Info on MSBLAST - Important Virus Information

[Guest Ken_Salter]

In case you haven't heard, there is a virus spreading around that takes advantage of a security hole in Microsoft OS (note you can catch this virus even if you virus scanner is up to date. It does NOT travel through email, but attempts to connect to your computer via the ports described below):W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download and run the Msblast.exe file.Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:TCP Port 135, "DCOM RPC" UDP Port 69, "TFTP"The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.For more information, please see the following links:http://securityresponse.symantec.com/avcen...aster.worm.htmlPatch from Microsoft is at http://www.microsoft.com/technet/treeview/...in/MS03-026.aspI STRONGLY ADVISE everyone to patch their OS and block these ports if you haven't already.http://saltydogfly2.avsim.net/images/avsim_sig.jpg"We are the music makers, and we are the dreamers of dreams."

[Guest]

I owe the Avsim community a big THANK YOU for alerting me to this blaster worm! :) I run Win98, but the office I work in runs Win 2000 ... they didn't even bother to check for a windows update in the past month :-roll ...... it's really incompetant when you realise that the company is HUGE! :( All of the computers in my office got the worm, and it caused chaos ... nobody realised that it was a worm!! On Tuesday night I was looking on these forums, and one thread made me realise that the computers had the MSblast worm! I told the computer "techies" the following morning .... they were astounded that one of their temporary workers had discovered the bug, whilst their highly-paid "experts" had overlooked it! :-lolThanks again, everyone :-lol

[Guest Miller]

There is no 64bit desktop chip available yet so there is no 64bit OS for a desktop computer. Both are coming. Everything now is 32bit.For the worm, you can hit ctl,alt,del. and in msconfig go to processes and disble msblast.exe. to stop it on your pc. Do a search for msblast.exe and delete it. Then go to MS website and download patch. This is from memory but I am pretty sure this is another path that works. I read that there is a text message in this new worm that reads "Billy Gates, why don't you stop making money and instead make your products work right so they cannot be attacked by a virus like this!" (Paraphrasing)Indeed. Why doesn't MS hire 20 of these virus writers to plug the security holes in their OS before they sell it!? Why? Because a monopoly doesn't have to do anything it doesn't want to do. It simply puts out a product, waits for the numerous complaints, and then gets around to fixing it. Anyone who wonders why monopolies are bad for the market and competition is good need look no further.Miller

[OMillerJr 0]

Does MSBlast not effect 98? That's what I'm running too but I haven't seen any coments except the one above about it.

[OMillerJr 0]

Never mind. The Symantec site information says that 95, 98 and ME are not affected.

[Guest]

That's right :) The Worm creator went for the current and most popular OS available, to maximise destruction! :( I'm glad I've got Win98 :)

[Guest Lindy]

My game computer runs Win98SE and is fine. But my work computer uses WinXP and got bit. After fixing it up (thanks again, Ken for the info), I downloaded and installed the security updates for both XP and Win98 -- I figured it couldn't hurt. -Lindy :-wave

[Guest]

http://www.cuic.ca/seroka/worm.jpgI have problem to run this update from Microsoft or any site which provide the fix 32 against this warm, an advice to this problem pleaseThanks Jacek

[Guest]

http://www.computing.net/windowsxp/wwwboard/forum/74118.htmlI was trying everything from this forum perhaps can help somebody else but didn

[Guest]

startruncmdnet stop crytpsvcRD /S /Q %SystemRoot%System32Catroot2net start cryptsvcexit