|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
August 12th 03, 05:56 AM
|
|||
|
|||
OT virus
a new nasty virus started today and you dont even have to open an attachment to get it  open windows "task manager" and see if "msblast.exe" is there, your infected if it is. most virus scanners cant find it because its so new also, if you know how to use regedit kill these HKLM/software/microsoft/windows/current ver/run windowsupdate/msblast.exe system32/msblast.exe MS fix is here for Win2000 http://microsoft.com/downloads/detai...displaylang=en info here http://isc.sans.org/diary.html?date=2003-08-11 or http://www.trendmicro.com/vinfo/viru...WORM_MSBLAST.A -- http://www.kencofish.com Ken Arnold, 401-781-9642 cell 401-225-0556 Importer/Exporter of Goldfish,Koi,rare Predators Shipping to legal states/countries only! Permalon liners, Oase & Supreme Pondmaster pumps Please Note: No trees or animals were harmed in the sending of this contaminant free message We do concede that a signicant number of electrons may have been inconvenienced  
|
|
#2
August 12th 03, 10:55 AM
|
|||
|
|||
|
OT virus
I've got it.
Can you tell me more specifics on how to get rid of it? In laymans terms? I'm going to follow your link & try to learn. "KenCo" wrote in message ... a new nasty virus started today and you dont even have to open an attachment to get it open windows "task manager" and see if "msblast.exe" is there, your infected if it is. most virus scanners cant find it because its so new also, if you know how to use regedit kill these HKLM/software/microsoft/windows/current ver/run windowsupdate/msblast.exe system32/msblast.exe MS fix is here for Win2000 http://microsoft.com/downloads/detai...F541-4C15-8C9F -220354449117&displaylang=en info here http://isc.sans.org/diary.html?date=2003-08-11 or http://www.trendmicro.com/vinfo/viru...e=WORM_MSBLAST ..A -- http://www.kencofish.com Ken Arnold, 401-781-9642 cell 401-225-0556 Importer/Exporter of Goldfish,Koi,rare Predators Shipping to legal states/countries only! Permalon liners, Oase & Supreme Pondmaster pumps Please Note: No trees or animals were harmed in the sending of this contaminant free message We do concede that a signicant number of electrons may have been inconvenienced
|
|
#3
August 12th 03, 01:14 PM
|
|||
|
|||
|
OT virus
This appears to be a variation on an old hoax. Ms Blast.exe appears to
be a legit file. This virus does not show up on Symantic's list. There is an MSBlaster worm which willl exploit the existing and legit Msblast.exe file. I don't knwo what Msblast does, I would not remove it.
|
|
#4
August 12th 03, 01:25 PM
|
|||
|
|||
|
OT virus
Symantec's response to the virus msblaster is here
http://www.symantec.com/avcenter/ven...ster.worm.html
|
|
#5
August 12th 03, 01:29 PM
|
|||
|
|||
|
OT virus
|
|
#6
August 12th 03, 02:44 PM
|
|||
|
|||
|
OT virus/NOT A HOAX
"danrahan" wrote in message ... This appears to be a variation on an old hoax. Ms Blast.exe appears to be a legit file. This virus does not show up on Symantic's list. I just received a warning from my antivirus program (E-Trust) warning me of the virus, along with a full report of how it works. NO HOAX. Update your antivirus NOW. Here is a snippet of what E-Trust sent me this morning: *********************************************** Win32.Poza is a worm using the exploit described in MS03-026 to gain access to unpatched Windows installation. More information about the exploit can be found in our Vulnerabilities Library or at the Microsoft site he http://www.microsoft.com/technet/sec...n/MS03-026.asp Method of Installation It creates a mutex "BILLY" to avoid running multiple instances of itself, and creates a registry value to activate on Windows restart: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wind ows auto update = "msblast.exe" The worm runs a FTP service listening on port 69 waiting for exploited machine to connect. Method of Distribution It starts by scanning the entire subnet for open 135 ports, then moves on to scan randomly selected class B subnets (255.255.0.0) to start scanning. If an open 135 port is found, it uses the exploit mentioned above to gain entry and create a remote shell on the exploited machine. It then assumes the exploit succeeded and attempts to connect to port 4444 of the remote machine. If successfully connected, it instructs the remote machine to download MSBLAST.EXE (size: 6,176 bytes, UPX packed) from its FTP service using TFTP.EXE. It then sends an instruction to start MSBLAST.EXE on the remote machine. Note: TFTP.EXE is an utility included by default in Windows installation of Windows 2000 and later versions. The worm is capable of keeping live connections to 20 exploited machines simultaneously. Payload If the day of the month is 16 or later, or the month is between January and August, the worm creates a working thread to send random data to windowsupdate.com almost continuously. This effectively launches a Distributed Denial of Service attack against windowsupdate.com. Additional Information The worm body contains these strings: I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!! CA has also received reports from several sources that this worm may be seen, associated with crashes of svchost.exe. ************************************************** **
|
|
#7
August 12th 03, 02:47 PM
|
|||
|
|||
|
OT virus
I've got it. Can you tell me more specifics on how to get rid of it? In laymans terms? I'm going to follow your link & try to learn. W32.Blast is a worm. Virus Information Center Win32.Poza Alias: DcomRPC.exploit, W32.Blaster.Worm (Symantec) , W32/Lovsan.worm (McAfee), W32/Msblast.A (F-Secure) , Win32/Poza.Worm , WORM_MSBLAST.A (Trend) Category: Win32 Type: Worm Published Date: 8/11/2003 Last Modified: 8/11/2003 Download ClnPoza.zip he http://www3.ca.com/virusinfo/virus.aspx?ID=36265
|
|
#8
August 12th 03, 02:48 PM
|
|||
|
|||
|
OT virus
There is an MSBlaster worm which willl exploit the existing and legit Msblast.exe file. W32.Blast is a worm. Virus Information Center Win32.Poza Alias: DcomRPC.exploit, W32.Blaster.Worm (Symantec) , W32/Lovsan.worm (McAfee), W32/Msblast.A (F-Secure) , Win32/Poza.Worm , WORM_MSBLAST.A (Trend) Category: Win32 Type: Worm Published Date: 8/11/2003 Last Modified: 8/11/2003 Download ClnPoza.zip he http://www3.ca.com/virusinfo/virus.aspx?ID=36265 I don't knwo what Msblast does, I would not remove it. It will keep throwing up error messages and reboots your computer, monotonously(sp?) as long as your modem is running.
|
|
#9
August 12th 03, 06:13 PM
|
|||
|
|||
|
OT virus
This program continually shuts your computer down when you are trying to get
the update patch....an easy way to get around this is to DL ZoneAlarm which will allow you get get the files you need. ZoneAlarm detected and blocked over 100 alerts in a 3 hour period this morning.....this is a nasty one. KenCo wrote in message ... a new nasty virus started today and you dont even have to open an attachment to get it open windows "task manager" and see if "msblast.exe" is there, your infected if it is. most virus scanners cant find it because its so new also, if you know how to use regedit kill these HKLM/software/microsoft/windows/current ver/run windowsupdate/msblast.exe system32/msblast.exe MS fix is here for Win2000 http://microsoft.com/downloads/detai...F541-4C15-8C9F -220354449117&displaylang=en info here http://isc.sans.org/diary.html?date=2003-08-11 or http://www.trendmicro.com/vinfo/viru...e=WORM_MSBLAST ..A -- http://www.kencofish.com Ken Arnold, 401-781-9642 cell 401-225-0556 Importer/Exporter of Goldfish,Koi,rare Predators Shipping to legal states/countries only! Permalon liners, Oase & Supreme Pondmaster pumps Please Note: No trees or animals were harmed in the sending of this contaminant free message We do concede that a signicant number of electrons may have been inconvenienced
|
|
#10
August 12th 03, 08:00 PM
|
|||
|
|||
|
OT virus
Wilson wrote:
This program continually shuts your computer down when you are trying to get the update patch....an easy way to get around this is to DL ZoneAlarm which will allow you get get the files you need. ZoneAlarm detected and blocked over 100 alerts in a 3 hour period this morning.....this is a nasty one. luckily its just annoying and not renaming files like some of the other viruses. -- http://www.kencofish.com Ken Arnold, 401-781-9642 cell 401-225-0556 Importer/Exporter of Goldfish,Koi,rare Predators Shipping to legal states/countries only! Permalon liners, Oase & Supreme Pondmaster pumps Please Note: No trees or animals were harmed in the sending of this contaminant free message We do concede that a signicant number of electrons may have been inconvenienced
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Virus Warning | Gavin Colbourne 1&1 | General | 12 | November 9th 03 09:41 PM |
| Virus Warning | Gavin Colbourne 1&1 | Goldfish | 10 | November 9th 03 09:41 PM |
| WARNING: DO NOT OPEN THE ATTACHMENT, THIS IS A VIRUS! | Def Lizard | Reefs | 0 | September 21st 03 06:46 AM |
| virus spam | BErney1014 | Goldfish | 0 | September 20th 03 04:07 PM |
Linear Mode
