Blaster Virus

[Matty]

Hi all

A friends recently upgraded his PC.. new mobo...new CPU...new HDD..new
graphics..new install of genuine WinXP Home SP1.

Now, trying to set up his internet connection, we added the connection
manually to both IE and OE. IE initially worked fine, so we went to OE, but
found we could not recieve email. We could send fine.

So we went to the Tiscali web site (his ISP) to check for the correct
settings, but we have them correct.

Almost immediately we got an error message ... NT Authority\System...RPC
shutdown..system will shut down. We rebooted, went back online and it did
the same thing.

Now this is indicative of the blaster worm virus yes? Could we seriously
have been that unlucky to get it from the Tiscali site? That is the only one
we have been to.

The system has all new genuine software. (Win xp/Works 2004/Nero 6).

What else could it be?? Is it definately virus? I have the tools but I
thought SP1 would have stopped it?

Any thoughts???

TIA

Matt

 

[Doug Kanter]

I don't recall how one gets infected with Blaster, but the Symantec web site
indicates that the best method of prevention is closing certain ports at the
firewall. You didn't mention whether your friend has firewall software, but
if not, he really ought to grab something like ZoneAlarm (www.zonelabs.com).
The free version is good enough for most people.

You might also check the history for his browser and see where else he's
been, unless you're sure he's really conscientious. And, you DO have
antivirus software installed, right? With fully updated virus data files?
Probably not.....

 

[Bill Barto]

Before attempting to get anything else working you should download/install
all critical updates. Especially the one for the blaster virus.

 

[Tweek]

He got the blaster virus because he didn't have the security patch
installed. You don't get the blaster from going to a particular website, you
get it from just connecting to the internet. It is just out there in
cyberspace looking for vulnerable computers to infect. On another machine,
go to microsoft.com. Click downloads on the left hand side and then click
Windows (security and updates) on the left hand side. Download the blaster
worm removal tool (KB833330) and the Update Rollup 1 (KB826939). Disconnect
the infected computer from the internet and run the removal tool on it, then
install the Update Rollup. The only patch you really need to block blaster
is 823980, but 826939 includes 823980 and about 20 other security fixes.
Once that is done, go to windows update and get any other critical updates
available.

 

[Matty]

Many thanks

Matty

He got the blaster virus because he didn't have the security patch
installed. You don't get the blaster from going to a particular website, you
get it from just connecting to the internet. It is just out there in
cyberspace looking for vulnerable computers to infect. On another machine,
go to microsoft.com. Click downloads on the left hand side and then click
Windows (security and updates) on the left hand side. Download the blaster
worm removal tool (KB833330) and the Update Rollup 1 (KB826939). Disconnect
the infected computer from the internet and run the removal tool on it, then
install the Update Rollup. The only patch you really need to block blaster
is 823980, but 826939 includes 823980 and about 20 other security fixes.
Once that is done, go to windows update and get any other critical updates
available.

 

[Jupiter Jones [MVP]]

Matty;
Follow this link to get rid of Blaster:
http://www3.telus.net/dandemar/blaster.htm

 

[Stacey]

He got the blaster virus because he didn't have the security patch
installed. You don't get the blaster from going to a particular website,
you get it from just connecting to the internet. It is just out there in
cyberspace looking for vulnerable computers to infect.

So they are selling an OS that gets infected faster than you can download a
patch? LOL!!!!

On another machine,
go to microsoft.com.

Like a Linux machine?

 

[Jack]

well...are you using an Anti-Virus software.....

 

[Stacey]

well...are you using an Anti-Virus software.....

And how could he dowload the latest definitions without getting this virus
first? Looks like a catch 22 to sell an OS that contracts viruses faster
than you can patch it by doing nothing other than conecting it to the
internet.

 

[Jupiter Jones [MVP]]

Not at all.
You should have a firewall before connecting the network cable.
If you have a properly configured firewall you can not get Blaster.

 

[Stacey]

Not at all.
You should have a firewall before connecting the network cable.

Wow, show me on MS's site that they explain this to consumers. Is this
explained in the box with the OS?

Yes I agree, with an insecure buggy OS you have to have a separate firewall
system (a linux box?) in place to keep it from being revenged. I'll bet 95%
of XP/2000 users have no idea what a firewall is nor do they have one in
place. Nor should they -have- to have one if MS had their act together.

 

[Jupiter Jones [MVP]]

Stacey;
The necessity of a firewall as well as maintaining Windows with
Windows Updates and antivirus is all over the internet including
countless prominent locations on Microsoft's website, here is one (on
the home page no less)
http://www.microsoft.com/
Take a look in the top right corner and then click.
Similar links to this are all over Microsoft.
Since you are not aware of this, it is reasonable to assume you never
go to Microsoft.com and thus never see what has been there for a long
time.

You say "Nor should they -have- to have one if MS had their act
together"
FALSE
ANY operating system including Linux will have a firewall if the
owner/user has any cares for his computer or data.

Some updates do protect weaknesses in the operating system but many
protect against technological advancements in the years since Windows
XP was released.
A firewall, anti virus and updates are not about the weakness of
Windows they are about basic necessary protection for all computers
with any operating system.

 

[Stacey]

Stacey;
it is reasonable to assume you never
go to Microsoft.com

You're right, I have no reason to... Are these instructions in the box with
the OS installation? Do they explain the steps to deal with the Blaster
Worm in the box? I have no idea, never installed or used XP and don't plan
to.

You say "Nor should they -have- to have one if MS had their act
together"
FALSE
ANY operating system including Linux will have a firewall if the
owner/user has any cares for his computer or data.

They shouldn't need a firewall -between- the system and the internet to be
secure. Even win98 didn't have this major problem.


And BTW don't see much need for AV software with linux, before you say "It
has no installed base" consider all the servers conected to very high speed
conections and there have been no self installing/spawning viruses to date.
Given 'nix has been around much longer than windows, seems odd none are out
there.

MS has had zillions and still is dumb enough to leave ports open by default
knowing what this is going to cause. And years after the release is still
boxing OS's for sale with this known problem unpatched as sold. Pathetic
and seems like at some point people would get a class action law suit
together?

 

[Jupiter Jones [MVP]]

Go ahead Stacey, start a class action suit.
But wait, you will fail because it is nearly baseless.
You speak mostly from ignorance.
By your own statement "I have no reason to... ", effectively stating
you never use Microsoft products.
Therefore we now know many things about you, a few are:
You never visit Microsoft's website.
You do not use Microsoft products because if you did, you would want
to find out from the source proper protection of your products.
Or do you use them ignoring all basic rules of protecting any computer
and then blame Microsoft because you could not be bothered protecting
your own property?

In the box of Windows XP you ask?
Blaster did not exist when Windows XP was developed over two years
ago.
Again do a little research and see what technology has done, or do you
think little has changed technologically in the last 2.5 years?

Do a little research to learn some facts for a change.
If you are going to knock at Microsoft or anyone else for that matter,
it would be wise to at least know that what you say about them has at
least a little bit of truth and not just the false stories you get
from other Microsoft bashers.
At least many of them do their homework.

Windows 98 may not have had that problem, but even Windows 98 now
needs a firewall as well as updates and antivirus.
Linux does also, I suggest you research, Google will show you lots of
vulnerabilities of Linux.

Just because you don't see a need does not mean the need is not there.
Remember, a blind man does not see the hole in front of him.

I just hope the friend whose computer you are using does not listen to
you because his computer would be in big trouble sooner or later.
One last thing, I hope that is not the true Email address you used for
these posts, because by now the spam bots are getting it from all the
groups you have crossposted.
Good bye Stacey, I know your kind and there is no reason for you to
respond unless you want to see your own writing.

 

[Dashi]

Go ahead Stacey, start a class action suit.
But wait, you will fail because it is nearly baseless.
You speak mostly from ignorance.
By your own statement "I have no reason to... ", effectively stating
you never use Microsoft products.
Therefore we now know many things about you, a few are:
You never visit Microsoft's website.
You do not use Microsoft products because if you did, you would want
to find out from the source proper protection of your products.
Or do you use them ignoring all basic rules of protecting any computer
and then blame Microsoft because you could not be bothered protecting
your own property?

In the box of Windows XP you ask?
Blaster did not exist when Windows XP was developed over two years
ago.
Again do a little research and see what technology has done, or do you
think little has changed technologically in the last 2.5 years?

Do a little research to learn some facts for a change.
If you are going to knock at Microsoft or anyone else for that matter,
it would be wise to at least know that what you say about them has at
least a little bit of truth and not just the false stories you get
from other Microsoft bashers.
At least many of them do their homework.

Windows 98 may not have had that problem, but even Windows 98 now
needs a firewall as well as updates and antivirus.
Linux does also, I suggest you research, Google will show you lots of
vulnerabilities of Linux.

Just because you don't see a need does not mean the need is not there.
Remember, a blind man does not see the hole in front of him.

I just hope the friend whose computer you are using does not listen to
you because his computer would be in big trouble sooner or later.
One last thing, I hope that is not the true Email address you used for
these posts, because by now the spam bots are getting it from all the
groups you have crossposted.
Good bye Stacey, I know your kind and there is no reason for you to
respond unless you want to see your own writing.

That's a good essay but fanatics never listen to reason, they have their own
agenda for hating whomever or whatever it is they obsess about!

Fact is Linux is fun to play around with but you really can't use it for
anything productive.

Dashi

 

[Stacey]

Jupiter Jones [MVP] wrote:

In the box of Windows XP you ask?
Blaster did not exist when Windows XP was developed over two years
ago.

Neither did SP1 but it's included. Seems like they could update their
product more than once a year given the numbers they sell.

Do a little research to learn some facts for a change.

The -facts- are a nasty worm that exploits a STUPID choice on their part is
still being sold as is (and I bet they boxed up an unpatched copy for sale
today). At what point are they responcible for security?

Google will show you lots of
vulnerabilities of Linux.

And every one is in relation to a server of some sort, with default closed
ports opened by the user WITH server software installed by the user
running. Most are buffer overrun type things which is the application, not
the OS. None freely spawn/spread amoung machines, they are a one machine at
a time hacker problem for a server.

I just hope the friend whose computer you are using does not listen to
you because his computer would be in big trouble sooner or later.
??

One last thing, I hope that is not the true Email address you used for
these posts, because by now the spam bots are getting it from all the
groups you have crossposted.

Yep, it's a throw away account which gets filled with 'MS updates' from
another MS worm in about 5 minutes, not spam.

Good bye Stacey, I know your kind and there is no reason for you to
respond unless you want to see your own writing.

LOL, scream and put your fingers in your ears. BTW --YOU-- are the one who
keeps adding all the crossposts back, I'm setting the reply to one group.

 

[Stacey]

Fact is Linux is fun to play around with but you really can't use it for
anything productive.

Tell amazon.com that.. Want a list of other who are -now- making a profit
instead of handing over their profits to MS?

 

[Stephen Austin]

Fact is Linux is fun to play around with but you really can't use it for
anything productive.

Dashi

Have you EVER tried to use it? I mean really try? Many many many highly
successful servers use linux exclusively. I always use linux at university
to do normal, PRODUCTIVE things like surf the web, program, print things,
write reports, graphic design. The list goes on.
Before you come on and make a stupid troll-like comment such as that
again, go and do some research. When was the last time you tried to use
linux? When Torvalds released the first beta kernel? Dosy twit.

Steve

 

[cquirke (MVP Win9x)]

well...are you using an Anti-Virus software.....

Antivirus software is 100% irrelevant to the DDoS effect of attempted
intrusion by RPC attackers running from *other* computers.

What would protect you here are:
- fixing the defectice RPC code
- use of a firewall

--------------- ----- ---- --- -- - - -

Dreams are stack dumps of the soul

 

[cquirke (MVP Win9x)]

On Fri, 30 Jan 2004 00:27:29 -0700, "Jupiter Jones [MVP]"

Go ahead Stacey, start a class action suit.
But wait, you will fail because it is nearly baseless.

I'll debate that later, if it looks more interesting

You speak mostly from ignorance.

Probably speaks from standard consumer assumptions.

By your own statement "I have no reason to... ", effectively stating
you never use Microsoft products.

No, that's not the implication at all.

I use a Volkswagen car, a Qualcom email program, a media player from
Winamp, a guitar from Morris, a processor from Intel, a hard drive
from Hitachi, etc. Does that mean I go to their websites on a regular
basis? No way; I assume these things work and don't require
additional effort from me to prop them up.

As a consumer, I expect that if some safety issue arose with these
products, a product recall would follow. The vendor would contact me,
and would undertake to replace the defective product at their expense.

That is the assumption base most consumers come from. When you sell
to consumers, that is the framework you tacily agree to operate within

So no, I can quite see why the poster won't visit MS's web site on a
regular basis, eben though MS products are used. When you accuse this
poster of "ignorance", what you are effectively saying is: "Everyone
knows the software industry is so flaky, you have to keep calling in
to see if some defect or other is in need of urgent repair".

Therefore we now know many things about you, a few are:
You never visit Microsoft's website.
You do not use Microsoft products because if you did, you would want
to find out from the source proper protection of your products.
Or do you use them ignoring all basic rules of protecting any computer
and then blame Microsoft because you could not be bothered protecting
your own property?

See above.

In the box of Windows XP you ask?
Blaster did not exist when Windows XP was developed over two years
ago.

No, but the defect Lovesan exploits had been present in NT for many
years, and through several major OS re-writes. For all we know, this
defect may have been routinely exploited for all of those years, in
ways that didn't reveal the presence of the exploiters.

Windows 98 may not have had that problem, but even Windows 98 now
needs a firewall as well as updates and antivirus.
Linux does also, I suggest you research, Google will show you lots of
vulnerabilities of Linux.

This is true: no Win9x has yet been directly exploited as "more
secure" NT has done, or various server platforms before that (thinking
SQL Server and yes, UNIX too).

Linux *has* been attacked, in some cases via exactly the same sort of
code defects that Lovesan/Blaster uses (unchecked buffers, etc.). The
case I refer to is a defect within a widely-used MP3 player that lets
a malformed "safe" MP3 file run code on a Linux box... that has all
the hallmarks of a "stupid MS" scenario; access to the system way
beyond the apparent risk of the attacking content. This time, Linux.

Jupiter; you need to lighten up <g> The software industry in general,
and MS in particular, is on really shaky ground when it starts
lecturing *users* on safety responsabilities.

--------------- ----- ---- --- -- - - -

Dreams are stack dumps of the soul