I would suggest everyone update the virus scanners and follow the tips /walkthroughs on these pages to check for the RPC backdoor worm..
http://homepage.ntlworld.com/michaelgadge/shutdownproblem.htm
http://securityresponse.symantec.com/avcenter/security/Content/8205.html

TIP: DO NOT USE THE SYSTEM RESTORE ON ME/XP WHILE INFECTED! It "installs" it on your restored files and they are then infected also.

There was a patch out for this weeks back, if anyone is infected it's their own stupid fault . . . .

and.. accorording to Microsoft.. it wont workon ME :P

So, it appears ME is good for something after all..

Originally posted by my_forum_id
There was a patch out for this weeks back, if anyone is infected it's their own stupid fault . . . .

Umm...I download the latest patches everytime it pops up on my XP screen, and it still infected my computer. :eek: That's a pretty broad statement to make..

yeah, i thought something was wrong when i started getting flags on incoming connections to port 135, looks like theres alteast 500 something on my subnet infected, id hate to see the amount on large cable networks.

my_forum_id is correct, if you get infected by this, you can only blame microsoft (hehe), then yourself. I mean com'on people, how long has the patch been out, almost a month, i mean damn, you people were just begging to be hacked. You might as well have setup a backdoor on your computer, go into a irc channel full of 14 year olds and posted your ip address.

I updated with that patch a while ago and im cleaning the blaster virus off as we speak...

I updated one of my home boxes (2k sp2) to sp3 the other day and have even updated my AVG daily.. Even yesterday afternoon I updated my avg again,, still clean.. after we were getting pounded last night at work (tech support) I took a run home, yep..one of my home boxes was sending packets to a DOD computer :eek:

So I unplugged it and when I got home after work, I cleaned it.. I NEVER install anything on that box.. the infection would have had came from M$.

Service Pack 3 will do nothing to stop this, the patch came out long after that. (service pack 4 is out now btw . . . )

What you need to do is subscribe to the microsoft security list, then you'll get a timely warning every time a patch is released - if you patch as soon as they're available you won't get caught like this again.

Originally posted by InternetPEI
I updated one of my home boxes (2k sp2) to sp3 the other day and have even updated my AVG daily.. Even yesterday afternoon I updated my avg again,, still clean.. after we were getting pounded last night at work (tech support) I took a run home, yep..one of my home boxes was sending packets to a DOD computer :eek:

So I unplugged it and when I got home after work, I cleaned it.. I NEVER install anything on that box.. the infection would have had came from M$.

Virus checkers will do nothing, it's not a virus.

WIndows update is your friend . . . .

Perhaps I'm off base, but...wouldn't a FIREWALL stop this sort of attack?

Hmm...maybe I should start slinging BSD Firewalls in the Related Offers section...

Perhaps I'm off base, but...wouldn't a FIREWALL stop this sort of attack?
I noticed my router has had a lot of requests on port 135 here lately, but I've yet to have any PC's within the LAN to show signs of infection. I also have ZoneAlarm installed on the PC's so maybe the double firewall has helped.

Seeing some of my friends and family get the worm, its pretty horrible.

Ive been told that on some machines, it disabled Norton Anti Virus (asked for re-installation) and kept on rebooting.

Seems like some solutions work for some, while some dont.

Patching it seems harder than though.
By changing recovery mode for RPC in windows services under administrative tools, to "do nothing" this seemed to stop the strange continous reboot. This worked for some, but for others, some got crytographic errors.

Some of the comps couldnt even connect to windows update to grab the patch, or didnt even have time to download the patch from another source without the comp rebooting.

Im sure there are probably hundreds of thousands comps infected. Probably the worst for 2003.

If they are running xp, if they enable the peronal xp firewall, they should be able to get back online long enough to get the patches

Someone on slashdot suggested running 'shutdown -a' to abort the shutdowns and hopefully give enough time to patch the system.

My mate PC got infected, I've fixed it yesterday for them - pretty much easy tho.

I always apply the updates on Windows Update, and use the XP Personal Firewall.

I've yet to have a problem with the worm.

Firewall will block the requests both incoming and outgoing.

Shutting down MSblast.exe will kill the virus long enuff to upgrade patch.


start run cmd shutdown -a will kill the restarts as well.

Originally posted by iVersit
Perhaps I'm off base, but...wouldn't a FIREWALL stop this sort of attack?

Hmm...maybe I should start slinging BSD Firewalls in the Related Offers section...
I'm not alone :D

Why do people have Net Bios ports open in the first place? Are you sharing your printer or files across your WAN link and not using a VPN or other security method?

I only have 3 PCs here (not NATed, I'm using a /29) but I make damn sure that they aren't revealing ports they shouldn't be!

but anyone in here know where the w32.blaster.worn came from and how does it spread out ? i got one last nite ,but i fixed it today,and my computer is running so far so good now,no more shutdown unexpect