PDA

View Full Version : Where can I find the fix for the new worm?



ambasluv
13-08-2003, 01:32 PM
Apparently there's a nice, shiny, new, unfriendly worm running around that affects machines running the newer NT-based operating systems, namely Win2000 and WinXP

Anyone heard about where you can find the fix for it? Tried out google, but I'm obviously not too good with my search terms.

I'm sure there are many people out there who would be wanting this one...

Ambasluv

CYaBro
13-08-2003, 01:36 PM
As seen in previous post:

Try here (http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp)

beama
13-08-2003, 02:08 PM
go here (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html) for removal tool then update your operating System

vk_dre
13-08-2003, 07:06 PM
U could try chilling_silently's website, cos he's uploaded on to it.

heni72847
13-08-2003, 07:47 PM
all these fixed are for english system
is there patches for other language?

Jim B
13-08-2003, 09:35 PM
go here (http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&displaylang=en) and select the language you want.

MS download site is very busy so if you don't get in first time just keep trying.

heni72847
13-08-2003, 10:58 PM
thanx...
but i forgot to mension that i need it for windows 2000...

..sorry.. wasted ur time...

veterannz
13-08-2003, 11:29 PM
press ctrl+shift+esc to open task manager
go to PROCESSES tab
find MBLAST.EXE
SELECT and end procesesses.

Start >run . type REGEDID
HKEY_LOCAL MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENT VERSION>RUN. in right panel delete MBLAST.EXE (if it's there) then close Registry Editor. If it's not there, you're not infected !!!!

veterannz
13-08-2003, 11:31 PM
I should have added DON"T use system restore 'til you are sure it's removed

beama
14-08-2003, 12:04 AM
correct, this will remove the problem but not the cause, NT kernal based systems still need to be patched (NT, win2000, XP etc)
also if you go to my ealier post it will take you to the symantec (norton) site where you find a cleaner and removal intructions. then once thats all done go to the site "CYaBro" posted that should cure the cause

good luck everyone

frossy111
14-08-2003, 02:10 AM
So if I press and look for MSBLAST and don't have then I don't have the worm is this 100%

Susan B
14-08-2003, 10:00 AM
> So if I press and look for MSBLAST and don't have then I don't have the worm is this 100%

I don't agree with that. A couple of people I have been trying to help get rid of this worm did not have the MBLAST.EXE in Task Manager nor did they find that key in their registry. The only thing that stopped the computer rebooting was the tool from Symantec but when they got online to try and download the patch they got hit with it again. A real vicious circle. :-(

Boy, have I had some fun trying to give a crash course (online) to non-computer literate people how to do all these things when they have never heard of Task Manager or the registry before.

Chilling_Silently
14-08-2003, 10:53 AM
> U could try chilling_silently's website, cos he's
> uploaded on to it.

:D

Im just making a HTML file this morning, and I think I'll throw some other Info on it up there, not to mention a virus removal tool

I know there's likely another hundred odd similar sites out there... With a similar purpose of assisting people in removing the worm, But why not add another local one ;-)

Scouse
14-08-2003, 11:29 AM
U could try chilling_silently's website

Showing my ignorance yet again - where????
Thanks

Jim B
14-08-2003, 11:32 AM
If you were doing all this online it is not surprising they were hit again.

You could email them the removal tool which is only small and they would only need to be online briefly to download their mail

After running the removal tool they should be able to download the patch, preferably from a local site they can get into quickly.
They would be very unlucky to be hit again in the time it takes to download the patch.

The other option is to go to a neighbour and download it to a floppy and there is no need to go online at all.

Chilling_Silently
14-08-2003, 02:46 PM
> U could try chilling_silently's website
>
> Showing my ignorance yet again - where????
> Thanks
>

Not a worries.. Its not like its sitting on the front page of the NewsPaper now is it ;-)

try:
http://www.rescueman.tk

See if that works :-)

Oh.. And spread the word ;-)

vk_dre
15-08-2003, 12:16 AM
Seems ur gettin a lot of publicity from this C_S, ur gonna be goinf places :D

KiwiTT
15-08-2003, 10:56 AM
Be aware that there are now more variants on the loose.

Instead of "msblast.exe", it could be "penis32.exe" or "teekids.exe"

see details here (http://vil.nai.com/vil/content/v_100547.htm)

KiwiTT
15-08-2003, 11:02 AM
In addition there is another worm/virus making use of the same exploit in Windows RPC. See here (http://vil.nai.com/vil/content/v_100549.htm)