**** WARNING: Blaster worm ****
#1
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Birmingham
Posts: 9,196
Likes: 0
Received 0 Likes
on
0 Posts
![Exclamation](https://www.scoobynet.com/images/icons/icon4.gif)
Mods plz leave here for a bit!
Spreading like wildfire at the moment. Automatically installs itself on vulnerable machines, then sits scanning for more.
Will do an attack on windowsupdate.com after the 15th of Aug.
Please please please patch your machine's DCOM software.
See here for Windows XP and Windows 2000 here
Information on the virus is here.
Email me if you want some more comprehensive removal instructions, as i'm having to remove it from reps machines at the rate of 5 already today!!!
Andy
Spreading like wildfire at the moment. Automatically installs itself on vulnerable machines, then sits scanning for more.
Will do an attack on windowsupdate.com after the 15th of Aug.
Please please please patch your machine's DCOM software.
See here for Windows XP and Windows 2000 here
Information on the virus is here.
Email me if you want some more comprehensive removal instructions, as i'm having to remove it from reps machines at the rate of 5 already today!!!
Andy
#3
Scooby Regular
Join Date: Sep 2002
Location: Essexville
Posts: 4,391
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
all right boys,
i had 5 webservers go down last night with this ******!!!!
was in at 8am, and had them sorted by 9.28 (2 mins before opening time at the zoo)
i'm now back home supping beer!!!
basically i took the servers offline, checked the reg for HKLM/software/microsoft/windows/run for spurrious entries (and deleted them)
then i installed patch windows2000-KB823980-x86-ENU.exe
ontop of sp3
i have heard that sp4 can actually open up the vulnerability again, so do be careful.
good luck virus warriors
Dazza
i had 5 webservers go down last night with this ******!!!!
was in at 8am, and had them sorted by 9.28 (2 mins before opening time at the zoo)
i'm now back home supping beer!!!
basically i took the servers offline, checked the reg for HKLM/software/microsoft/windows/run for spurrious entries (and deleted them)
then i installed patch windows2000-KB823980-x86-ENU.exe
ontop of sp3
i have heard that sp4 can actually open up the vulnerability again, so do be careful.
good luck virus warriors
Dazza
#6
Scooby Regular
Join Date: Jul 2001
Location: Perthshire
Posts: 6,396
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
It doesnt sound good !
But I have a load of information stuck to the wall behind me where it flew right over my head![Confused](https://www.scoobynet.com/images/smilies/confused.gif)
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
I downloaded and ran the XP download thingy....is that job done ??
But I have a load of information stuck to the wall behind me where it flew right over my head
![Confused](https://www.scoobynet.com/images/smilies/confused.gif)
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
I downloaded and ran the XP download thingy....is that job done ??
Trending Topics
#8
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Birmingham
Posts: 9,196
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Everyone patch patch patch!!
For those of you that have already been hit and RPC is causing machine to reset 60secs after venturing into an internet program - here's a quick guide i knocked together for removing it.
Andy
For those of you that have already been hit and RPC is causing machine to reset 60secs after venturing into an internet program - here's a quick guide i knocked together for removing it.
Andy
#10
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Birmingham
Posts: 9,196
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Yes but it doesn't come in as a file on an email or website. Its due to a remote vulnerability. You should still remove the bug.
All the machines I've seen it on had AV software running, as soon as its on it prevents updates being done i think, or hinders the AV engine..
Andy
All the machines I've seen it on had AV software running, as soon as its on it prevents updates being done i think, or hinders the AV engine..
Andy
#13
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Installed the patch, rebooted and now it seems to have taken out my ProtectedStorage service (Win2k Server)...
"The IIS Admin Service service depends on the following nonexistent service: ProtectedStorage"
Coincidence?
"The IIS Admin Service service depends on the following nonexistent service: ProtectedStorage"
Coincidence?
#14
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.
Any ideas
Any ideas
#17
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.
Any ideas
Any ideas
#18
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: Birmingham
Posts: 9,196
Likes: 0
Received 0 Likes
on
0 Posts
#19
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
Ive just finished patching all my machines. However I have noticed something strange on a few machines. Namely that if you go to control panel, instead of getting what youd expect ie the icons in the right hand pane and the bumf on the left, the left contains all the icons. and the right is blank. This occured on 2 win2k systems. I ran the norton removal tools but they didnt find anything. Could this be the same problem ? Just seems strange getting it on two systems totally seperate and all, and both acting up. Also the user control panel icon was gone completely. Very suss.
Any ideas
Any ideas
#22
Scooby Regular
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
patch patch patch!!
done, done, done!!![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Seems to have rebooted with everything still working.
Cheers chaps.
BTW would Zone Alarm (free not Pro) be man enough to stop the virus?
UB
done, done, done!!
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Seems to have rebooted with everything still working.
Cheers chaps.
BTW would Zone Alarm (free not Pro) be man enough to stop the virus?
UB
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
#24
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
If you're having trouble staying on the net to get the patch and get it installed, disconnect from the net (even unplugging the cable), get up the properties of your net connection, be that dialup or network card and click the advanced tab, then tick the box "Protect my computer and network by limiting..." under "internet connection firewall" it's not good, but it's sufficient to stop this work exploiting your machine and crashing it while you install the patch and run the removal tool.
#28
Scooby Regular
Join Date: Jul 2001
Location: Perthshire
Posts: 6,396
Likes: 0
Received 0 Likes
on
0 Posts
![Post](https://www.scoobynet.com/images/icons/icon1.gif)
So I shouldnt have a prob with my Laptop running ME????.........well other than the fact it is running ME ![Wink](https://www.scoobynet.com/images/smilies/wink.gif)
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Will this cause an XP machine to tell you to save all your stuff 'cos it is about to close the connection ?
If so my mate has it
![Wink](https://www.scoobynet.com/images/smilies/wink.gif)
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Will this cause an XP machine to tell you to save all your stuff 'cos it is about to close the connection ?
If so my mate has it
![Frown](https://www.scoobynet.com/images/smilies/frown.gif)