Letterville Bull Board Letterville | Bull Board
 


 

Front Page
A Letterhead History
About Us
Become A Resident
Edit Your Database Info
Find A Letterhead

Letterville Merchants
Resident Downloads
Letterville BookShop
Future Live Meets
Past Meets
Step-By-Steps
Past Panel Swaps
Past SOTM
Letterhead Profiles
Business Cards
Become A Merchant

Click on the button
below to chat with other
Letterville users.

http://www.letterville.com/ubb/chaticon.gif

Steve & Barb Shortreed
144 Hill St., E.
Fergus, ON, Canada
N1M 1G9

Phone: 519-787-2892
Fax: 519-787-2673
Email: barb@letterville.com

Copyright ©1995-2008
The Letterhead Website

 

 

The Letterville BullBoard   
my profile login | search | faq | calendar | im | forum home

  next oldest topic   next newest topic
» The Letterville BullBoard » Old Archives » New Virus alert

 - UBBFriend: Email this page to someone!    
Author Topic: New Virus alert
Steve Burke
Visitor
Member # 2674

Icon 1 posted      Profile for Steve Burke   Author's Homepage   Email Steve Burke       Edit/Delete Post 
Hey all,

just to give you who haven't heard- UPDATE YOUR VIRUS SCANNING SOFTWARE! I got hit last night by the MSBLAST.EXE worm, and it was a bugger to get rid of it. I was lazy and hadn't updated my scan files for 12 days and the virus came out 12 days ago...doh!! MOst of the major companies have had an update out for 2 or 3 days now, and everyone I talk to is getting hammered by this bug...

--------------------
Steve Burke
Cascades Inc
NS Canada

If at first you don't succeed, skydiving isn't for you

Posts: 359 | From: NS Canada | Registered: Jan 2002  |  IP: Logged | Report this post to a Moderator
PKing
Deceased


Member # 337

Icon 16 posted      Profile for PKing         Edit/Delete Post 
Thanks (I guess)Steve
Does this mean that when I turn on my puter and go to letterhead.com I will get this virus?
or are you speaking of some sort of non business
fuctions like electronic mail?

--------------------
PKing is
Pat King
The Professor of
SIGNOLOGY

Posts: 3113 | From: Pompano Beach, FL. USA | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
TJ Duvall
Visitor
Member # 3133

Icon 1 posted      Profile for TJ Duvall   Author's Homepage   Email TJ Duvall   Send New Private Message       Edit/Delete Post 
Basically what I have heard (and this might be completely wrong. But it travels along the internet from computer to computer somehow. I don't think it does any damage but it is suppossed to attack a Microsoft site on August 16th. There is a patch that you can download to get rid of it. That's all I really know maybe someone can clear it up better.

--------------------
TJ Duvall
Diamond State Graphics, Inc.

New Castle, DE 19720

Posts: 396 | From: New Castle,Delaware | Registered: Jul 2002  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
It is a bad one

It will shut down your machine and make it difficult to get it started again.
best way to avoid it is got MS and get the patches for the OS you use.
IT attacks any WIN NT XP machine thru port 135 from outside. So, i fyou are on broadband and do not have a router , you better get one fast. This is just the start of port attacks on NT software (XP). If you have a router between your machine and internet you likely will be protected if you close all ports that you do not need to have open.
You only have 64,0000 of them available..
goto:
http://www.cert.org/advisories
and look up the blaster worm. it has several other names too.

However if you get it.. there is a fix available

download.nai.com/products/mcafee-avert/stinger.exe

norton may have this fix too.. have not looked yet..

good luck.. and this is another reason I really like to run my win98se..

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
old paint
Visitor
Member # 549

Icon 1 posted      Profile for old paint   Email old paint   Send New Private Message       Edit/Delete Post 
i was just there at microsoft security....and tried to d/l patch. but there is such a run on it right now it was slower then my old 9600 bps modem...ill try later after midnite....should be easier to d/l.

--------------------
joe pribish-A SIGN MINT
2811 longleaf Dr.
pensacola, fl 32526
850-637-1519
BEWARE THE TRUTH.....YOU MAY NOT LIKE WHAT YOU FIND

Posts: 11582 | From: pensacola, fl. usa | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Bill Cosharek
Resident


Member # 1274

Icon 1 posted      Profile for Bill Cosharek   Email Bill Cosharek   Send New Private Message       Edit/Delete Post 
Just downloaded the latest virus definitions from Norton, dated 8-11-03, & the "msblast" isn't on the list. Since I'm running w98se, should I be concerned? Did a search & found no info to whether its a real virus or a hoax.
(didn't try the links referred to above & if I don't have to I probably wont)

Its been over 2 hours since I posted. Is it ok to edit? Now its on the front page when logged on to juno, an article at Nytimes (I think), explaining this virus. A link to microsoft technet has list of affected systems which are all newer than ME. Lists ME as not infected but doesn't list lower versions. Is that good or bad?

[ August 12, 2003, 08:13 PM: Message edited by: Bill Cosharek ]

--------------------
Bill Cosharek
Bill Cosharek Signs
N.Huntingdon,Pa

bcosharek@juno.com

Posts: 704 | From: N.Huntingdon, Pa, USA | Registered: Dec 1999  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
Win 98 has no worries over this one

As I posted above. Only NT based machines (NT, win 2k, & XP, and 2003 server) are vulnerable.
Win 98 SE does not use RCP stuff..(MS Network Messenger)

M$ has a patch ready and is available. The ones being attacked are the ones who did not do an update last week.

Also M$ is under attack This worm is a denial of services attack on M$. Their site addres is temporarily set to 0,0,0,0 for protection. So you may not be able to get in to get the patch .

Its oficially called w32.blaster or lovsan..

[ August 12, 2003, 08:28 PM: Message edited by: Curtis hammond ]

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
Si Allen
Resident


Member # 420

Icon 4 posted      Profile for Si Allen   Email Si Allen   Send New Private Message       Edit/Delete Post 
HEY!!! I'm running Win98SE and was greeted this morning by a Norton window saying that it had caught it and that it was in Quarentine! Did it mutate to attack Win98SE?

[Confused]

--------------------
Si Allen #562
La Mirada, CA. USA

(714) 521-4810

si.allen on Skype

siallen@dslextreme.com

"SignPainters do It with Longer Strokes!"

Never mess with your profile while in a drunken stupor!!!

Brushasaurus on Chat

Posts: 8831 | From: La Mirada, CA, USA | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
goddinfla
Visitor
Member # 1502

Icon 1 posted      Profile for goddinfla   Email goddinfla   Send New Private Message       Edit/Delete Post 
It got me through my DSL. I'm ok using dialup. I'm downloading a patch right now. Every time I reconnect the DSL line it shuts down the computer and restarts over and over and over.

--------------------
Dennis Goddard

Gibsonton Fl

Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
You may have been probed Si. but not infected. it need RCP services used in NT rpoducts..

No worries. unles u use NT services.. [Smile]

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
goddinfla
Visitor
Member # 1502

Icon 1 posted      Profile for goddinfla   Email goddinfla   Send New Private Message       Edit/Delete Post 
Found this "cure" on another board.

Step 1
Disconnect from the web ENTIRELY. This is to prevent re-infection until the system is clean.

Step 2
There are 2 steps to remove the virus, you have to accomplish both to completely remove the virus from your system.

#1 Go to the Task Manager (Ctrl-Alt-Delete), go to PROCESSES. Under the processes option, you will find a process named MSBLAST.EXE. End the process by highlighting MSBLAST.EXE and hitting End Process in the lower right corner. Now you can easily delete the MSBLAST executable. You can find it by searching on the C: Drive for MSBLAST.exe or you can go to C:\WINDOWS\SYSTEM32 and delete MSBLAST.exe from there.

NOW

#2 Go to <START>, then <RUN> and type MSCONFIG in the run line. Click OK. This will bring up the system configuration utility. Go to the Startup Tab, where you will find MSBLAST.EXE running." Uncheck the box next to "MSBLAST.EXE" and click ok. It will then ask to restart the machine, which you want to do.

OK then. Go to Microsoft.com and update the new patch. You will see what I mean when you get there.

Tried it, haven't checked if it fixed it. Will check after downloading patches.

--------------------
Dennis Goddard

Gibsonton Fl

Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000  |  IP: Logged | Report this post to a Moderator
Don Coplen
Resident


Member # 127

Icon 2 posted      Profile for Don Coplen   Author's Homepage         Edit/Delete Post 
Does this thing effect Macs? I've never had a virus...knock on wood.

--------------------
...

Posts: 4084 | From: ... | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Henry Barker
Resident


Member # 174

Icon 1 posted      Profile for Henry Barker   Author's Homepage   Email Henry Barker   Send New Private Message       Edit/Delete Post 
I don't think you have anything to worry about, I have been on holiday, and my annual renewal came up last month, and I didn't fix it until yesterday, but for me it was too late. I got MSblast, but went straight in to Symantecs website downloaded the fixtool and it says everything is OK, after you have downloaded the fix it directs you to microsoft, and the download for the patch.

So having been there and come out the otherside OK, I wouldn't worry too much.

I will in future update my NOrton AV when it runs out and not wait a couple of weeks though [Smile]

--------------------
Henry Barker #1924akaKaftan
SignCraft AB
Stockholm,
Sweden.
A little bit of England in a corner of Stockholm www.signcraft.se www.facebook.com/signcraftsweden

Posts: 1552 | From: Stockholm, Sweden | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Steve Burke
Visitor
Member # 2674

Icon 1 posted      Profile for Steve Burke   Author's Homepage   Email Steve Burke       Edit/Delete Post 
I finally got the download that night from Microsoft- OP, it took me 2 hours for a 36 MB file (that update plus 26 other ones, most related to security issues)!!!...so yeah I guess a lot of people were frantically trying to download the same thing!!


PAt- I don't know where I got it. My wife was checking a bunch of job search websites, so I suspect it got in then. I don't know a lot about how long it takes them to activate, or how they get sucked in. I was playing an online game when it first started shutting me down, so maybe the game server was giving it to everyone logged in? Some of the more software-savvy guys can probably say where it's getting in.

Apparently it also runs a command that tries to prevent you logging onto Microsoft's update web page (clever bugger, eh?). The update will totally fix it. As for my config files, I didn't change that, but a website told me to go into my registry and delete the reference there.Also, it tries to stop your computer from recognizing good info coming in from bad, opening you up to further attacks.

Don- evidently Macs are immune from these nefarious attacks. They all take advantage of some loophole in Windows (quite a few of them judging by the 27 updates I installed). Macs don't have the same type of vulnerability.

--------------------
Steve Burke
Cascades Inc
NS Canada

If at first you don't succeed, skydiving isn't for you

Posts: 359 | From: NS Canada | Registered: Jan 2002  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
You get this type of attack thru an open ports. This case port #135. Whenever you operate windows there are 64,000 ports open to the world through the internet so your computer can perform certain functions. You must close all unused ports.


To stop these attacks you will need a firewall such as Zone Alarm and get a router between you and the internet. Zone alarm closes the ports and the router makes you invisible to the net.

Once you install Zone Alarm you will be shocked to see just how much traffic there is probing your machine when your are online.

This is just the begining of this type of attack. A firewall and router is your protection before the attack gets to you,,, the Anti Virus is to protect you after the attack enters your machine.

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
Santo
Visitor
Member # 411

Icon 1 posted      Profile for Santo   Email Santo   Send New Private Message       Edit/Delete Post 
Open your task manager and look through your processes, if you have the Blaster worm, it will be seen as "msblaster.exe."

--------------------
Santo Brocato
Promotion Graphics & Letters
Spring, TX

Posts: 2501 | From: Spring, TX USA | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
W. R. Pickett
Visitor
Member # 3842

Icon 1 posted      Profile for W. R. Pickett   Email W. R. Pickett   Send New Private Message       Edit/Delete Post 
Lets hear it for MACS! (and DOWN WITH Bill Gates too!)

--------------------
WR Pickett
Richmond, Va.

Posts: 1955 | From: Richmond, Va. | Registered: Apr 2003  |  IP: Logged | Report this post to a Moderator
Arthur Vanson
Deceased


Member # 2855

Icon 1 posted      Profile for Arthur Vanson   Author's Homepage   Email Arthur Vanson   Send New Private Message       Edit/Delete Post 
Yeah! Macs and Betamax and Sabre-tooth-tigers and all the other things on the wrong branch of the evolutionary tree. [Smile]

--------------------
Arthur Vanson
Bucks Signs
Chesham, Buckinghamshire,
England
arthur@buckssigns.co.uk
--------------------

Posts: 805 | From: Chesham, Bucks, England | Registered: Mar 2002  |  IP: Logged | Report this post to a Moderator
Linda Silver Eagle
Visitor
Member # 274

Icon 1 posted      Profile for Linda Silver Eagle   Author's Homepage   Email Linda Silver Eagle   Send New Private Message       Edit/Delete Post 
Dear Valued Clients,

ALERT! On Friday August 1, many of our customers started receiving email with an
attachment that contains the worm virus "W32.Mimail.A". These emails typically
say "your account" in the subject line and read as follows,

****************Virus Email Text*********************
Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.

*********************END*****************************

This is obviously a trick. There is nothing wrong with your email address and
Email addresses do not expire!

Please update your Virus Protection software and also update your Windows
operating system with Windows Update at the Microsoft website. The new virus
attacks a vulnerability in all Windows operating systems.

**************************************************


Dear Charter Customer:
As you may have heard on the news, many Internet users are experiencing problems with their computers shutting down abruptly. This is not a problem with Charter Pipeline service. It is the result of a computer vulnerability and is being experienced by computer users around the world. It is due to a computer worm that scans computers checking to see if port 135 is open. If so, the worm takes advantage of the computer and shuts it down.

If your computer has not been infected, you should go to one of the web sites shown below to update your anti-virus software or install a patch to prevent infection.

Here is a Microsoft bulletin regarding this vulnerability:

http://www.microsoft.com/security/security_bulletins/ms03-026.asp

Here is an update from Symantec:

http://www.sarc.com/avcenter/security/Content/8205.html

Here is an update from McAfee:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):


Unplug modem.
Restart computer.
Go to Start / Search / For Files and Folders.
Confirm that Look in is set for C: drive.
Search for files and folders named: "MSBLAST.exe"
When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
Shut down the machine.
Plug the modem back in.
Restart the machine.
Go directly to one of the web sites above and install the patch and/or update.
Please do not reply to this email. It is for informational purposes only.
Sincerely,

Charter Communications

These are two letters I received from my domain host and ISP on the subject.

Thought maybe it would help a bit.

[Big Grin]

--------------------
Linda Welborn
Aigle D'Argent

678-292-3102

http://www.precious101.com

Posts: 2501 | From: GA | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Dave Johnson
Visitor
Member # 2535

Icon 1 posted      Profile for Dave Johnson   Email Dave Johnson       Edit/Delete Post 
I just checked my last update of Norton (8-11-03 rev. 19). It has the mblaster.exe definition listed as W32.Blaster.Worm.

--------------------
Dave Johnson
Saltsburg, PA

724-459-7240

Posts: 228 | From: Saltsburg, PA | Registered: Dec 2001  |  IP: Logged | Report this post to a Moderator
Dave Grundy
Resident


Member # 103

Icon 1 posted      Profile for Dave Grundy   Author's Homepage   Email Dave Grundy   Send New Private Message       Edit/Delete Post 
Got it...downloaded the patch...downloaded the removal program from Norton..ran the patch..ran the removal program...1 hr later I no longer am infected.

Pretty easy fix, in my view.

--------------------
Dave Grundy
retired in Chelem,Yucatan,Mexico/Hensall,Ontario,Canada
1-519-262-3651 Canada
011-52-1-999-102-2923 Mexico cell
1-226-785-8957 Canada/Mexico home

dave.grundy@hotmail.com

Posts: 8903 | From: Chelem, Yucatan, Mexico/Hensall, Ontario, Canada | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
goddinfla
Visitor
Member # 1502

Icon 1 posted      Profile for goddinfla   Email goddinfla   Send New Private Message       Edit/Delete Post 
Unplugged my DSL and logged on by dialup. Went to symantec.com and downloaded the removal. Ran it and then it sent me to microsoft.com for the patch. Hooked the DSL back up, works great.

--------------------
Dennis Goddard

Gibsonton Fl

Posts: 1050 | From: Tampa Fl USA | Registered: Apr 2000  |  IP: Logged | Report this post to a Moderator
david drane
Deceased


Member # 507

Icon 1 posted      Profile for david drane   Email david drane   Send New Private Message       Edit/Delete Post 
So does it or doesn't it affect "Windows '98".??

--------------------
Drane Signs
Sunshine Coast
Nambour, Qld.
dranesigns@bigpond.com
Downunder
"To err is human, but to really foul things up requires a computer"

Posts: 965 | From: Nambour, Qld. Australia | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Dave Grundy
Resident


Member # 103

Icon 1 posted      Profile for Dave Grundy   Author's Homepage   Email Dave Grundy   Send New Private Message       Edit/Delete Post 
Doesn't affect Win 95/98/98SE.

--------------------
Dave Grundy
retired in Chelem,Yucatan,Mexico/Hensall,Ontario,Canada
1-519-262-3651 Canada
011-52-1-999-102-2923 Mexico cell
1-226-785-8957 Canada/Mexico home

dave.grundy@hotmail.com

Posts: 8903 | From: Chelem, Yucatan, Mexico/Hensall, Ontario, Canada | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
AS I posted above, this variant will not infect win 98 because you do not use RCP services,,

However, there is a mutant variation comming back around that will attack win98 machines. It has a different name.

This is just the begginning of port style attacks. There is much discusion on certain "security" boards about the newest ways to attack M$ operating systems.

Your protection is the following..
Firewall. (Zone Alarm free) ..Closes yor access ports. And alerts you ask if you want to allow something tries to accces the net.
Router.. Stealths your machine from the net
Anti virus,, protects if something does get thru..

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
Bill Modzel
Resident


Member # 22

Icon 15 posted      Profile for Bill Modzel   Author's Homepage   Email Bill Modzel   Send New Private Message       Edit/Delete Post 
Life happens....

http://www.macdailynews.com/comments.php?id=P1573_0_1_0

and the Mac answers....

--------------------
Bill Modzel
Mod-Zel screen Printing
Traverse city, MI
modzel@sbcglobal.net

Posts: 1358 | From: Traverse City, MI | Registered: Nov 1998  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
Another variant, already,,,,,

The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures in the body of the worm.

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
Adrienne Pereira
Visitor
Member # 1046

Icon 15 posted      Profile for Adrienne Pereira   Email Adrienne Pereira   Send New Private Message       Edit/Delete Post 
I guess there is some merit to be still using Win98.....

Also, I no longer use an email account like Incredimail or Outlook Express...I use a remote email account like Hotmail or MSN....I'm assuming this will keep me from getting a virus (unless I download something to my computer right?)

A:)

Stay clean, and use protection!!

--------------------
Adrienne Pereira
Splash Signs

Port Angeles, WA
----------------
"Sure, it's colder in the Northwest, but...it's a damp cold!"

360-477-5656
splashsigns@msn.com

Posts: 4874 | From: Port Angeles, Washington, USA | Registered: Sep 1999  |  IP: Logged | Report this post to a Moderator
Curtis hammond
Visitor
Member # 2170

Icon 1 posted      Profile for Curtis hammond   Email Curtis hammond   Send New Private Message       Edit/Delete Post 
yes, not using Outlook or outlook express is a great way to avoid email virii.. Lots of virii are done thru email and exploit M$'s lack of security. Outlook has some features that allow virii to come through..

--------------------
Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate.

Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001  |  IP: Logged | Report this post to a Moderator
   

   Close Topic   Feature Topic   Move Topic   Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:


Contact Us | Letterville. A Community Of Letterheads & Pinheads!

Powered by Infopop Corporation
UBB.classic™ 6.7.2

Search For Sign Supplies
Category:
 

                  

Letterhead Suppliers Around the World