Jump to content
Sign in to follow this  
Guest Panman

Info on MSBLAST - Important Virus Information

Recommended Posts

Guest CargoMun

If I may add a little thing to IF you catch it and are using Windows XP.Since the worm will start a countdown and shut down computer shortly after when using internet, some people might have difficulty downloading the patch above.The solution (if using WinXP)The worm will be disabled from using the above named ports (or working at all) if you enable the Internet Connection Firewall (under the properties of you're dial-up/broadband connection). Of course any other regular 3rd party firewall will allow for this as well :)You are then able to use the internet without the worm shutting everything down and you can download the patch/removal tool from the link above.

Share this post


Link to post
Share on other sites
Guest Nathan Palmer

How do you access and block these ports? I have never done this and have a cable connection, norton internet security and antivirus.please help.NP

Share this post


Link to post
Share on other sites

Hi Ken,I absolutely second, what you said!!Our (my wife's and mine) McAffee dedected this trojan "Exploit-DcomRpc" on 10th Aug, but was not able to delete it but just to isloate it and put it into "quarantine". Everytime, when we entered the internet again or when we received emails the virus was detected again in the tftp.exe and was isoleted again. The anoying thing was, that after very isolation Win XP shut automatically down.Then I downloaded the MS03-026 patch from the MS-site to fix the Windows-RPC-Bug. Since then the virus was not detected any more.Also I can only recommend to everybody to download the MS03-026 patch immediately and to install it.RegardsWolfgang

Share this post


Link to post
Share on other sites

Hi there,this is a bit embarrassing but I found two WinXP updates, one for 32 and the other one for 64bit, and evidently I'm to stupid to figure out which one I have ;-)I'm using WinXP home, would that be the 32bit version?Also, shouldn't the windows update automatically detect and suggest the installation of the new fix? I've tried updating but I don't get any critical updates listet?!Any help would be greatly appreciated.Cheers,Petehttp://members.aol.com/pzsoulman/myhomepage/logo.gifAthlonXP2000,AbitKX7-333(latest4in1),512MB/2700SDRAM,WinXP,DirectX8.1,Geforce3TI200(128MB)(Det.30.82),SBlive(WDM5.1.2601.0)


I9-13900K, RTX 4090, DR5-6000MHZCORSAIR ICUE H150I ELITE, ASUS PRIME Z790-P, THERMALTAKE TOUGHPOWER GF3 1350W, WIN 11

Share this post


Link to post
Share on other sites
Guest Bob I

Hi,It's a bit confusing, but you need the one for Win XP Home, which turnes out to be 32, go figure. If you don't see it, go to the MS download center and go to Win XP.Bob

Share this post


Link to post
Share on other sites

Pete, just try, which one fits. The system will tell you upon installation, if you try to install the wrong one (you can't do any harm).I'm running XP Pro and I also was not sure if I have the 32 bit or the 64 bit version. Like you I guessed XP Home is 32 bit and XP Pro must be 64 bit. So I downloaded the 64 bit version. Immediately after starting the installation, a window popped up, telling that this 64 bit file does not match my system. So I downloaded the 32 bit version and everything went fine.I think 32 bit is more common, so I would try this one first.Wolfgang

Share this post


Link to post
Share on other sites

Thanks guys, really appreciate the help. I went ahead and downloaded the 32bit version and everything seems fine.Cheers,Petehttp://members.aol.com/pzsoulman/myhomepage/logo.gifAthlonXP2000,AbitKX7-333(latest4in1),512MB/2700SDRAM,WinXP,DirectX8.1,Geforce3TI200(128MB)(Det.30.82),SBlive(WDM5.1.2601.0)


I9-13900K, RTX 4090, DR5-6000MHZCORSAIR ICUE H150I ELITE, ASUS PRIME Z790-P, THERMALTAKE TOUGHPOWER GF3 1350W, WIN 11

Share this post


Link to post
Share on other sites

I don't seem having this thing, but I think from what I have seen, in case you experience the shutdown countdown timer box (applies to WinXP I think), you might try the following before you reach "zero": hit Win+R, type cmd, hit enter, change to your WINDOWSSYSTEM32 directory and call shutdown -a that should disable the countdown. But maybe that worm overrides this, I don't know... Good luck all, I doubt I will get it, I'll go on vacation tomorrow so my PC is off anyway... ;)

Share this post


Link to post
Share on other sites
Guest

Just to clear up any confusion, all system based on Intel Pentium or AMD Athlon are running the 32bit version of XP, whether Home or Pro. The 64bit version is strictly for the Intel IA64 (or Itanium) processor which is not on any desktop system and only a few high end servers.

Share this post


Link to post
Share on other sites
Guest Dean

For systems that have the worm and are rebooting, I recall seeing a procedure that said to start the PC in safe mode then use regedit to remove the msblaster executable under the software tab. After rebooting in normal mode the patch can then be installed.

Share this post


Link to post
Share on other sites

Wonderful case of jargon overcoming common sense by Microsoft: ie: "Download fix for Windows 64 bit or 32 bit". Very helpful (not!) Translation: Windows XP = 32 bit.Quick way to disable the virus while you download the fix from your virus agent or MS: Go to your Control Panel/Administrative Tools/Services and Find "Remote Procedure Call" and double click on it. Then click on "Recovery" and choose "Take No Action". This will ensure that the virus doesn't close down Windows before you had a chance to download the fix.Best Regards,Rob Young


Robert Young - retired full time developer - see my Nexus Mod Page and my GitHub Mod page

Share this post


Link to post
Share on other sites
Guest

Put otherwise: unless you know you're running it you almost certainly aren't :(Of course the biggest eyeopener for alert people will be that the hotfix has been available from Microsoft for almost a month now yet noone seems to have bothered keeping their computers up to date (which would have prevented infection) :-aol Up to date virus scanners and firewalling software would almost certainly have blocked it as well, see above for reasons for getting infected anyway :-violinMy firewall prevented well over 300 intrusion attempts yesterday, over 90% of them at ports used by this worm.That's an 80% increase from tuesday!

Share this post


Link to post
Share on other sites
Guest Panman

I'll remember that next time I see the computer trade magazine that I read advertise Windows XP Pro 32 Bit Edition and Windows XP Pro 64 Bit Edition.

Share this post


Link to post
Share on other sites

>I'll remember that next time I see the computer trade>magazine that I read advertise Windows XP Pro 32 Bit Edition>and Windows XP Pro 64 Bit Edition.Yep, on the MS-download-site they ask you if you are running Win Xp 32 bit or Win Xp 64. So there are 2 versions of Win XP (well actuall 4 :-) ).BTW, I do not think it is the virus itself, which closes the system. As I understand it Win XP closes for security reasons, after the virus scanner has dedected the virus and has isolated the infected file. Or it closes, because the system cannot run safely without the isoletd file. At least it was this way in my case.The virus which got into my system though this "scurity whole" was theExploitDcom-Rpc. A trojan which is used by someone to retreive data from your computer etc. So the producer of this virus has no interest that the system will shut down.BTW At the moment there is not just ONE worm/virus around, who takes advantage of this particular Windows security bug. The MS patch will prevent from all of them.Wolfgang

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...