12/2003 3:37:15 PM PDT by San Jacinto (just joking)
[ Post Reply | Private Reply | To 43 | View Replies]

To: WaterDragon
my laptop was also infected yesterday every time I tried to do a virus scan to find my infected files my system would restart it took me about 8 hours to complete a virus scan so my mcafee could clean them up
48 posted on 08/12/2003 3:44:20 PM PDT by TheRedSoxWinThePennant
[ Post Reply | Private Reply | To 1 | View Replies]

To: WaterDragon
My home computer has it. So you just download the patch and it takes care of the problem? Does it include instructions on how to execute it?
49 posted on 08/12/2003 3:46:22 PM PDT by GSWarrior
[ Post Reply | Private Reply | To 1 | View Replies]

To: GSWarrior
The patch stopped the crashes. As is noted in this thread, I guess I still have to hunt down the registry to get it completely out of my computer.
50 posted on 08/12/2003 3:49:32 PM PDT by WaterDragon (America the beautiful, I love this nation of immigrants.)
[ Post Reply | Private Reply | To 49 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-150151-200201-208 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson