Sign in to follow this  
ORN

MSBlast.exe - What is it?

Recommended Posts

Hey guys, problem here. this morning I d/l a few files and unzipped them and installed a few, including the new FS9 files for the Seneca from FSD. I also forwarded a couple to my VA partner. I always scan any file I d/l and Norton is up to date. I had just finished testing an aircraft in FS9 and got an NT message saying it was shutting down my system, first thought, a hacker or trojan, so when I booted back up I cranked ZoneLabs up all the way, then I got an alert from it about letting an EXE called MSBlast.exe to connect to the internet, uh, NO! I did a search and found it in the WINDOWS/ system32 folder, saying it was created today. I also found it in my running processes and shut it down ASAP.I wasn't going to post this here, UNTIL my VA partner called me from Cali saying he was getting the same thing, unfortunately he doesn't have zonelabs and is unable to stop it shutting down his system.I am assuming it is FS related somehow, is anyone else getting this and does any one have an idea of what it is and how to get rid of it??Regards, Michaelhttp://mysite.verizon.net/res052cd/mybannercva1.jpgCalVirAir International VAwww.calvirair.comCougar Mountain Helicopters & Aviationwww.cgrmtnhelos.com

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Michael,You have a virus.Easily found if you search for anti-virus sites on the web.From Symanitc.THREAT: W32.Blaster.Worm CATEGORY: 3 W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability using TCP port 135. It will attempt to download and run a file, msblast.exe. STEP 1: Read Critical Information I suggest you check that Norton is really up to date and visit www.symantic.com to read how to get rid of the virus and what it does. I hope it is easy to remove it and I guess your VA buddy will have to notify a lot of his friends that he may have infected.If Norton *is* up to date then I suggest you get a better AV.I use AVG which is free and, touch wood, I have never yet been contaminated - touch wood, famous last words :-)

Share this post


Link to post
Share on other sites

Seems to all of a sudden be a major problem. I got hit with it today. My understanding is that antivirus software will not pick up on it because it takes advantage of a security hole in several MS OS's. There is a link to a patch by MS and discussion on this very issue at FS.com: http://www.flightsimnetwork.com/dcforum/DC...mID21/3462.htmlDoes not seem to be a major issue if you fix things fast. Always keep a firewall running too. My understanding is that will protect you from this worm as well. Good luck.Brew

Share this post


Link to post
Share on other sites

MSBlast is never a major issue, just a nuisance. It causes no damage to your computer. The main concern is that 100,000 computers on Aug 16 that have the worm will assist in a DoS attack on windowsupdate.com. So of course, all the hype is really nothing. To stop this rebooting problem, go to Start -> Run and type "shutdown -a". This will stop all automatic shutdown attempts. Then go to www.neowin.net and check their instructions for removal. They are simply and easy.

Share this post


Link to post
Share on other sites

Well, it may very well become a major issue once the DoS attack starts, because nobody will be able to download the fix. I don't know how long this attack will last, but if it's a long-term (or never-ending), this could just be a preliminary attack to prevent people from closing the hole, so that they can unleash a more powerful and destructive worm in the very near future that nobody (except those who patched their system before the DoS attack starts, or has good firewalls in place) will be able to prevent.

Share this post


Link to post
Share on other sites

Unbelievable...It started happening yesterday, I thought my comp had gone crazy so i inatalled windows again, only to discover today that the problem was still there! (anyways it wasn't useless, I did need to clean up a bit...)And now a whole topic for what I thought had no solution! LOL!This is reeeaally weird, it seems lots of people are affected by it...

Share this post


Link to post
Share on other sites

And all the computers that are infected are ones where the users never bothered to keep their systems updated with hotfixes.The issue was reported and fixed by Microsoft nearly a month ago, if you'd have used Windowsupdate since 16 July (or maybe a few days later) you'd have had it fixed already.Just goes to show how many people don't bother checking with the manufacturers of their software for updates regularly (but instead often install messages claiming to be "the latest Microsoft security update" originating in Bulgaria or China (when Microsoft has quite often stated they'll NEVER send out anything over email, at most an announcement and a link to their own site for more information).

Share this post


Link to post
Share on other sites

Its already causing a problem with the windows update site.. Everyone is quickly trying to update overloading the windowsupdate site..Also network traffic has really slown down. The internet is pretty slow right now. This worm really has caused a little bit of a problem.Just keep your windows up to date, and run a firewall if you can to prevent this from happening again.I didnt get hit because of this, my router has a so called firewall, and I always install any hotfix or update from ms

Share this post


Link to post
Share on other sites

Of course. No one is ever vigilant until they need to be (think, 9/11, server security, car alarms, every piece of protection we have is because at some point, we failed to be vigilant enough). And the fact that server traffic at windowsupdate.com has increased 350% is testament to the power the media has over our minds :) We follow too much of what they say, and never do things on our own, like visit windowsupdate.com like MS recommends, or even leave automatic updates on.You are right, a firewall would have prevented this entire issue.

Share this post


Link to post
Share on other sites

Why are you so quick to judge other people?I got the virus but I just got a new XP machine less than 3 days ago. I was in the process of downloading the updates when the virus hit. It takes awhile for 35MEG PLUS worth of "critical" updates to install over 56KPS.Not all of us live in an area that supports DSL, or has good broadband service.I also want to know why you feel it is THE CUSTOMER'S FAULT. Quite frankly I find Bill Gates latest "security initiative" a bit offensive. Now while it is good that these "fixes" are being found, I want to know what sloppy workmanship allowed them in the first place?And don't come to me blah blah blah about how complex Windows is. You don't see Mac OS getting viruses. It's equally as complex as Windows, nor do you see Linux, or Solaris getting pegged by these bugs.The truth is, if a car manufacturer were to put out an automobile that had as many "critical fixes" that Microsoft had, it wouldn't be on the road.Now the "author" of MSBlast.exe is the villian here, but when will our antiquated consumer protection laws take up this issue. When it comes to software, consumers have little or no legal recourse. It's Ironic, I can have a little old lady win a reward for "damages" because SHE spilled coffee in her lap. Yet a worm that exploits a software deficiency that allows an attacker SYSTEM level access, is not "Microsoft's" problem? If this "security risk" were so freaking HUGE, why didn't microsoft use the "hole" to patch it in the first place. They could have exploited the exact same hole to run a patch which would have fixed anybody on the web. If asked why, they could say, we discovered a problem, and we felt that it was to vital to risk even one person getting infected, so we used the "hole" to install the fix. BINGO,But no, they post it on a website, and wash their hands of the whole deal.I'm sorry, I understand it's my responsibility to upgrade my system, but when Microsoft finds "holes" on a weekly basis, something is fundamentally wrong.

Share this post


Link to post
Share on other sites

Wasnt the "Red Code" worm that spread a while back a Linux kernel virus? I seem to remember that it hit Linux just as hard as windows pc's (might be another one i am not sure)I agree with you though, the end user cant be to blame for slack programming work because of time constraint - and I know how Microsoft works and am not surprised their releases are buggy (OS'es not games in this case)Thankfully most security updates are fairly small for even dialup users to be able to keep somewhat updated.

Share this post


Link to post
Share on other sites

>Thanks for the report, although grim, it helps me find a>solution. Really dissapointed as you can see my virus>definitons are up to date and I have not turned off the virus>software.>>>>http://forums.avsim.net/user_files/30059.jpg>Actually you were not up to date; Norton's virus Definitions were updated on 8/11/2003. Norton distributes its weekly antivirus updates every Wednesday afternoon - which I guess you have - but even with Live Update running you should also do manual checks occasionally to ensure you have any special releases.But as someone else pointed out the real fix would have been to install the Windows update that was released over a month ago.http://forums.avsim.net/user_files/30385.gif

Share this post


Link to post
Share on other sites

To resolve "msblast.exe" problem:In MS Windows XP just open Network Connections. Right click your main connection. Open the properties window. On the "Advanced" tab, click the checkmark under the internet firewall. Close Control Panel and the properties. YOU WILL NEED TO RESTART YOUR CONNECTION FOR THE CHANGES TO TAKE EFFECT. Then CTRL-ALT-DEL, click on the "Processes", click MSBLAST.EXE, then click "End Process". Click Start, Click run, and type "C:WindowsSystem32". Delete anything with the words MSBLAST. (msblast.exe, and the one other file it came with.) Nuke the recycle bin, restart the system, and it should work fine. Please be careful if you stay on for periods of more than 30min ata a time. I haven't spontaeneously rebooted since. It works on my PC, my mom's laptop, and both of my dad's systems. It is a tiny bit technical, but it definately works.Good Luck

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this