VIRUS WIN32.BLASTER.WORM??

Discussion in 'malware problems & news' started by Tinribs, Aug 16, 2003.

Thread Status:
Not open for further replies.
  1. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Sometghing odd is happening to my pc, I've patched the Blaster threat, my firewall is blocking the relevant ports and I've disabled system restore and run a scan with several specific Lovesan removal tools (all came up clean)
    But my system still occassionally (as in 2/3 times a night) reboots with the same pop up window as if infected.
    Now I cant work out whats wrong, I've disabled the relevant windows service, rescanned, double checked firewall and updated av's and re-applied the patch(s) but no joy. It seems to pop up just as I surf to different sites out of my favourites, very odd.

    Anyone have any ideas?
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Are you running XP? There have been some reports that some XP systems are impacted though they have been patched. As far as I know, these are unconfirmed and I have no details unfortunately. I saw this on the SecurityFocus "Incidents" listserv.
     
  3. Uguel707

    Uguel707 Graphic Artist

    Joined:
    Nov 9, 2002
    Posts:
    2,999
    Location:
    San Diego
    Hi Tinribs!

    Do you run windows xp?
    if yes, desactivate the restoration mode before "disinfecting" your pc,
    if you don't it won't work!



    Windows xp: desactivate system restoration

    1. Go to desktop panel.
    2. Click on "system"
    3. And click on the "restoration tab"
    4. Tick "desactivate system restoration"

    Then you scan your pc with the disinfection tool.

    -------------------------------------------------------------------------------------------

    Info and a disinfection tool at Symantec's:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

    And here's more:

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

    And Fanj's post:

    https://www.wilderssecurity.com/showthread.php?t=12332

    And, if you could get rid of that nasty, don't forget to re-activate your system restoration after.

    Hope this will be helpful for you.


    Uguel
     
  4. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Thanks all (and thanks Pieter) I've tried everything suggested,, it didnt reboot at all last night which was good, I'll see how things go. The odd thing is that I patched my system long before the threat reared its head!

    I guess I'm just unlucky, or my pc is possessed with demons!
     
  5. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    wow Kev you need to call "Host Busters"
     
  6. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    :D I reckon I do SPC, happened again after bootup today, rescanned and again I'm clean, I give up.
     
  7. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey Tinribs,

    Can you please download and run HijackThis from

    http://www.tomcoyote.org/hjt/hijackthis.zip

    and scan the system but do *not* try to fix anything yet as many of the items listed are necessary, instead press the "save log" button and copy and paste the log here for someone to review and advise on.

    Thx,

    Dan
     
  8. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Thanks Dan but I have done this and found nothing untowards , Pieter has seen it too and nothing is obviously wrong.

    Thanks for the interest though, it only seems to pop up when I first boot after a break, on subsequent bootups its fine o_O
     
  9. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    o_O Possibly weird memory bug? Reseat/swap position of dimms/simms for fix?
     
Loading...
Thread Status:
Not open for further replies.