msblaster.exe question?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

im helping someone with there laptop, winxp pro.
It was using 100% CPU so i stopped msblaster.exe, mslaugh.exe,sysbcp32.exe,
in Tsk mgr and with adware got out the trackers etc.
Using stinger and adware i cleaned them out, i also used spybot search and
destroy.

Then i deleted system backup, installed Browser Hijack Blaster tool rebooted
pc and ran all again to be sure!
Seemed fine left the pc on for 5 hrs rebooted it a few more time then done a
system scan and a defrag.
Sent the pc back and after they had it for 1 hr it started again? the only
thing they done was to check there email "webbased free" i asume the virus
is in the webbased inbox? or did i miss something out?

Thanks already for the advise as she is 70 years old.
BTW her virus program expired end of 2003 thats probably why she got it to
start with, ill make sure i get one installed asap.

Rgds
Stephen
 
from the wonderful said:
Hi

im helping someone with there laptop, winxp pro.
It was using 100% CPU so i stopped msblaster.exe, mslaugh.exe,sysbcp32.exe,
in Tsk mgr and with adware got out the trackers etc.
Using stinger and adware i cleaned them out, i also used spybot search and
destroy.

Then i deleted system backup, installed Browser Hijack Blaster tool rebooted
pc and ran all again to be sure!
Seemed fine left the pc on for 5 hrs rebooted it a few more time then done a
system scan and a defrag.
Sent the pc back and after they had it for 1 hr it started again? the only
thing they done was to check there email "webbased free" i asume the virus
is in the webbased inbox? or did i miss something out?

Thanks already for the advise as she is 70 years old.
BTW her virus program expired end of 2003 thats probably why she got it to
start with, ill make sure i get one installed asap.
Click to expand...

1) Did you install the appropriate MS patches and updates to close down
the RPC exploit?

2) Does she connect with a/the firewall turned on? As far as Blaster
(and the like) goes, that is more essential than a virus checker
(although running without the latter is pretty damn dumb too)
 
didnt install the patch but thats my next attempt after i clean it up again!
i tried though! my version(patch) was English but her laptop xp version is
Dutch so ill have to connect it to the net for updates.
also no firewall! I never used the windows xp firewall?

Stephen
 
from the wonderful said:
didnt install the patch but thats my next attempt after i clean it up again!
i tried though! my version(patch) was English but her laptop xp version is
Dutch so ill have to connect it to the net for updates.
also no firewall! I never used the windows xp firewall?
Click to expand...
<snip>

Well the XP firewall is not wonderful, but it's a lot better than
nothing. Turn it on! It needs less user intelligence to live with than
the (much better) Zone Alarm.

Once it's on, connect to the net and update her XP. If it doesn't have
the MSBlaster patch from about 8 or 9 months ago, there'll be a whole
bunch else it doesn't have either.
 
When you get the shutdown message...

Go to; Start --> Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/ or the Microsoft Lovsan/Blaster and Nachi/Welchia
Removal Tool
http://www.microsoft.com/downloads/...8B-FE98-493F-AD76-BF673A38B4CF&displaylang=en
and install the following patch for the RPC/RPCSS and DCOM Vulnerabilities that are
addressed by Microsoft Security Bulletin MS04-012 - KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741 and finally
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Please read: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.

I also suggest the installation of *ALL* MS Critical Updates ASAP.

Dave






| Hi
|
| im helping someone with there laptop, winxp pro.
| It was using 100% CPU so i stopped msblaster.exe, mslaugh.exe,sysbcp32.exe,
| in Tsk mgr and with adware got out the trackers etc.
| Using stinger and adware i cleaned them out, i also used spybot search and
| destroy.
|
| Then i deleted system backup, installed Browser Hijack Blaster tool rebooted
| pc and ran all again to be sure!
| Seemed fine left the pc on for 5 hrs rebooted it a few more time then done a
| system scan and a defrag.
| Sent the pc back and after they had it for 1 hr it started again? the only
| thing they done was to check there email "webbased free" i asume the virus
| is in the webbased inbox? or did i miss something out?
|
| Thanks already for the advise as she is 70 years old.
| BTW her virus program expired end of 2003 thats probably why she got it to
| start with, ill make sure i get one installed asap.
|
| Rgds
| Stephen
|
| ----------------------------------------------------------------------------
| ------------
|
|
 
If you have Broadband, you can use a Broadband Router such as the Linksys BEFSR41.
It has a simplistic FireWall and you can completely BLOCK TCP/UDP port 135.
You could also use a broadband router that has a full FireWall. In either case it will
significantly protect against Internet worms.

Dave




| didnt install the patch but thats my next attempt after i clean it up again!
| i tried though! my version(patch) was English but her laptop xp version is
| Dutch so ill have to connect it to the net for updates.
| also no firewall! I never used the windows xp firewall?
|
| Stephen
|
| | > Bitstring <[email protected]>, from the wonderful
| > person SpamDumP <[email protected]> said
| > >Hi
| > >
| > >im helping someone with there laptop, winxp pro.
| > >It was using 100% CPU so i stopped msblaster.exe,
| mslaugh.exe,sysbcp32.exe,
| > >in Tsk mgr and with adware got out the trackers etc.
| > >Using stinger and adware i cleaned them out, i also used spybot search
| and
| > >destroy.
| > >
| > >Then i deleted system backup, installed Browser Hijack Blaster tool
| rebooted
| > >pc and ran all again to be sure!
| > >Seemed fine left the pc on for 5 hrs rebooted it a few more time then
| done a
| > >system scan and a defrag.
| > >Sent the pc back and after they had it for 1 hr it started again? the
| only
| > >thing they done was to check there email "webbased free" i asume the
| virus
| > >is in the webbased inbox? or did i miss something out?
| > >
| > >Thanks already for the advise as she is 70 years old.
| > >BTW her virus program expired end of 2003 thats probably why she got it
| to
| > >start with, ill make sure i get one installed asap.
| >
| > 1) Did you install the appropriate MS patches and updates to close down
| > the RPC exploit?
| >
| > 2) Does she connect with a/the firewall turned on? As far as Blaster
| > (and the like) goes, that is more essential than a virus checker
| > (although running without the latter is pretty damn dumb too)
| >
| > --
| > GSV Three Minds in a Can
| > Outgoing Msgs are Turing Tested,and indistinguishable from human typing.
|
|
 
SpamDumP said:
Hi
Hi.

im helping [...] winxp [...] 100% CPU [...] msblaster.exe, mslaugh.exe
Click to expand...

Unfortunately, XP is one of those operating systems affected
by an exploit of the DCOM RPC. There are worms about
that attack those exposed vulnerabilities. Obtain the document
named "xpsurvivalguide.pdf" from a reputable source and use
it as a guide for getting XP more networthy.
 
Thanks David

Ill get the updates and patches for her as she only uses a modem! i have SP1
on cd too big to download via the modem.

Stephen

David H. Lipman said:
When you get the shutdown message...

Go to; Start --> Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/ or the Microsoft Lovsan/Blaster and Nachi/Welchia
Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyId=E70A0D8B-FE98-493F-
AD76-BF673A38B4CF&displaylang=en
and install the following patch for the RPC/RPCSS and DCOM Vulnerabilities that are
addressed by Microsoft Security Bulletin MS04-012 - KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741 and finally
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Please read: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.

I also suggest the installation of *ALL* MS Critical Updates ASAP.

Dave






| Hi
|
| im helping someone with there laptop, winxp pro.
| It was using 100% CPU so i stopped msblaster.exe, mslaugh.exe,sysbcp32.exe,
| in Tsk mgr and with adware got out the trackers etc.
| Using stinger and adware i cleaned them out, i also used spybot search and
| destroy.
|
| Then i deleted system backup, installed Browser Hijack Blaster tool rebooted
| pc and ran all again to be sure!
| Seemed fine left the pc on for 5 hrs rebooted it a few more time then done a
| system scan and a defrag.
| Sent the pc back and after they had it for 1 hr it started again? the only
| thing they done was to check there email "webbased free" i asume the virus
| is in the webbased inbox? or did i miss something out?
|
| Thanks already for the advise as she is 70 years old.
| BTW her virus program expired end of 2003 thats probably why she got it to
| start with, ill make sure i get one installed asap.
|
| Rgds
| Stephen
|
Click to expand...
| --------------------------------------------------------------------------
--
 
Thanks already for the advise as she is 70 years old.
BTW her virus program expired end of 2003 thats probably why she got
it to start with, ill make sure i get one installed asap.

Rgds
Stephen
Click to expand...

The Blaster Worm is a worm that scans the internet for certain IP address
and if the system is not protected (does not have the patch from Microsoft
and does not have an Antivirus program or a Firewall) it then sends the
virus info to that computer. Below are the nessesary tools for you to remove
this virus. Start with the MS security patch first.

--
Microsoft Security Patches (KB828741):

For Windows XP:
http://download.microsoft.com/downl...0-b75bcf7368cc/WindowsXP-KB828741-x86-ENU.EXE

For Windows 2000:
http://download.microsoft.com/downl...1b0335484386/Windows2000-KB828741-x86-ENU.EXE

Virus Removal Tools:

Blaster Worm: http://securityresponse.symantec.com/avcenter/FixBlast.exe

Welchia Worm: http://www.symantec.com/avcenter/FixWelch.exe
 
Back
Top