cancel
Showing results for 
Search instead for 
Did you mean: 

W32.blaster.Worm

N/A

W32.blaster.Worm

ITS HERE!

http://www.sarc.com/avcenter/venc/d...aster.worm.html

In 12 hours it jumped from level 2 to level 4! This is one piece of nasty ****!

Also known as the 60 sec shutdown virus. It randomly shuts down your computer after 60 seconds, and can slow your computer down almost 50%. Then it will attack the windows update site on the 15th of this month for 1 year. And it will block you from downloading any windows update.

Word has it the BT penworld server was hit, infecting lots of there subscribers.
6 REPLIES
N/A

W32.blaster.Worm

The virus seems subject to a lot of disagreement.

There are reports from different companies of different issues presented by the worm.

El Reg. (The Register)

Quote

The MSBlaster worm, also known as Lovsan, Blaster or Poza and which began spreading yesterday, is programmed launch an attack against windowsupdate.com on 16 August


The rebooting is caused by the worm crashing the RPC deamon to do its job. The rebooting can be prevented typeing "shutdown -a" into the Run dialog box and clicking OK.

F-secure have a small tool for removing the infection, which can be obtained directly from HERE(Documentation). The full F-secure lowdown is available HERE, where a level 1 alert has been issued.

Just to add to the hurt, it is being reported, that the fix issues via Windows Update may not be installing correctly. It shows as installed, but may not be.

As such, it may be well worth visiting the MS Advisory center, and downloading the patch by hand. The page required is available HERE
Community Veteran
Posts: 5,878
Registered: 04-04-2007

W32.blaster.Worm

Yeah BT where affected by this, the effects were quite widespread, however alot of BT's systems had already been patched (so I'm told).

Chris
N/A

W32.blaster.Worm

Quote
Just to add to the hurt, it is being reported, that the fix issues via Windows Update may not be installing correctly. It shows as installed, but may not be.


If you are already infected, the worm (including files and reg keys) must be removed first, before doing the windows update.
shermans
Rising Star
Posts: 1,038
Thanks: 27
Fixes: 1
Registered: 07-09-2007

Windows ME

I read somewhere that it only attacks XP, NT and 2000 but not ME, 98 or 95. Does anyone know if this is correct ?
N/A

W32.blaster.Worm

This is very correct.

The fault is caused by a component running on NT.

Seeing as 2K and XP are NT based, these are also affected.
N/A

W32.blaster.Worm

The patch was first released almost an month ago when Microsoft were first alerted to it - obviously not enough people were aware of the potential severity of it and failed to download & install the fix (luckily I was and did Wink )
A properly configured firewall is also a good defence against this as it stops the worm getting in (blocking TCP ports 135/139 is always a good idea, as it stops Messenger popup spam as well as this worm, whilst 445 isn't used by any legitimate Windows process).