Blaster virus symptoms ???

Discussion in 'Computer Security' started by Jakamoko, Aug 13, 2003.

  1. AndyL

    AndyL Nibble Poster

    92
    0
    21
    Anyone with a broadband connection and an ounce of sense will be tucked up nice and cosy behind their firewall, will be using Windows Update (The patch has been available since July, I believe) and wil have some anti-virus updating every day!

    Having said that, 20 of our branches have been affected and i've spent the last 4 days fixing them up. Half the staff have it on their home PCs and that's only becaue the other half have ME or 98.

    I only tell them all all the time to download sygate or zone alarm and use some anti-virus but oh no, do they listen, no they bl**dy well don't.

    Mesage to self: Take a deep breath and count to 10. Damn, damn, damn.
     
    Certifications: MCSE 2000,2K3,MCSA:M 2000, MCSA 2K3
    WIP: Painting the doorframes.
  2. brent

    brent Nibble Poster

    66
    0
    6
    I was lucky enough not to get this beast. Due to you guys here giving me a warning so, Thanks :hb
     
  3. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    I got a phone call from a relative last night with disconnection problems. I went over there, took a look at the computer. I got online and the connection was painfully slow, then all of a sudden it was bringing up cannot display pages. It kept doing this over and over. I ran the AV scanner and it stopped when it was almost finished. This was also painfully slow! Well, since they had the computer they NEVER updated anything! So I seen about 10 things in the systray that were starting up and some of them did not need to be starting up. I ran msconfig to uncheck some of these items and you never guess what was also in the startup? msblast.exe! I turned and looked at my relative and said "there's your problem"... Anyway, it was late and I was tired and I didn't feel like messing with it at that moment, so today I am going over there to download the patch for her and probably update her AV as well... Is there anything else I should do, as for the msblast problem? I unchecked it from the startup and it hasn't started up since then... Oh yeah, don't you just hate it when someone has a problem and they just cannot explain the problem correctly? :roll:

    Another funny thing happened while over at my relatives... she said the printer was displaying errors. She just installed new ink cartridges. Well, I took the ink cartridges out of the printer and the problem was that they left the tape on the cartridges! I looked at her and said "It would help if the tape was removed" :roll:
     
    Certifications: A+
    WIP: Network+
  4. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  5. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    SimonV... Quick response! Thank you so much! :clap

    I will do this when I go over there later.

    Thanks again :flower
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: A+
    WIP: Network+
  6. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    180
    287
    Thanks Si and Angus. Those are the two sites I used when fixing my own "blasted" problem. I'm going to do something I try to avoid...refer to another cert forum. In this case, there were some points brought out on my own problem that might be useful here. I could just copy and paste the text into this window but I should give credit where credit is due so I'll post the link instead:

    http://www.certtutor.net/forums/messageview.cfm?catid=11&threadid=40785

    Be sure to scroll all the way down the page to pick up some useful tips.
     
    Certifications: A+ and Network+
  7. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    Just to let you know what happened... I FINALLY was able to download the patch... I could not update the AV file definitions though, it wouldn't let me... I could not download the removal tool either! Well, that computer was more messed up than I thought. I think it is not only a little worm causing problems, but "little users" as well :evil:

    Anyway, I got the thing to at least stay online and load the pages faster, but I think if she calls me again I am going to tell her to call HP...

    Just how my day went... :cussing
     
    Certifications: A+
    WIP: Network+
  8. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Hey Monk, I had to download it on an uninfected PC and its small enough to fit on a floppy, once you've run it and removed blaster you the internet disconnection and shutdown will stop happening.

    HTH

    SimonV :D
     
    Last edited: Jan 2, 2015
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  9. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    Now I actually feel dumb :oops: No offense to anyone 8) but I could blame it on the blonde hair *LOL*

    I wasn't able to go to any of these sites to know if the file was small enough to fit onto a floppy... My hdd may be going in my computer, so I'll try my son's computer...

    Thank you very much SimonV :flower
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: A+
    WIP: Network+
  10. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Glad I could help. :D
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  11. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    There are so many pages out there on this topic, I could learn a lot, but I thought I would ask the professionals about this first... I wanted to know that seeing I already downloaded the patch would I have to download it again after I remove the worm?

    I never removed viruses or worms before, so I want to learn how to do it manually... so, the question is can the worm be removed manually?

    Thanks :?
     
    Certifications: A+
    WIP: Network+
  12. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    It sure can, details from Symantec Security Response

    I'd recommend you do a full windows update as over the past couple of weeks a number of other vulnerabilities have emerged.

    Link: http://windowsupdate.microsoft.com/
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  13. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    Thank you very much SimonV...

    I owe you one :cheers2
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: A+
    WIP: Network+
  14. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Glad I could help.

    :thumbleft
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  15. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    This turned out to be more work than I had intended. It wasn't just the worm that was causing problems... the whole system was completely messed up! I manually removed the worm... installed the patch, this still did not help the system very much... I would connect to the Internet and still I would get the "Cannot display page".... I did everything the way I was supposed to... I even scanned the system through cmd and found no errors... The worm was gone and the problems were still there, except the "shutting down system" pop-ups weren't happening... I noticed that the system was booting up very slowly, so I took everything out of the startup folder, except NAV and this only helped it to boot up faster... Anyway, to make a long story short, I was to the point where I wanted to throw the computer out the window, so I gave up and told her to call HP because it is still under warranty and this time whenever it gets fixed, to please update Windows and please update those AV file definitions! :evil:
     
    Certifications: A+
    WIP: Network+
  16. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    Now I get that feeling at least once a week :D

    It could be the PC has more than just the blaster worm, We had a couple of laptops at work that had been out in use for 6 months or more and When one user came to me and complained of sluggishness and strange goings on it turned out that there were four different virus infections on the on Laptop. Once they were zapped it ran so much better.
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  17. Computermonkey

    Computermonkey Bit Poster

    41
    0
    14
    SimonV wrote:
    And I thought I was the only one that felt this way at times *LOL*

    It turned out she took the computer back where she had bought it and they reformatted the HDD... Now that everything is up and running perfectly again, I told her to go get the patches and updates and to not take her time doing it... Here is what she said...

    HER: I don't know how
    ME: I showed you about 5 or 6 times... did you NOT follow along?
    HER: Well, I need you to come over and do it for me, but in the meantime I'm getting online...
    ME: Don't get online until I get the patches and updates for you...
    HER: I just need to look up something...
    ME *thinking this in my head*... Go ahead and get online, you fool, maybe you'll get another worm and then have the machine messed up again...

    In my opinion I am thinking her and her son are just too lazy to go get the updates! Sure why not let someone that knows what they are doing do it for you! Is it me or are a lot of people like this, wanting someone else to do things for them?
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: A+
    WIP: Network+
  18. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    6,651
    180
    258
    I dont think this just applies to IT, I used to work with somebody that did this all the time, I found it really hard going. But yeah, you'll find this a pattern when it comes to PC maintenance :(

    I get so many calls that I attend and I think to myself "if you'd have put a little thought into this you could have worked it out by yourself" but I guess it keeps me in a job. :D
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  19. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,897
    182
    221
    Quite right SimonV. Is it just me or are the majority of school teachers computer illiterate. I find amazing that the other day one of our IT teachers did not know how to map a network drive (OK not something you do everyday), but he din't know how to clear hie IE cache and delete the cookies.

    I rest my case.

    Andrew
     
    Last edited by a moderator: Jan 2, 2015
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.