just to give you who haven't heard- UPDATE YOUR VIRUS SCANNING SOFTWARE! I got hit last night by the MSBLAST.EXE worm, and it was a bugger to get rid of it. I was lazy and hadn't updated my scan files for 12 days and the virus came out 12 days ago...doh!! MOst of the major companies have had an update out for 2 or 3 days now, and everyone I talk to is getting hammered by this bug...
-------------------- Steve Burke Cascades Inc NS Canada
If at first you don't succeed, skydiving isn't for you Posts: 359 | From: NS Canada | Registered: Jan 2002
| IP: Logged |
posted
Thanks (I guess)Steve Does this mean that when I turn on my puter and go to letterhead.com I will get this virus? or are you speaking of some sort of non business fuctions like electronic mail?
-------------------- PKing is Pat King The Professor of SIGNOLOGY Posts: 3113 | From: Pompano Beach, FL. USA | Registered: Nov 1998
| IP: Logged |
posted
Basically what I have heard (and this might be completely wrong. But it travels along the internet from computer to computer somehow. I don't think it does any damage but it is suppossed to attack a Microsoft site on August 16th. There is a patch that you can download to get rid of it. That's all I really know maybe someone can clear it up better.
-------------------- TJ Duvall Diamond State Graphics, Inc.
New Castle, DE 19720 Posts: 396 | From: New Castle,Delaware | Registered: Jul 2002
| IP: Logged |
It will shut down your machine and make it difficult to get it started again. best way to avoid it is got MS and get the patches for the OS you use. IT attacks any WIN NT XP machine thru port 135 from outside. So, i fyou are on broadband and do not have a router , you better get one fast. This is just the start of port attacks on NT software (XP). If you have a router between your machine and internet you likely will be protected if you close all ports that you do not need to have open. You only have 64,0000 of them available.. goto: http://www.cert.org/advisories and look up the blaster worm. it has several other names too.
norton may have this fix too.. have not looked yet..
good luck.. and this is another reason I really like to run my win98se..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
i was just there at microsoft security....and tried to d/l patch. but there is such a run on it right now it was slower then my old 9600 bps modem...ill try later after midnite....should be easier to d/l.
-------------------- joe pribish-A SIGN MINT 2811 longleaf Dr. pensacola, fl 32526 850-637-1519 BEWARE THE TRUTH.....YOU MAY NOT LIKE WHAT YOU FIND Posts: 11582 | From: pensacola, fl. usa | Registered: Nov 1998
| IP: Logged |
posted
Just downloaded the latest virus definitions from Norton, dated 8-11-03, & the "msblast" isn't on the list. Since I'm running w98se, should I be concerned? Did a search & found no info to whether its a real virus or a hoax. (didn't try the links referred to above & if I don't have to I probably wont)
Its been over 2 hours since I posted. Is it ok to edit? Now its on the front page when logged on to juno, an article at Nytimes (I think), explaining this virus. A link to microsoft technet has list of affected systems which are all newer than ME. Lists ME as not infected but doesn't list lower versions. Is that good or bad?
[ August 12, 2003, 08:13 PM: Message edited by: Bill Cosharek ]
-------------------- Bill Cosharek Bill Cosharek Signs N.Huntingdon,Pa
bcosharek@juno.com Posts: 704 | From: N.Huntingdon, Pa, USA | Registered: Dec 1999
| IP: Logged |
As I posted above. Only NT based machines (NT, win 2k, & XP, and 2003 server) are vulnerable. Win 98 SE does not use RCP stuff..(MS Network Messenger)
M$ has a patch ready and is available. The ones being attacked are the ones who did not do an update last week.
Also M$ is under attack This worm is a denial of services attack on M$. Their site addres is temporarily set to 0,0,0,0 for protection. So you may not be able to get in to get the patch .
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
HEY!!! I'm running Win98SE and was greeted this morning by a Norton window saying that it had caught it and that it was in Quarentine! Did it mutate to attack Win98SE?
-------------------- Si Allen #562 La Mirada, CA. USA
(714) 521-4810
si.allen on Skype
siallen@dslextreme.com
"SignPainters do It with Longer Strokes!"
Never mess with your profile while in a drunken stupor!!!
Brushasaurus on Chat Posts: 8831 | From: La Mirada, CA, USA | Registered: Nov 1998
| IP: Logged |
posted
It got me through my DSL. I'm ok using dialup. I'm downloading a patch right now. Every time I reconnect the DSL line it shuts down the computer and restarts over and over and over.
-------------------- Dennis Goddard
Gibsonton Fl Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000
| IP: Logged |
posted
You may have been probed Si. but not infected. it need RCP services used in NT rpoducts..
No worries. unles u use NT services..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
Step 1 Disconnect from the web ENTIRELY. This is to prevent re-infection until the system is clean.
Step 2 There are 2 steps to remove the virus, you have to accomplish both to completely remove the virus from your system.
#1 Go to the Task Manager (Ctrl-Alt-Delete), go to PROCESSES. Under the processes option, you will find a process named MSBLAST.EXE. End the process by highlighting MSBLAST.EXE and hitting End Process in the lower right corner. Now you can easily delete the MSBLAST executable. You can find it by searching on the C: Drive for MSBLAST.exe or you can go to C:\WINDOWS\SYSTEM32 and delete MSBLAST.exe from there.
NOW
#2 Go to <START>, then <RUN> and type MSCONFIG in the run line. Click OK. This will bring up the system configuration utility. Go to the Startup Tab, where you will find MSBLAST.EXE running." Uncheck the box next to "MSBLAST.EXE" and click ok. It will then ask to restart the machine, which you want to do.
OK then. Go to Microsoft.com and update the new patch. You will see what I mean when you get there.
Tried it, haven't checked if it fixed it. Will check after downloading patches.
-------------------- Dennis Goddard
Gibsonton Fl Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000
| IP: Logged |
posted
I don't think you have anything to worry about, I have been on holiday, and my annual renewal came up last month, and I didn't fix it until yesterday, but for me it was too late. I got MSblast, but went straight in to Symantecs website downloaded the fixtool and it says everything is OK, after you have downloaded the fix it directs you to microsoft, and the download for the patch.
So having been there and come out the otherside OK, I wouldn't worry too much.
I will in future update my NOrton AV when it runs out and not wait a couple of weeks though
posted
I finally got the download that night from Microsoft- OP, it took me 2 hours for a 36 MB file (that update plus 26 other ones, most related to security issues)!!!...so yeah I guess a lot of people were frantically trying to download the same thing!!
PAt- I don't know where I got it. My wife was checking a bunch of job search websites, so I suspect it got in then. I don't know a lot about how long it takes them to activate, or how they get sucked in. I was playing an online game when it first started shutting me down, so maybe the game server was giving it to everyone logged in? Some of the more software-savvy guys can probably say where it's getting in.
Apparently it also runs a command that tries to prevent you logging onto Microsoft's update web page (clever bugger, eh?). The update will totally fix it. As for my config files, I didn't change that, but a website told me to go into my registry and delete the reference there.Also, it tries to stop your computer from recognizing good info coming in from bad, opening you up to further attacks.
Don- evidently Macs are immune from these nefarious attacks. They all take advantage of some loophole in Windows (quite a few of them judging by the 27 updates I installed). Macs don't have the same type of vulnerability.
-------------------- Steve Burke Cascades Inc NS Canada
If at first you don't succeed, skydiving isn't for you Posts: 359 | From: NS Canada | Registered: Jan 2002
| IP: Logged |
posted
You get this type of attack thru an open ports. This case port #135. Whenever you operate windows there are 64,000 ports open to the world through the internet so your computer can perform certain functions. You must close all unused ports.
To stop these attacks you will need a firewall such as Zone Alarm and get a router between you and the internet. Zone alarm closes the ports and the router makes you invisible to the net.
Once you install Zone Alarm you will be shocked to see just how much traffic there is probing your machine when your are online.
This is just the begining of this type of attack. A firewall and router is your protection before the attack gets to you,,, the Anti Virus is to protect you after the attack enters your machine.
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
ALERT! On Friday August 1, many of our customers started receiving email with an attachment that contains the worm virus "W32.Mimail.A". These emails typically say "your account" in the subject line and read as follows,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
This is obviously a trick. There is nothing wrong with your email address and Email addresses do not expire!
Please update your Virus Protection software and also update your Windows operating system with Windows Update at the Microsoft website. The new virus attacks a vulnerability in all Windows operating systems.
Dear Charter Customer: As you may have heard on the news, many Internet users are experiencing problems with their computers shutting down abruptly. This is not a problem with Charter Pipeline service. It is the result of a computer vulnerability and is being experienced by computer users around the world. It is due to a computer worm that scans computers checking to see if port 135 is open. If so, the worm takes advantage of the computer and shuts it down.
If your computer has not been infected, you should go to one of the web sites shown below to update your anti-virus software or install a patch to prevent infection.
Here is a Microsoft bulletin regarding this vulnerability:
If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):
Unplug modem. Restart computer. Go to Start / Search / For Files and Folders. Confirm that Look in is set for C: drive. Search for files and folders named: "MSBLAST.exe" When computer finds the msblast file(s), right click on the file names and delete all copies of the file. Shut down the machine. Plug the modem back in. Restart the machine. Go directly to one of the web sites above and install the patch and/or update. Please do not reply to this email. It is for informational purposes only. Sincerely,
Charter Communications
These are two letters I received from my domain host and ISP on the subject.
posted
Got it...downloaded the patch...downloaded the removal program from Norton..ran the patch..ran the removal program...1 hr later I no longer am infected.
Pretty easy fix, in my view.
-------------------- Dave Grundy retired in Chelem,Yucatan,Mexico/Hensall,Ontario,Canada 1-519-262-3651 Canada 011-52-1-999-102-2923 Mexico cell 1-226-785-8957 Canada/Mexico home
posted
Unplugged my DSL and logged on by dialup. Went to symantec.com and downloaded the removal. Ran it and then it sent me to microsoft.com for the patch. Hooked the DSL back up, works great.
-------------------- Dennis Goddard
Gibsonton Fl Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000
| IP: Logged |
posted
So does it or doesn't it affect "Windows '98".??
-------------------- Drane Signs Sunshine Coast Nambour, Qld. dranesigns@bigpond.com Downunder "To err is human, but to really foul things up requires a computer" Posts: 965 | From: Nambour, Qld. Australia | Registered: Nov 1998
| IP: Logged |
-------------------- Dave Grundy retired in Chelem,Yucatan,Mexico/Hensall,Ontario,Canada 1-519-262-3651 Canada 011-52-1-999-102-2923 Mexico cell 1-226-785-8957 Canada/Mexico home
posted
AS I posted above, this variant will not infect win 98 because you do not use RCP services,,
However, there is a mutant variation comming back around that will attack win98 machines. It has a different name.
This is just the begginning of port style attacks. There is much discusion on certain "security" boards about the newest ways to attack M$ operating systems.
Your protection is the following.. Firewall. (Zone Alarm free) ..Closes yor access ports. And alerts you ask if you want to allow something tries to accces the net. Router.. Stealths your machine from the net Anti virus,, protects if something does get thru..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
-------------------- Bill Modzel Mod-Zel screen Printing Traverse city, MI modzel@sbcglobal.net Posts: 1358 | From: Traverse City, MI | Registered: Nov 1998
| IP: Logged |
The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures in the body of the worm.
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
I guess there is some merit to be still using Win98.....
Also, I no longer use an email account like Incredimail or Outlook Express...I use a remote email account like Hotmail or MSN....I'm assuming this will keep me from getting a virus (unless I download something to my computer right?)
posted
yes, not using Outlook or outlook express is a great way to avoid email virii.. Lots of virii are done thru email and exploit M$'s lack of security. Outlook has some features that allow virii to come through..
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |