1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blaster virus symptoms ???

Discussion in 'Computer Security' started by Jakamoko, Aug 13, 2003.

  1. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Hi all.

    Anyone heard tell of any symptoms of this virus ?

    Just had a friend on the phone telling me of unusual behaviour (of her PC !!! :oops: ) Disconnecting from the net after a minute, consistently. That doesn't sound like an ISP prob, given the sudden emergence of Blaster

    Luckily, I brought down the patch last night, and have emailed it too her. Then, guess what - I remembered I'm on w2k, so that was the version I downloaded, but she'x XP - would that be an issue ?

    sorry for the garbled confusion, but I'm trying to act fast, here, as she needs back online soon as !


    Cheers again, all ! :eek:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  2. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Ok, just to keep you all posted - it is DEFF the Blaster virus, as prior to being disconnected, she receives an error along the lines of

    Remote Procedure Call experienced unexpected error, and will now terminate.

    Bingo, does just what it says on the tin then, eh ? :snipersm:

    OK, that Blaster's got my name on it now :twisted:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  3. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    More info - yup thats an issue ! Get the right patch for your OS, folks ... (to be continued)
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  4. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    Thought I'd say hi Jakamoko.I hope I'm not interrupting your discussion.

    Something you can help me with while I'm here.

    I'm on Win XP Pro.How do I find that hidden folder you told me about?

    I went to the system folder and double-clicked but nothing happens.

    I want to make sure I'm ok.I've had slight problems with browsing but that's probably just my S£$!T ISP.

    I also got an error message as I logged off me comp the other day but it don't happen no more.I've installed my new mouse recently so maybe it was that.

    It was a memory error.
     
  5. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Hi Flex, - up till now, it was only a discussion with myself, anyway :oops:

    If XP works the same as w2k, then from an Explorer window, click Tools, Folder Options, View, then click Show Hidden Files and Folders. Then, in your C:\, you should see the file
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  6. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    ...here's a pain in the *$$, tho' -

    Me pal has been hit, but is being disconnected after 1-2 min. The download on dial-up is 5ish min. Given that the whole world is now downloading this patch from M$ tonite, bandwidth is slashed, so is now taking 20-40 min !

    So what are you meant to do ??? Its a Blaster right enough :!:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  7. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    I wonder if I can be of any assistance?

    I have the XP patch here if you want it e-mailed drop me a PM now! I can also point you towards an anti-virus util that should kill the worm once we have blaster under control
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA
  8. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    I checked and there were loads of folders called NTUNINSTALL and when I went over them with the cursor it showed the Q(numbers) however on the 823980 one it didn't have Q before it, it had KB.

    Is that OK???
     
  9. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    Exactlt the same as mine Flex. The number in the folders gives you the Knowledge Base article that refers to the specific fix within that patch, just in case you ever get asked!!!
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA
  10. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Luton,

    Thanks for that - got the XP download finally - took 35-40 min for 1.2ish Mb ! Don't you hate when the entire rest of the world tries to do something at the same time !!!

    Will get back about the Blaster util - is it just the patch, or a clean-up tool ?
    Haven't heard from my friend if she's managed it yet, if not, I'd be grateful for a link ...

    Thanks again :P
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  11. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    It's a stand alone virus toold called Stinger from McAfee (Network Associates). I have not used for Blaster but have for something else, it searches for a specific small number of viri (is that a word?) including Blaster. It is about a 700Kb downlaod and can be run straight after downloading. Instructions and download link is http://vil.nai.com/vil/stinger/

    I Can mail this as well if you need it but only have it at work so it would have to wait 'til tomorrow.

    HTH
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA
  12. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    I got it running now, Luton. Will send it to me pal, and report back...

    Thanks again :)
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  13. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    What You Should Know About the Blaster Worm.

    For information on this wrom visit here
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  14. Angus

    Angus Nibble Poster

    91
    0
    16
    Certifications: A+ , MCP
  15. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Just to let you know I got an email from a happy friend late last night.

    Patch fixed it a treat, but I wouldn't like to think what the download times would be from M$ today - I've had three other folk describing the symptoms since this morning.

    Boy, it feels good when you got the fix, and the victims cant download it !!!

    £££££££ :tongue

    By the way, anyone know what it does with an always-on broadbean connection ?
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  16. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    Braodbean connection?

    Sorry Jak I have not come across that technology yet? Is it a stalk topology?
    :lol: :lol: :lol: :lol:


    I'll get me coat.......................
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA
  17. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    From what I gather nobody knows, I've read reports of bradband users having the virus problems and some that have not?? I guess more info will filter through soon.

     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  18. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    It's a beast right enough, then :evil: I am practically set up to make a fortune from this (even Missus J says I should ...), but would that be ethical ? :oops:

    I mean, the user, if hit, can't get the patch, cos they're booted off . So it's simply a service we provide, right :?: :angel

    Luton,
    Yeah, mate - didn't you know we grow our ow n computers here in Scotland ? And they run on the grain by-products from the whisky industry too, so everyone's happy :)
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  19. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    Jako

    If you or anyone else getts the shutdown message simply click START > RUN and the type Shutdown /a, This will abort the shutdown process

    By the way this only works in Win XP as far as i know
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  20. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    The other thing that prevents the shutdowns is to alter the recovery properties of the RPC service in Administrative tools > Services to something other that "restart the computer". This should work on either 2k or XP.

    I have provided patches, instructions and qnti-virus tools to 5 people at work. I also noticed that we at work have had a lot of activity from Monday night onwards that has been blocked by our firewall so we are safe so far.
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA

Share This Page

Loading...