ATTENTION: W32.Blaster.Worm Circulating!

To anyone who is noticing erratic behavior on their PC - IE: timed shutdowns, system instability...

There's a virus that's wreaking havoc and spreading itself through the internet like wildfire. We got hammered by it here at work too.

It's called the W32.Blaster.Worm virus.

There's a fix for it though:

Story (and link to patch so it doesn't hit you again):
http://slashdot.org/articles/03/08/1...id=190&tid=201
Link to Symantec (norton) fix for the virus:
http://securityresponse.symantec.com...ster.worm.html

Keep in mind this virus is not spreading via email -- it is sneaking in through TCP Ports 4444 and 135, and UDP port 69, so if you have a firewall, CLOSE THESE PORTS!

Thanks for posting this.

My computer at home got hit yesterday, and we had it fixed in a few hours (a friend of the hubby's who works at Best Buy gave us the disk).

From what I have read about it, it isn't even as strong as it is supposed to get--the most damage is scheduled for August 16, and to continue through December.
I read that here:
http://story.news.yahoo.com/news?tmp...6233_2003aug11

I hope everyone's computers stay healthy!!!

Please update your virus scanners as well - for those of us using Symantec's Norton Antivirus, the latest definitions that should take care of this virus are as follows: 8/11/2003 Revision #19

My home computer has the virus, I'm sure. It kept crashing last night.:( It wouldn't stay up long enough for me to download
the patch to fix it.:( BUMMER.... I've downloaded the security
patch to diskette here at work & will try to run it when I get home
tonight.

Lovemysheba,

What's the disk from Best Buy called ? What else might I need
to fix my home pc? I have Windows XP at home. I swear I will
never ignore the update prompts again.:o Help, Liz.:(

I can't get either of the links to work?

EDIT: The second link still won't work for me but the first will.

I just fixed the links... they were messed up - sorry

They should both work now.

Anyway, I got this off of slashdot.org:

--- snip ----

I got the worm yesterday, and found that when the "shutdown" popup appears, just reset the system time... you have a full minute to that. I just pushed the data back one year, and the shutdown is postponed a year! then you can run a full system virus scan, and repair tools

Regards/
JP
--- /snip ---

and

--- snip ---
My friend was getting hit constantly by this worm yesterday. The box wouldn't stay up long enough for him to install the patches :P. Just a tip for those of you who are getting hit a lot and having your box reboot: To stop those pesky reboots try:

shutdown /a

That should abort the shutdown and give you enough time to install patches. This also works well when you install a piece of software that trys to force you to reboot. (Why he hadn't fixed it already is a mystery, especially since slashdot.org is his homepage.)
--- /snip ---

How do I close those ports you mentioned?

Quote:

---

Originally posted by ILoveMyAbbyGirl
How do I close those ports you mentioned?

---

You need a firewall to close the ports. Hardware or Software.

A good software firewall is ZoneAlarm. It's free too I believe.

you can get it here:

http://www.zonealarm.com/

http://housecall.antivirus.com/housecall/start_corp.asp

here is a free on line virus checker, we all use it at work, seems to tell you what you need to know and how to fix it. we are all clear at home, so far.
Katz

Thankfully our IT was on the ball and beefed up internet security so to speak. :)

*squishy, squishy* :D

Is it the same if you're behind a hardware firewall, or are you just talking about software ones?

I installed the windows prevention thingy anyways, just curious. :)

Great I have a virus already, W32.Kwbot.C.Worm and I cannot get rid of it. Norton gives you instructions but youhave to get into the registry and I don't know how to do that and am afraid I am going to screw up the computer. :rolleyes:


This will just make me more susceptible to getting this one. :eek:


If I have Norton and I just updated it last night should I be protected?:confused:

Lizbud,
I don't remember what it was, and my husband took it to work with him today.
I know it was an update disk or something for windows XP, and that's the end of my knowledge.

My computer also kept doing a timed shutdown, and we couldn't keep it on long enough to fix it at first.

I always ignore the update prompts too:o :o :o

Quote:

---

Originally posted by WolfChan
Is it the same if you're behind a hardware firewall, or are you just talking about software ones?

I installed the windows prevention thingy anyways, just curious. :)

---

My LAN at home is running behind a hardware firewall - it works the same for that. I just block out all those ports and nobody can get in.

My systems are safe. ;)

But yes, you should install the patch.

Quote:

---

Originally posted by luckies4me
Great I have a virus already, W32.Kwbot.C.Worm and I cannot get rid of it. Norton gives you instructions but youhave to get into the registry and I don't know how to do that and am afraid I am going to screw up the computer. :rolleyes:


This will just make me more susceptible to getting this one. :eek:


If I have Norton and I just updated it last night should I be protected?:confused:

---

If your virus definitions when you open up Norton show up as version 8/11/2003 Revision #19, then yes, you are all up to date.

I guess you have a different virus though - you're going to have to go into the registry - just follow their instructions to the letter and you should be fine.

Quote:

---

Originally posted by lovemyshiba
Lizbud,
I don't remember what it was, and my husband took it to work with him today.
I know it was an update disk or something for windows XP, and that's the end of my knowledge.

My computer also kept doing a timed shutdown, and we couldn't keep it on long enough to fix it at first.

I always ignore the update prompts too:o :o :o

---

Thanks, I'll stop by Best Buys on the way home & ask them.
Hope their not swamped with people, or sold out of fix it disks.
I am such a goober for not taking this risk thing more seriously
before now. :( :( I wany my Pet Talk fix TONIGHT. LOL. :p

Quote:

---

[i]

Keep in mind this virus is not spreading via email -- it is sneaking in through TCP Ports 4444 and 135, and UDP port 69, so if you have a firewall, CLOSE THESE PORTS! [/B]

---

How do I close these ports with Norton? It has a Personal Firewall, can I close them from that?

Quote:

---

Originally posted by luckies4me
How do I close these ports with Norton? It has a Personal Firewall, can I close them from that?

---

You should be able to - I'm not familiar with norton personal firewall though.

:)

:) One of the advantages to being on a MAC. Who'd bother writing a virus for us. It would hit like, 12 computers!

Sorry you guys are getting slammed....:(

Oooh..not good. I think my computer has the virus. :( Lately it's been shutting the internet off my itself. Also sometimes I'll get a pop up that tells me an error has occured and that i have to close all my internet windows, which is not fun for someone who just finished typing out a really long post, and then the copy/paste command doesn't work. I deleted my stupid virus checker because I didn't have any more room in my c drive...looks like I'll have to delete some stuff I really want to keep so I can download it again. :(

Not good indeed. Good luck.

Quote:

---

Originally posted by babolaypo65
:) One of the advantages to being on a MAC. Who'd bother writing a virus for us. It would hit like, 12 computers!

Sorry you guys are getting slammed....:(

---

Any other time I would be laughing at that, but.... Oh heck,
might as well laugh. It's better than going nuts about this.:D :D
I'm so glad I just got the book I've been waiting for from the
library van today. It's the book ChrisH talked about "The Culture
Clash". It's gonna be a long quite night tonight, I can feel it.:)

I think my comp. have the virus :( We have no firewall only Ad-awere :rolleyes:

This has been posted before, but it's a really good site! :)

http://www.truthorfiction.com/

Umm! I thought I might have it, because
when I am searching the web the last 3 days, sometime my
PC stops responding. But it looks like this worm
doesn not affect Windows 98 so I must be safe.

Another good antivirus is called PC-Cillin. If it can't eradicate the virus it can quarantine it; cut it off from the outside. We got attacked at work. SEcond time in one week!

Quote:

---

Originally posted by KYS
But it looks like this worm
doesn not affect Windows 98 so I must be safe.

---

Me too. See, sometimes it's good to be behind the times. :)

My computer was infected with this :rolleyes:

Only took us 2 hours to fix it, LOL.


Thank you, thank you, thank you for posting this! I don't know what I would have done without it!


Ash

posted by micki76:Me too. See, sometimes it's good to be behind the times. :)>>>>>>

Yep! Yep! Yep! :D

Does this virus afect Windows 2000?

I'm just scanning for viruses with Norton , now

Does it affect Windows 95? :o Yeah, so it's old and it's slow..

Quote:

---

Originally posted by koxka
Does this virus afect Windows 2000?

I'm just scanning for viruses with Norton , now

---

AFAIK:

Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me

THANK YOU for this info!!!

I was kicking my computer last nite. :mad:
I have tried logging on and being shut down like 20 times... guessed I am not a very patient person...

I am glad that it's finally fixed. Whew...

Thanks for posting about this. I just got a call from my sister, she has the worm. I led her to this thread, and hopefully she will get her computer fixed.

Thank you for all the help !!

Dear Charter Customer:
As you may have heard on the news, many Internet users are experiencing problems with their computers shutting down abruptly. This is not a problem with Charter Pipeline service. It is the result of a computer vulnerability and is being experienced by computer users around the world. It is due to a computer worm that scans computers checking to see if port 135 is open. If so, the worm takes advantage of the computer and shuts it down.

If your computer has not been infected, you should go to one of the web sites shown below to update your anti-virus software or install a patch to prevent infection.

Here is a Microsoft bulletin regarding this vulnerability:

http://www.microsoft.com/security/se...s/ms03-026.asp

Here is an update from Symantec:

http://www.sarc.com/avcenter/security/Content/8205.html

Here is an update from McAfee:

http://us.mcafee.com/virusInfo/defau...virus_k=100547

If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):


Unplug modem.
Restart computer.
Go to Start / Search / For Files and Folders.
Confirm that Look in is set for C: drive.
Search for files and folders named: "MSBLAST.exe"
When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
Shut down the machine.
Plug the modem back in.
Restart the machine.
Go directly to one of the web sites above and install the patch and/or update.
Please do not reply to this email. It is for informational purposes only.
Sincerely,

Charter Communications

Oh thank goodness! For once I'm glad I have windows 95 :o :)

I didn't read the full article on it at first, but I am glad we have Windows ME at home.

Heh, I'd actually rather deal with this and have 2000 then have ME..:o My personal opinion..I think if you have a firewall up all the time and do a windows update you should be ok..I haven't been hit yet (I have 2000) and now that I'd said that I'll prob get it..lol

Thank you SO much for posting this! I'm installing the patch right now. Thank God it hasn't hit my computer, and hopefully it will be protected once the patch is installed. It says I have 26 more minutes until it finishes installing, which means I'll have to stay up for awhile. Unfortunately, my brother's computer got infected today. :( He's working on fixing it. I will let him know about the patch so that he can install in once his computer's fixed.

Quote:

---

Originally posted by slleipnir
Heh, I'd actually rather deal with this and have 2000 then have ME

---

I can't really tell a difference between Windows 2000 (at work) and Windows ME (at home). I can get to Pet Talk on both, and thats the important thing :D :D