a new nasty virus started today and you dont
even have to open an attachment to get it :(

open windows "task manager" and see if "msblast.exe" is there,
your infected if it is.

most virus scanners cant find it because its so new :(

also, if you know how to use regedit
kill these
HKLM/software/microsoft/windows/current ver/run
windowsupdate/msblast.exe
system32/msblast.exe

MS fix is here for Win2000
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en

info here
http://isc.sans.org/diary.html?date=2003-08-11
or
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A


--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

I've got it.
Can you tell me more specifics on how to get rid of it?
In laymans terms?
I'm going to follow your link & try to learn.

"KenCo" > wrote in message
...
>
>
>
> a new nasty virus started today and you dont
> even have to open an attachment to get it :(
>
> open windows "task manager" and see if "msblast.exe" is there,
> your infected if it is.
>
> most virus scanners cant find it because its so new :(
>
> also, if you know how to use regedit
> kill these
> HKLM/software/microsoft/windows/current ver/run
> windowsupdate/msblast.exe
> system32/msblast.exe
>
> MS fix is here for Win2000
>
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
>
> info here
> http://isc.sans.org/diary.html?date=2003-08-11
> or
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST
..A
>
>
> --
> http://www.kencofish.com Ken Arnold,
> 401-781-9642 cell 401-225-0556
> Importer/Exporter of Goldfish,Koi,rare Predators
> Shipping to legal states/countries only!
> Permalon liners, Oase & Supreme Pondmaster pumps
>
>
> Please Note: No trees or animals were harmed in the
> sending of this contaminant free message We do concede
> that a signicant number of electrons may have been
> inconvenienced ;)

This appears to be a variation on an old hoax. Ms Blast.exe appears to
be a legit file. This virus does not show up on Symantic's list.

There is an MSBlaster worm which willl exploit the existing and legit
Msblast.exe file.

I don't knwo what Msblast does, I would not remove it.

Symantec's response to the virus msblaster is here

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Symantec's response is here

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

"danrahan" > wrote in message
...
> This appears to be a variation on an old hoax. Ms Blast.exe appears to
> be a legit file. This virus does not show up on Symantic's list.

I just received a warning from my antivirus program (E-Trust) warning me of
the virus, along with a full report of how it works. NO HOAX. Update your
antivirus NOW. Here is a snippet of what E-Trust sent me this morning:
***********************************************
Win32.Poza is a worm using the exploit described in MS03-026 to gain access
to unpatched Windows installation. More information about the exploit can
be found in our Vulnerabilities Library or at the Microsoft site here:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Method of Installation

It creates a mutex "BILLY" to avoid running multiple instances of itself,
and creates a registry value to activate on Windows restart:

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wind ows auto update =
"msblast.exe"

The worm runs a FTP service listening on port 69 waiting for exploited
machine to connect.
Method of Distribution

It starts by scanning the entire subnet for open 135 ports, then moves on to
scan randomly selected class B subnets (255.255.0.0) to start scanning. If
an open 135 port is found, it uses the exploit mentioned above to gain entry
and create a remote shell on the exploited machine. It then assumes the
exploit succeeded and attempts to connect to port 4444 of the remote
machine. If successfully connected, it instructs the remote machine to
download MSBLAST.EXE (size: 6,176 bytes, UPX packed) from its FTP service
using TFTP.EXE. It then sends an instruction to start MSBLAST.EXE on the
remote machine.

Note: TFTP.EXE is an utility included by default in Windows installation of
Windows 2000 and later versions.

The worm is capable of keeping live connections to 20 exploited machines
simultaneously.

Payload

If the day of the month is 16 or later, or the month is between January and
August, the worm creates a working thread to send random data to
windowsupdate.com almost continuously. This effectively launches a
Distributed Denial of Service attack against windowsupdate.com.

Additional Information

The worm body contains these strings:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your
software!!

CA has also received reports from several sources that this worm may be
seen, associated with crashes of svchost.exe.

************************************************** **

>I've got it.
>Can you tell me more specifics on how to get rid of it?
>In laymans terms?
>I'm going to follow your link & try to learn.

W32.Blast is a worm.

Virus Information Center
Win32.Poza
Alias: DcomRPC.exploit,
W32.Blaster.Worm (Symantec) ,
W32/Lovsan.worm (McAfee),
W32/Msblast.A (F-Secure) ,
Win32/Poza.Worm ,
WORM_MSBLAST.A (Trend)
Category: Win32
Type: Worm
Published Date: 8/11/2003
Last Modified: 8/11/2003

Download ClnPoza.zip here:
http://www3.ca.com/virusinfo/virus.aspx?ID=36265

>There is an MSBlaster worm which willl exploit the existing and legit
>Msblast.exe file.

W32.Blast is a worm.

Virus Information Center
Win32.Poza
Alias: DcomRPC.exploit,
W32.Blaster.Worm (Symantec) ,
W32/Lovsan.worm (McAfee),
W32/Msblast.A (F-Secure) ,
Win32/Poza.Worm ,
WORM_MSBLAST.A (Trend)
Category: Win32
Type: Worm
Published Date: 8/11/2003
Last Modified: 8/11/2003

Download ClnPoza.zip here:
http://www3.ca.com/virusinfo/virus.aspx?ID=36265

>I don't knwo what Msblast does, I would not remove it.

It will keep throwing up error messages and reboots your computer,
monotonously(sp?) as long as your modem is running.

This program continually shuts your computer down when you are trying to get
the update patch....an easy way to get around this is to DL ZoneAlarm which
will allow you get get the files you need. ZoneAlarm detected and blocked
over 100 alerts in a 3 hour period this morning.....this is a nasty one.

KenCo > wrote in message
...
>
>
>
> a new nasty virus started today and you dont
> even have to open an attachment to get it :(
>
> open windows "task manager" and see if "msblast.exe" is there,
> your infected if it is.
>
> most virus scanners cant find it because its so new :(
>
> also, if you know how to use regedit
> kill these
> HKLM/software/microsoft/windows/current ver/run
> windowsupdate/msblast.exe
> system32/msblast.exe
>
> MS fix is here for Win2000
>
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
>
> info here
> http://isc.sans.org/diary.html?date=2003-08-11
> or
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST
..A
>
>
> --
> http://www.kencofish.com Ken Arnold,
> 401-781-9642 cell 401-225-0556
> Importer/Exporter of Goldfish,Koi,rare Predators
> Shipping to legal states/countries only!
> Permalon liners, Oase & Supreme Pondmaster pumps
>
>
> Please Note: No trees or animals were harmed in the
> sending of this contaminant free message We do concede
> that a signicant number of electrons may have been
> inconvenienced ;)

Wilson wrote:
>
> This program continually shuts your computer down when you are trying to get
> the update patch....an easy way to get around this is to DL ZoneAlarm which
> will allow you get get the files you need. ZoneAlarm detected and blocked
> over 100 alerts in a 3 hour period this morning.....this is a nasty one.
>


luckily its just annoying and not renaming files like
some of the other viruses.




--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

In article >,
Wilson > wrote:
>This program continually shuts your computer down when you are trying to get
>the update patch....an easy way to get around this is to DL ZoneAlarm which
>will allow you get get the files you need.

Unfortunately, one of the effects of this bug is that it can
crash/reboot your system before you're able to download ZA, or an
update to your virus cleaning software, etc. (This prevented me from
being able to fix my system last night.)

I found this standalone blaster remover from Symantec. It's small
enough I should be able to download it before my system reboots, so
hopefully this will work:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Kelly

> Unfortunately, one of the effects of this bug is that it can
> crash/reboot your system before you're able to download ZA, or an
> update to your virus cleaning software, etc. (This prevented me from
> being able to fix my system last night.)
>
> I found this standalone blaster remover from Symantec. It's small
> enough I should be able to download it before my system reboots, so
> hopefully this will work:
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.rem
oval.tool.html
>
> Kelly

One thing that you MUST have on your computer besides Zone Alarm is Download
Accelerator with resume supported(even just the freebie version) this
allowed me to download ZoneAlarm to my machine even though it took me 3
times to get the full download....once you have it installed you don't get
shutdown anymore. Both ZoneAlarm and Download Accelerator are free.

I also used the symantec program...worked like a charm and I started feeling
better as I watched it run. :)

I would suggest everyone look into how to get rid of this virus, people are
passing it back and forth...over 50+ people on my server had it and I would
expect the real number was much higher than that.

I have Windows 98. I understand that this virus infects only
Windows 2000 and XP versions. Is this true?

Nedra
http://www.geocities.com/Heartland/Pines/4836
http://community.webshots.com/user/nedra118
"KenCo" > wrote in message
...
> Wilson wrote:
> >
> > This program continually shuts your computer down when you are trying to
get
> > the update patch....an easy way to get around this is to DL ZoneAlarm
which
> > will allow you get get the files you need. ZoneAlarm detected and
blocked
> > over 100 alerts in a 3 hour period this morning.....this is a nasty one.
> >
>
>
> luckily its just annoying and not renaming files like
> some of the other viruses.
>
>
>
>
> --
> http://www.kencofish.com Ken Arnold,
> 401-781-9642 cell 401-225-0556
> Importer/Exporter of Goldfish,Koi,rare Predators
> Shipping to legal states/countries only!
> Permalon liners, Oase & Supreme Pondmaster pumps
>
>
> Please Note: No trees or animals were harmed in the
> sending of this contaminant free message We do concede
> that a signicant number of electrons may have been
> inconvenienced ;)
>

"FBCS" > wrote in message
...
> My DH has a computer repair business, his phones are ringing off the hook.
> It''s going around virus dectectors.


It's not going around Zone Alarm though...my work computer had it on and
blocked well over 200 port scans last night and today, it's a must have.

Nedra wrote:
>
> I have Windows 98. I understand that this virus infects only
> Windows 2000 and XP versions. Is this true?
>
> Nedra
> http://www.geocities.com/Heartland/Pines/4836
> http://community.webshots.com/user/nedra118
> "KenCo" > wrote in message
> ...


its not supposed to hit 98 BUT try to get the latest
service pack for 98 at microsoft.com

--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

"Kelly E Jones" > wrote in message
...
> In article >,
> Wilson > wrote:
> >
> >> Unfortunately, one of the effects of this bug is that it can
> >> crash/reboot your system before you're able to download ZA, or an
> >> update to your virus cleaning software, etc. (This prevented me from
> >> being able to fix my system last night.)
> >>
> >> I found this standalone blaster remover from Symantec. It's small
> >> enough I should be able to download it before my system reboots, so
> >> hopefully this will work:
> >>
> >>
>
>http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.re
m
> >oval.tool.html
> >>
> >> Kelly
> >
> >One thing that you MUST have on your computer besides Zone Alarm is
Download
> >Accelerator with resume supported
>
> Yes, I thought of this as well. Unfortunately, I didn't have it yet,
> and I couldn't download it because of the da*n worm! (My computer is
> relatively new, and I haven't had a chance yet to download ZA, or a
> download manager, or update my virus defs, etc. I'll be doing all
> that as soon as get the system cleaned up.)

FWIW, if one does the Ctrl/Alt/Delete thing to bring up the Windows Task
Manager, under the "Processes" tab, click the Image Name (gray box), scroll
down to msblast.exe, click to highlight it, then click the "end process"
box. Close that out and go into regedit, like you said earlier, and delete
the entry (using the path you stated)..........one can then get on the
internet without being booted by the worm (using a phone line modem). I
repaired my broadband connection _first_, though. Then downloaded the new
virus definitions and the repair tool from Symantec. Ran the repair tool
(supposed to run it twice), then downloaded the MS patch.

"volts500" > wrote in message
om...
>
> "Kelly E Jones" > wrote in message
> ...
> > In article >,
> > Wilson > wrote:
> > >
> > >> Unfortunately, one of the effects of this bug is that it can
> > >> crash/reboot your system before you're able to download ZA, or an
> > >> update to your virus cleaning software, etc. (This prevented me from
> > >> being able to fix my system last night.)
> > >>
> > >> I found this standalone blaster remover from Symantec. It's small
> > >> enough I should be able to download it before my system reboots, so
> > >> hopefully this will work:
> > >>
> > >>
> >
>
>http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.re
> m
> > >oval.tool.html
> > >>
> > >> Kelly
> > >
> > >One thing that you MUST have on your computer besides Zone Alarm is
> Download
> > >Accelerator with resume supported
> >
> > Yes, I thought of this as well. Unfortunately, I didn't have it yet,
> > and I couldn't download it because of the da*n worm! (My computer is
> > relatively new, and I haven't had a chance yet to download ZA, or a
> > download manager, or update my virus defs, etc. I'll be doing all
> > that as soon as get the system cleaned up.)
>
> FWIW, if one does the Ctrl/Alt/Delete thing to bring up the Windows Task
> Manager, under the "Processes" tab, click the Image Name (gray box),
scroll
> down to msblast.exe, click to highlight it, then click the "end process"
> box. Close that out and go into regedit, like you said earlier, and
delete
> the entry (using the path you stated)..........one can then get on the
> internet without being booted by the worm (using a phone line modem). I
> repaired my broadband connection _first_, though. Then downloaded the new
> virus definitions and the repair tool from Symantec. Ran the repair tool
> (supposed to run it twice), then downloaded the MS patch.

Sorry, like KenCo said, the regedit path is:

KenCo wrote:
"also, if you know how to use regedit
kill these
HKLM/software/microsoft/windows/current ver/run
windowsupdate/msblast.exe
system32/msblast.exe"

Thanks Ken and Volts! Ken I have downloaded all
98 service packs. Thanks.

Nedra

"volts500" > wrote in message
om...
>
> "Nedra" > wrote in message
> link.net...
> > I have Windows 98. I understand that this virus infects only
> > Windows 2000 and XP versions. Is this true?
>
>
> That is correct.
>
>
> > Nedra
> > http://www.geocities.com/Heartland/Pines/4836
> > http://community.webshots.com/user/nedra118
> > "KenCo" > wrote in message
> > ...
> > > Wilson wrote:
> > > >
> > > > This program continually shuts your computer down when you are
trying
> to
> > get
> > > > the update patch....an easy way to get around this is to DL
ZoneAlarm
> > which
> > > > will allow you get get the files you need. ZoneAlarm detected and
> > blocked
> > > > over 100 alerts in a 3 hour period this morning.....this is a nasty
> one.
> > > >
> > >
> > >
> > > luckily its just annoying and not renaming files like
> > > some of the other viruses.
> > >
> > >
> > >
> > >
> > > --
> > > http://www.kencofish.com Ken Arnold,
> > > 401-781-9642 cell 401-225-0556
> > > Importer/Exporter of Goldfish,Koi,rare Predators
> > > Shipping to legal states/countries only!
> > > Permalon liners, Oase & Supreme Pondmaster pumps
> > >
> > >
> > > Please Note: No trees or animals were harmed in the
> > > sending of this contaminant free message We do concede
> > > that a signicant number of electrons may have been
> > > inconvenienced ;)
> > >
> >
> >
> >
>
>
>

Kelly E Jones > wrote in message
...
> In article >,
> Wilson > wrote:
> >Let me know tomorrow if you are still having problems Kelly, I'll send
you
> >ZA and the worm cleanup program on disk or floppy if you need it. Just
> >answer me back in this same thread if you want them. Or anyone else for
> >that matter....I would be happy to help out.
>
> Thanks! I was able to stay up long enough to get the Symantec 'fixer'
> installed and run. But then I couldn't get anything else - the patch
> or ZA - installed because everytime I connected to the 'net, someone
> else zapped me with the bug before I could finsih the download. I was
> getting hit about once every minute or two! Finally I found an
> el-cheapo firewall that was only ~350K download. Was able to download
> this, which protected me long enough to DL the patch and ZA. Whew!
>
> Kelly

Glad it worked out, I won't be without ZA anymore(or Download
Accelerator)...it's a great program.

According to what I've read at Microsoft's website, no this virus does not
attack Windows 98.

Anne Lurie
Raleigh, NC

(sorry, I just did a multiple-snip on Nedra's post because of too much "he
said, she said")

Anne Lurie wrote:
>
> Kelly, this is GrannyEast talking (vs. Nedra, who definitely rules as
> GrannyWest): Girl, you said you hadn't updated virus defs, etc. because
> your computer is too new??? I may be "hopelessly in love" with Sy-man-tec,
> but I least I get reminders when I need to update my virus definitions!
>

FWIW
I updated the night before, but it was too early
for them to have a fix.



--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

Wilson wrote:
>
> Glad it worked out, I won't be without ZA anymore(or Download
> Accelerator)...it's a great program.


I had ZoneAlarm but installed "Outpost" (link was on MS blaster page)
http://www.agnitum.com/products/outpost/


its working great, 20 attacks stopped in the last hr. :)

Time/Date..................Attack type...........IP.............Scan
Port detail

8/13/2003 7:29:46 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:27:43 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:25:50 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:23:47 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:21:50 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:19:48 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:17:43 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:15:43 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:13:57 PM Connection request 206.24.190.146 TCP(1111)
8/13/2003 7:13:25 PM Connection request 130.18.87.193 TCP(135)
8/13/2003 7:12:50 PM Connection request 205.238.247.92 TCP(135)
8/13/2003 6:57:39 PM Connection request 216.19.216.86 TCP(135)
8/13/2003 6:52:24 PM Connection request 200.214.49.88 UDP(137)
8/13/2003 6:47:57 PM Connection request 200.67.23.131 UDP(137)
8/13/2003 6:46:32 PM Connection request 216.41.42.243 UDP(137)
8/13/2003 6:43:47 PM Connection request 217.44.255.243 TCP(135)
8/13/2003 6:34:39 PM Connection request 216.41.57.181 TCP(135)
8/13/2003 6:30:28 PM Connection request 216.26.187.186 TCP(135)
8/13/2003 6:28:58 PM Connection request 216.41.42.20 TCP(135)


--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

Hey GrannyEast ;)
You got it right on Norton! I keep the Anti-Virus Updated.
It's Automatically updated ... they let me know via a right hand corner
pop-up. This step is as crucial as scanning the system on a daily basis.
I have a 4 or 5 year old system. I keep it cleaned - often.

GrannyWest
http://community.webshots.com/user/nedra118

"Anne Lurie" > wrote in message
om...
> Kelly, this is GrannyEast talking (vs. Nedra, who definitely rules as
> GrannyWest): Girl, you said you hadn't updated virus defs, etc. because
> your computer is too new??? I may be "hopelessly in love" with
Sy-man-tec,
> but I least I get reminders when I need to update my virus definitions!
>
> Note: Seriously, a good anti-virus program is essential. Whichever one
you
> choose, check to see if it's working as you intended, though. For
example,
> I downloaded PopSubtract to get rid of those *really annoying pop
messages*
> but it apparently interferes with the daily scan that I set up through
> Symantec's Norton Antivirus -- and I hate to confess how long it took me
> to realize that supposedly-scheduled-scan was not occurring.
>
> Anne Lurie
> Raleigh, NC
>
> "Kelly E Jones" > wrote in message
> ...
>
>
>
> > Yes, I thought of this as well. Unfortunately, I didn't have it yet,
> > and I couldn't download it because of the da*n worm! (My computer is
> > relatively new, and I haven't had a chance yet to download ZA, or a
> > download manager, or update my virus defs, etc. I'll be doing all
> > that as soon as get the system cleaned up.)
> >
>
>
>

In article >,
john rutz > wrote:
>Nedra wrote:
>> Hey GrannyEast ;)
>> You got it right on Norton! I keep the Anti-Virus Updated.
>> It's Automatically updated ... they let me know via a right hand corner
>> pop-up. This step is as crucial as scanning the system on a daily basis.
>> I have a 4 or 5 year old system. I keep it cleaned - often.
>>
>> GrannyWest
>> http://community.webshots.com/user/nedra118
>>
>
>definitly need to run auto update if using windows, new
>viruses/trojans.etc apear daily its the only way to come near keeping up

If you mean Microsofts auto-update, I've found that the less I let
Microsoft fool with my computer, the better. I'll never use MS
auto-update.

As for auto-update of virus defs, that's probably not a bad idea.
HOwever, in this specific case, I think most of the scanners (I use
McCaffee) weren't updated until too late...

Kelly

Uhhh Kelly ... I didn't mention MS. I said Norton.
Big difference.

Nedra
http://www.geocities.com/Heartland/Pines/4836
http://community.webshots.com/user/nedra118

"Kelly E Jones" > wrote in message
...
> In article >,
> john rutz > wrote:
> >Nedra wrote:
> >> Hey GrannyEast ;)
> >> You got it right on Norton! I keep the Anti-Virus Updated.
> >> It's Automatically updated ... they let me know via a right hand corner
> >> pop-up. This step is as crucial as scanning the system on a daily
basis.
> >> I have a 4 or 5 year old system. I keep it cleaned - often.
> >>
> >> GrannyWest
> >> http://community.webshots.com/user/nedra118
> >>
> >
> >definitly need to run auto update if using windows, new
> >viruses/trojans.etc apear daily its the only way to come near keeping up
>
> If you mean Microsofts auto-update, I've found that the less I let
> Microsoft fool with my computer, the better. I'll never use MS
> auto-update.
>
> As for auto-update of virus defs, that's probably not a bad idea.
> HOwever, in this specific case, I think most of the scanners (I use
> McCaffee) weren't updated until too late...
>
> Kelly
>

KenCo wrote:

> a new nasty virus started today and you dont
> even have to open an attachment to get it :(
>
> open windows "task manager" and see if "msblast.exe" is there,
> your infected if it is.
>
> most virus scanners cant find it because its so new :(
>
> also, if you know how to use regedit
> kill these
> HKLM/software/microsoft/windows/current ver/run
> windowsupdate/msblast.exe
> system32/msblast.exe

Glad (again) that I use a Mac.

Joe



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----

Joe wrote >>Glad (again) that I use a Mac.<<

Amen to that ;-)

k30a and her mac

K30a wrote:
> Joe wrote >>Glad (again) that I use a Mac.<<
>
> Amen to that ;-)
>
> k30a and her mac

Me too. Never had a virus work. I've sometimes had reputed viruses,
always exe files that won't open here. I've usually forwarded them to
spam, one of those that thinks it's my life's ambition to have a bigger
and bigger..........

Ruth Kazez and her mac

"Nedra" > wrote in message
hlink.net...
> Hey GrannyEast ;)
> You got it right on Norton! I keep the Anti-Virus Updated.
> It's Automatically updated ... they let me know via a right hand corner
> pop-up. This step is as crucial as scanning the system on a daily basis.
> I have a 4 or 5 year old system. I keep it cleaned - often.
<snip>

OK, time to let my geekiness out here. My setup includes a 6-7 machines
networked together on a local subnet. They are all attached to the internet
via a firewall machine that runs a proxy application for outgoing sharing
and incoming virus protection, a firewall for incoming protection and an
anti-virus package. Each machine on the network is checked daily for
viruses, and the network is vigorously tested over each weekend. My firewall
does not even respond to a ping, if you are not an authorized IP. My proxy
scans all incoming/outgoing email for viruses, and quarantines any that are
suspect. The system is tuned to the point, where my firewall detected a
virus signature in an email, and blocked my access to our mail server which
is outside the firewall.

So far...so good.

BV.

"rtk" > wrote in message ...
>
>
> K30a wrote:
> > Joe wrote >>Glad (again) that I use a Mac.<<
> >
> > Amen to that ;-)
> >
> > k30a and her mac
>
> Me too. Never had a virus work. I've sometimes had reputed viruses,
> always exe files that won't open here. I've usually forwarded them to
> spam, one of those that thinks it's my life's ambition to have a bigger
> and bigger..........

That is a key fact that many refuse to listen to. If you don't know what the
attachment is that has been sent to you, do not open it. And for gods sake,
DO NOT EVER RUN ANY EXE SENT TO YOU BY ANYONE!!! EVER!!! I have branded this
on my wife's brain. If it's a JPG you can look at it. If it's anything else,
delete it. We have so far, to date, survived.

BV.

On Thu, 14 Aug 2003 10:23:35 -0400
"BenignVanilla" > wrote:

> IE, I probably still have
> some weakness with.
>
> BV.

If you have IE on your hard drive, yes, you do. Most remote exploits
start there.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

"Cybe R. Wizard" > wrote in message
news:20030814092835.60deac17.cyber_wizard@mindspri ng.com...
> On Thu, 14 Aug 2003 10:23:35 -0400
> "BenignVanilla" > wrote:
>
> > IE, I probably still have
> > some weakness with.
> >
> > BV.
>
> If you have IE on your hard drive, yes, you do. Most remote exploits
> start there.

True, but to date I have not seen any problems, and I have been an IE guy
since CSS came about. What version was that? 2? 3?

BV.

hear hear! it doesn't affect linux or unix, either. my isp has a unix server
and they run postini (virus and spam trap extraordinaire!). + i have norton
which i do liveupdate daily.
so far, so good...
mad


> From: joe >
> Organization: Newsfeeds.com http://www.newsfeeds.com 100,000+ UNCENSORED
> Newsgroups.
> Newsgroups: rec.ponds
> Date: Wed, 13 Aug 2003 18:47:12 -0700
> Subject: Re: OT virus

>
> Glad (again) that I use a Mac.
>
> Joe
--
Why didn't Noah swat those two mosquitoes?



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----

In >, on 08/14/03
at 04:11 AM, (K30a) said:

>Joe wrote >>Glad (again) that I use a Mac.<<

>Amen to that ;-)

>k30a and her mac

No Mac here - OS/2 and eComStation on a PC. No problem.


Alan

--

---------------------------------------------------------------------
**** Please use address alanh(at)min.net to reply via e-mail. ****

Posted using registered MR/2 ICE Newsreader #564

---------------------------------------------------------------------

wrote:

> No Mac here - OS/2 and eComStation on a PC. No problem.

Wow. Now that's retro! Too cool.

Joe



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

wrote:

>
> No Mac here - OS/2 and eComStation on a PC. No problem.
>
>
> Alan
>


--
Os/2 is still around?? I havent seen that it seems in years




John Rutz
Z5 New Mexico

Experience is something you don't get until just after you need it.

see my pond at:

http://www.fuerjefe.com

On Thu, 14 Aug 2003 14:08:32 -0600
john rutz > wrote:

> wrote:
>
> >
> > No Mac here - OS/2 and eComStation on a PC. No problem.
> >
> >
> > Alan
> >
>
>
> --
> Os/2 is still around?? I havent seen that it seems in years

> John Rutz

Not only is it still around, it's still available. I saw a link to a
site just the other day where it was available for free download.
Sorry, I don't recall what it was but I'm sure Google can find it. There
is also an emulator for Commodore's OS that runs inside Linux. I
wouldn't doubt that there's one for OS/2 also.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

i use os 9.6. works well.
mad
--
The word "bipartisan" usually means some larger-than-usual
deception is being carried out.
George Carlin

> From: john rutz >
> Organization: Newsfeeds.com http://www.newsfeeds.com 100,000+ UNCENSORED
> Newsgroups.
> Newsgroups: rec.ponds
> Date: Thu, 14 Aug 2003 14:08:32 -0600
> Subject: Re: OT virus
>
> wrote:
>
>>
>> No Mac here - OS/2 and eComStation on a PC. No problem.
>>
>>
>> Alan
>>
>
>
> --
> Os/2 is still around?? I havent seen that it seems in years
>
>
>
>
> John Rutz
> Z5 New Mexico
>
> Experience is something you don't get until just after you need it.
>
> see my pond at:
>
> http://www.fuerjefe.com
>



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

On Wed, 13 Aug 2003 23:47:47 GMT, in rec.ponds you wrote:

>Hey GrannyEast ;)
>You got it right on Norton! I keep the Anti-Virus Updated.
>It's Automatically updated ... they let me know via a right hand corner
>pop-up. This step is as crucial as scanning the system on a daily basis.
>I have a 4 or 5 year old system. I keep it cleaned - often.
>
>GrannyWest
>http://community.webshots.com/user/nedra118
>
>"SNIP FOR BREVITY

I am still running Win98 and it isn't affected by this worm. I have had good
luck with "EZ Antivirus" as a small footprint program from Computer Associates
International. It doesn't interfer with any other programs and runs in the
background. It updates in only about 2 minutes and I have never been infected.

I use "Tiny Personal Firewall" from Tiny Software. Again it has a small impact
and really does well blocking ports before any thing gets through. I used
ZoneAlarm and BlackIce in the past but this seems to work better. In fact I
installed it in Oct 2001 and it has never needed updating or given problems.

Another program I use is called "Finjan SurfinGuard" from http://www.finjan.com/
This program is an anti-virus but it detects when something trys to run or trys
to change a setting on the sly, then stops it and lets you know. If you get
the "worm" it would block it from being able to run on your system. I think it
said that it sort of boxes in whatever it is and watches it without letting it
get to your main system. I really like it.
And finally i use a neat utility called WinPatrol. I copied this from their
website
"
WinPatrol with Scotty the Windows Watch Dog will sniff out Worms, Adware,
Spyware, Cookies, Trojan horses and other malicious, nasty programs that may
attack your computer without a need for constant updates. One Aug 11th,
WinPatrol was detecting and removing the MS Blaster worm while other software
companies scrambled to create new definition files. "

Both Finjan, Tiny personal firewall and Winpatrol are freeware. The antivirus
was $19.95 with free updates. All four of these run in the System Tray and use
very, very little resources.
rhino



See my pond
www.htcomp.net/rhino_4_good/index.htm

"Without the second ammendment, the others are just suggestions."

On Wed, 13 Aug 2003 23:47:47 GMT, in rec.ponds you wrote:

>Hey GrannyEast ;)
>You got it right on Norton! I keep the Anti-Virus Updated.
>It's Automatically updated ... they let me know via a right hand corner
>pop-up. This step is as crucial as scanning the system on a daily basis.
>I have a 4 or 5 year old system. I keep it cleaned - often.
>
>GrannyWest
>http://community.webshots.com/user/nedra118
>
>"SNIP FOR BREVITY

I am still running Win98 and it isn't affected by this worm. I have had good
luck with "EZ Antivirus" as a small footprint program from Computer Associates
International. It doesn't interfer with any other programs and runs in the
background. It updates in only about 2 minutes and I have never been infected.

I use "Tiny Personal Firewall" from Tiny Software. Again it has a small impact
and really does well blocking ports before any thing gets through. I used
ZoneAlarm and BlackIce in the past but this seems to work better. In fact I
installed it in Oct 2001 and it has never needed updating or given problems.

Another program I use is called "Finjan SurfinGuard" from http://www.finjan.com/
This program is an anti-virus but it detects when something trys to run or trys
to change a setting on the sly, then stops it and lets you know. If you get
the "worm" it would block it from being able to run on your system. I think it
said that it sort of boxes in whatever it is and watches it without letting it
get to your main system. I really like it.
And finally i use a neat utility called WinPatrol. I copied this from their
website
"
WinPatrol with Scotty the Windows Watch Dog will sniff out Worms, Adware,
Spyware, Cookies, Trojan horses and other malicious, nasty programs that may
attack your computer without a need for constant updates. One Aug 11th,
WinPatrol was detecting and removing the MS Blaster worm while other software
companies scrambled to create new definition files. "

Both Finjan, Tiny personal firewall and Winpatrol are freeware. The antivirus
was $19.95 with free updates. All four of these run in the System Tray and use
very, very little resources.
rhino



See my pond
www.htcomp.net/rhino_4_good/index.htm

"Without the second ammendment, the others are just suggestions."

"Cybe R. Wizard" > wrote in message
news:20030815024434.113524bb.cyber_wizard@mindspri ng.com...
<snip>
> I tell ya, you've seen nothing until you've seen your regular Windows OS
> running in a window on a Linux machine. I was flabbergasted the first
> time I used VMWare. It saw my Windows drive and configuration was a
> breeze, told it how much memory to use and which peripherals, bang!
> Windows complete desktop, all settings correct in a sizable window on my
> Linux desktop. It goes through the boot process and everything, just
> like booting up a regular computer except that it's a virtual computer
> made of software.
> But I'm not here to proselytize, folks, back to ponding! Or virii, or
> whatever it is today. ;-]
<snip>

I won't engage the MS sucks, Linux is great topic, as I think they are both
great, and both have a place. I will say however, that if we put Linux on
90% of the desktops in the world, we'd be reading about the latest virus to
hit linux. Any system can be compromised. The statistics are just a bit
skewed because we have so many winders systems out there.

BV.

On Fri, 15 Aug 2003 10:30:45 -0400
"BenignVanilla" > wrote:
>
> I won't engage the MS sucks, Linux is great topic, as I think they are
> both great, and both have a place. I will say however, that if we put
> Linux on 90% of the desktops in the world, we'd be reading about the
> latest virus to hit linux. Any system can be compromised. The
> statistics are just a bit skewed because we have so many winders
> systems out there.
>
> BV.
>
Yes, there's a place for numerous OSs and they each have their strengths
and weaknesses. That said, there will never be as many exploits for
*nix (whatever type or version) just because it's so danged hard to
compromise the system. Unix (and therefore all Unix clones) was built
from the ground up to be a secure networking system, not a stand-alone
personal computing environment. Microsoft, OTOH, was designed to be a
stand-alone unit for personal use, not tied to other computers. The
internet came along as a surprise phenomenon and Windows has been trying
to adapt their technology to that ever since. They have come a long way
with Windows XP, I understand, toward stability and interoperability,
but still lag behind in security.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L