I heard about a Microsoft Worm on NPR yesterday and I think I got it. Ninety seconds online then a system shutdown message with a sixty second timer.
This one is pretty bad. Win32 Blaster Worm.
If you get it you need to go here and apply the patch from Microsoft, and then go here where you can download a removal tool (it's a ways down on that page.)
Good luck.
I only get 90 seconds online before the crash so I don't think I can access those patches in that time. Jeff's brother Joe is computer adept and may be able to help me. I'll let you know how it comes out. Thirty seconds and counting....
Joes coming out from DC tonite, has patch on CD, says tons of his cliens have the worm. Has fixed them all.
how do you get it?
Apparently only windows 2000 and XP (and possibly NT) are vulnerable (so 95 and 98 are okay.) It's an RPC vulnerability which means it's not an email or web thing. You don't have to download or run anything. Your computer is listening on certain ports for Remote Procedure Calls (RPC calls) which allow your computer to execute code at the request of a remote client.
This can be powerful (when we notify weblogs.com about updates we send an RPC, for example) but there is a big bug in the microsoft implementation that allows remote clients to execute arbitrary code. Microsoft patched this months ago, but nobody ever applies the patches.
If you are running xp or 2000 you must download and install the patch I linked to above.
thanks. i hope that works. btw, those annoying pop ups i was getting in rhode island were due to the aol connection. when i called to cancel aol and told them how annoying the pop ups were, the woman says, oh, just type mspop in the keyword field. they might have mentioned that earlier.
If you don't want to wait for your friend you could try the following:
"To stop the worm from running use CTRL-ALT-DEL to bring up your task manager. Then click on the "processes" tab and look for a program called MSBlaster.exe. Click it and then click "end process." That will stop the worm from running. It's in the registry, however, so it will be restarted every time your system reboots."
That should give you enough time to download the patch and the removal tool.
Thanks for the advice, Jim. For some reason it turned out to be a little more complicated of a fix than that but all is well now, as far as I can tell. My Norton seems to have a blaster file in quarantine that it can't quite get rid of but no adverse effects from that yet.
Is anyone getting numerous emails (coming to my digitalmediatree and work email ) from "admin@digitalmediatree.com". The subject always says "your account auooiuar" , "your account rybwakai", "your account aamifpah" etc.
Then they all say:
"Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
---
Best regards, Administrator
avmakwnk
Yes, the attachment is a windows virus. Very common right now. You are safe.
|
- jimlouis 8-14-2003 4:14 am
This one is pretty bad. Win32 Blaster Worm.
If you get it you need to go here and apply the patch from Microsoft, and then go here where you can download a removal tool (it's a ways down on that page.)
Good luck.
- jim 8-14-2003 4:50 pm [add a comment]
I only get 90 seconds online before the crash so I don't think I can access those patches in that time. Jeff's brother Joe is computer adept and may be able to help me. I'll let you know how it comes out. Thirty seconds and counting....
- jimlouis 8-14-2003 6:03 pm [add a comment]
Joes coming out from DC tonite, has patch on CD, says tons of his cliens have the worm. Has fixed them all.
- jimlouis 8-14-2003 6:10 pm [add a comment]
how do you get it?
- linda 8-14-2003 7:41 pm [add a comment]
Apparently only windows 2000 and XP (and possibly NT) are vulnerable (so 95 and 98 are okay.) It's an RPC vulnerability which means it's not an email or web thing. You don't have to download or run anything. Your computer is listening on certain ports for Remote Procedure Calls (RPC calls) which allow your computer to execute code at the request of a remote client.
This can be powerful (when we notify weblogs.com about updates we send an RPC, for example) but there is a big bug in the microsoft implementation that allows remote clients to execute arbitrary code. Microsoft patched this months ago, but nobody ever applies the patches.
If you are running xp or 2000 you must download and install the patch I linked to above.
- jim 8-14-2003 7:51 pm [add a comment]
thanks. i hope that works. btw, those annoying pop ups i was getting in rhode island were due to the aol connection. when i called to cancel aol and told them how annoying the pop ups were, the woman says, oh, just type mspop in the keyword field. they might have mentioned that earlier.
- linda 8-14-2003 9:27 pm [add a comment]
If you don't want to wait for your friend you could try the following:
"To stop the worm from running use CTRL-ALT-DEL to bring up your task manager. Then click on the "processes" tab and look for a program called MSBlaster.exe. Click it and then click "end process." That will stop the worm from running. It's in the registry, however, so it will be restarted every time your system reboots."
That should give you enough time to download the patch and the removal tool.
- jim 8-14-2003 9:43 pm [add a comment]
Thanks for the advice, Jim. For some reason it turned out to be a little more complicated of a fix than that but all is well now, as far as I can tell. My Norton seems to have a blaster file in quarantine that it can't quite get rid of but no adverse effects from that yet.
- jimlouis 8-15-2003 5:32 pm [add a comment]
Is anyone getting numerous emails (coming to my digitalmediatree and work email ) from "admin@digitalmediatree.com". The subject always says "your account auooiuar" , "your account rybwakai", "your account aamifpah" etc.
Then they all say:
"Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
---
Best regards, Administrator
avmakwnk
- julie 8-18-2003 10:32 pm [add a comment]
Yes, the attachment is a windows virus. Very common right now. You are safe.
- jim 8-19-2003 12:11 am [add a comment]
gracias
- julie 8-21-2003 8:05 pm [add a comment]