Page 1 of 1
Fucking MSBlast...
Posted: 2003-08-16 11:00pm
by DPDarkPrimus
Posted: 2003-08-16 11:20pm
by Pu-239
*Looks at linux desktop, then points and laughs
*
j/k
Have you tried system restore like phong said?
Do they still have the system file verifyer thing like in Win98?
Posted: 2003-08-17 12:05am
by Embracer Of Darkness
Firstly, get
this, and then go
here.
Should solve the problem, it did for me and three of my friends who use Windows XP. It also solved the problem of a whole company my friend works at which uses Windows 2000.
Posted: 2003-08-17 12:19am
by Lord_Xerxes
I ran into this problem the other day, and I followed the instructions on Symantec's page (Norton Antivirus) to fix it. It took me like 5-10 mins tops. Of course, I jumped on it hte very second the Norton warning window popped up to tell me of hte infestation. But this was after my computer spontaneously shut down 10 mins beforehand for no apparent reaon. in any case, the relative pages are here:
Symantec
The pertinent steps I followed, after reviewing the page:
2. Ending the Worm process
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for Msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.
3. Obtaining the latest virus definitions
4. Scanning for and deleting the infected files
5. Reversing the changes made to the registry
--------------------------------------------------------------------------------
CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
windows auto update
Exit the Registry Editor.
Posted: 2003-08-17 01:08am
by Lord_Xerxes
After looking through the other treads about Msblast, some of which weren't immediately identified, and realizign the amount of people here that were afflicted, and then the figures posted by people with IDS, I'm seriously beginning to believe this was some hackers idea of "Skynet".
Posted: 2003-08-17 01:18am
by DPDarkPrimus
If that's the case, then Skynet is a cokehead right now. The only thing it's done to my computer has disabled the copy and paste function.
Posted: 2003-08-17 01:25am
by Lord_Xerxes
Heh. I was more refering to the replication/infestation rate and the potential of what it could do to and undefended computer.
Posted: 2003-08-17 02:43am
by DPDarkPrimus
True dat.
But Skynet could get on Macs and Linux/UNIX boxes too.
Hell, I bet it even stored a miniscule part of itself on Strongbads 386.
Posted: 2003-08-17 02:51am
by Vertigo1
When you start your computer and get the RPC alert that your comp will shut down in 60 sec is launch the command prompt (click start, select run and type in "CMD" without the quotes and hit enter) and type in "shutdown -a" to abort the shutdown. Then kill the msblast.exe process and delete the msblast folder from your Windows/system32 directory. Then download and run the update(s) from microsoft! All of this takes *maybe* five minutes and would save you alot of grief.
On that note, I cannot stress the importance of keeping your operating system up-to-date! At the very least visit Windows Update every two weeks. The fix was released back on July 17th, so people had plenty of time to get patched before any of this started.
Posted: 2003-08-18 02:10am
by The Dark
The MSBlast virus hit at least one Lockheed Martin plant, disabling the computers for a day. The plant works on computerized optics and targeting systems, so the workers were rather unhappy with the fact that such a nasty flaw still existed in MS.
Posted: 2003-08-18 02:42am
by Darth Wong
Windows is reasonably secure as long as you patch it all the fucking time and reboot constantly in order to make those patches take effect. Mind you, people don't like rebooting servers, but I guess they're just SOL.
Posted: 2003-08-18 10:58am
by TrailerParkJawa
The Dark wrote:The MSBlast virus hit at least one Lockheed Martin plant, disabling the computers for a day. The plant works on computerized optics and targeting systems, so the workers were rather unhappy with the fact that such a nasty flaw still existed in MS.
They also took down ALL their Exchange servers as a precaution to make sure they were patched and up to date. Im not talking all for that paticular plant, but all for the company.
