I know there are several topics about this "worm/virus," but mine is different.

Here's the scenario:

Today at work, everyone notices their computers are acting funky. I get suspicious, start checking everything out on mine, and then I notice the problem is the notorious worm that's made headlines.

I knew what and how to get rid of the sucker, because I got it on my computer about 2 days ago, but it seems its been "upgraded" since then.

To me, it appeared that it has now been updated to disable most possible ways of killing it (only if you don't know how). Some of the ways it "protects" itself are:

-Disabling paste in IE, which you would use for copying URLs for clikcing links to patches

-Disabling weblinks, yep, you heard right, any link we tried to click would not work, like it was dead, or it woudln't even try accessing the website.

-Not letting you view files in the windows/system32 folder, at all. Even after clicking the "show files" link.

-It also prevents you from downloading from Windows UPdate, amazingly...

-When you run regedit, it gives you an error, something like "that's an unknown command/file"


Now, how did I get past this? simple.
Rebooting, and and getting to the patch as fast as possible. It seems like this worm has to have a bit of time to initialize and begin start causing trouble.

And the point of making this thread?

I got a raise and promoted, for showing how useful I could be in emergencies like these.

What a good day :)

Couldn't you have just rebooted in safe mode and taken your time?

Nope, I'm the "fast-paced" type.

This reminds me of the old bull young bull joke.

Yeh, i got that bug too but it only took me a while to get rid of it

Pipson

Well, when it infected my system at home, I had none of the problems I had today at work. They should really start thinking about firewalls. Its amazing how many companies go without protection, and have SO much important/confedential information in their computers.

I have no problem with the worm as I keep updated, I just wish others would do the same, because it really isn't that hard :rolleyes:

Updates are there for a reason.

You have a nice sig and title there, N9ne ;)

I work for the STATE, and they don't even have firewalls running on their PCs, kind of scary.

Scary indeed.

An updated firewall, virus protection and windows auto-update goes so far towards preventing these kind of issues, and yet we still seem to see the 'worm of the month' appearing around the world like a scrubfire out of control, over and over again.

Hmm... I havent even seen this worm yet, nor any probes for it. But then again I have any unncessary process, program, etc not running and disabled. :)

Now if I can just elimate that pesky port 1025...

I`ve got a stupid question, i`m not very good with these technical things...

but my compiter gets extremely sluggish (only on certain sites). It`s very strange and it doesn`t seem to be anything wrong with my DSL connection. It just gets extremely slow every single time i come to WHT even as i`m typing this.... my PC is so slow that my my typing doesn`t even show up until several seconds after i type.

Could this be some kind of worm thing? How do i fix this crap, it`s been doing it for a week. It`s really annoying. If i end task and close this window and go to another site it`s perfectly fine.

:confused:

I was pretty lazy, I just paid best buy the $40 to get it removed.

Originally posted by illuzhen777
I was pretty lazy, I just paid best buy the $40 to get it removed.

rofl, i have nothing to say

Originally posted by illuzhen777
I was pretty lazy, I just paid best buy the $40 to get it removed.

I am pretty lazy, I still haven't patched my machine yet.

But I don't think the worm is going to get past my firewall. ;)

I gave up using windowsupdate months ago... My pc has about 180 critical updates to install. Its stuck behind a router with nothing forwarded to it so its alright...

I have a friend who said he got that on his computer also (running XP)

I dont understand,HOW DOES THAT WORM GET BY A ACTIVE VIRUS SCANNER???? It should detect and delete it be4 making it onto your machene!!!!

He said it appears to be gone,so mauybe his finally worked,but i dont get how this is happening...

The Dude :confused:

Guess it depends which virus scanner he has and when the last time he updated his virus database.

So given today is supposed to be the 'big day' for blaster to go attacking MS's website has anyone heard any news?

Given the slack-jawed yokel attitude of many people with personal computers in regard to keeping them updated I'd imagine Microsoft should be taking quite a beating.

*edit*
Answering my own question:
http://edition.cnn.com/2003/TECH/internet/08/16/microsoft.blaster.ap/index.html

SEATTLE, Washington (AP) -- The second wave of an Internet attack by the "blaster" worm barely caused a ripple Saturday.

... exploiters of the Microsoft flaw made a mistake themselves. The worm instructed computers to call up http://windowsupdate.com -- which is an incorrect address for reaching the actual Microsoft Web site that houses the software patch. Although Microsoft has long redirected those who visited that incorrect address to the real site -- http://windowsupdate.microsoft.com -- the company disabled the automatic redirection Thursday in preparation for the onslaught of infected computers.

Looks like that virus guy has to go back to the drawing board... :D

My question is if the computers keep shutting down every 60 seconds, how are they going to launch a sustained ddos attack on Microsoft?

I'm on Win2K
Here is what i did :
I reinstalled Win2k with Service Pack 4 . But it was still on my comp as the port 139 (or 135 whichever it's) was still on , on my computer.
Ummm what did i do ? ;)
Unplugged the Cable Modem cable , deleted the MSBLAST file from Registry and also the file. Got the cleaner from Symantec and checked my computer again . Okkk , everything seemed clean. But when i plugged it i saw something happening on my computer . I rebooted (with no internet connection) , installed BlackICE firewall , there were no files in my system (msblast) , i rebooted 'n everything is clear.

However i don't believe that service pack is useful . Just delete the msblast file from your computer , registry .
Install a firewall on your computer (without internet connection first)
Restart...
Everything must be clean...

As it worked on my computer ;)

You might want to lose BlackICE - most of the reviews I've seen consider it a bit of a dog.

http://smb.sygate.com/products/spf_standard.htm

SyGate have a very good free version here.

Yes i know but that was the only one i had at that moment ;)