WORM INFECTION

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hey,

My pc got infected with one of the worms last night. Error message kept on
coming on and was switching my pc off after 60 seconds. Since then I have
tried connecting to the internet but no luck, now its says low or no
connectivity.

I have called my internet company who have confirmed that everything is ok
on there end. So I'm left with no access to the internet. The guy who I spoke
to thinks it may be a Winsocks error. I have never heard of this.

Can someone shed some light on this, and tell me ways i can get back on line.

Thanks
 
Jacob said:
Hey,

My pc got infected with one of the worms last night. Error message kept on
coming on and was switching my pc off after 60 seconds. Since then I have
tried connecting to the internet but no luck, now its says low or no
connectivity.

I have called my internet company who have confirmed that everything is ok
on there end. So I'm left with no access to the internet. The guy who I spoke
to thinks it may be a Winsocks error. I have never heard of this.

Can someone shed some light on this, and tell me ways i can get back on line.

Thanks
Click to expand...

Try doing it again, and when that messaghe pops up, type (no quotes) "shutdown -a" in start/run, and hit ok. Then go to Win Updates and get all the security updates you can, and install them. You may then want to get SP2 installed on your PC, but be sure you clean it up well beforehand.

Go here, and read the "important" links provided.
http://www.microsoft.com/athome/security/protect/windowsxp/choose.aspx

Get these (if you don't have one of a simlar of any of these items), and install, update and run them to clean up your PC.

Security software that is free and very good:

Adaware SE Personal: http://www.lavasoft.de/

AVG Anti-virus (free): http://free.grisoft.com/freeweb.php/doc/2/

Zone Alarm firewall (free): http://www.zonelabs.com

CWShredder Standalone (second line item): http://www.intermute.com/spysubtract/cwshredder_download.html
 
Tom said:
Try doing it again, and when that messaghe pops up, type (no quotes) "shutdown -a" in start/run, and hit ok. Then go to Win Updates and get all the security updates you can, and install them. You may then want to get SP2 installed on your PC, but be sure you clean it up well beforehand.

Go here, and read the "important" links provided.
http://www.microsoft.com/athome/security/protect/windowsxp/choose.aspx

Get these (if you don't have one of a simlar of any of these items), and install, update and run them to clean up your PC.

Security software that is free and very good:

Adaware SE Personal: http://www.lavasoft.de/

AVG Anti-virus (free): http://free.grisoft.com/freeweb.php/doc/2/

Zone Alarm firewall (free): http://www.zonelabs.com

CWShredder Standalone (second line item): http://www.intermute.com/spysubtract/cwshredder_download.html
Click to expand...

Hey Tom,

Thanks for replying. Thing is I have sp2 already installed and adware
aswell. I ran ad aware at the time and I think it got rid of it but now my pc
does not connect to my Motorolla modem. It just says low connectivity or no
connectivity. I have downloaded the patches using a friends computer but when
I run the patches on my pc it said that i did not need them as I already had
them on there.
 
In
Tom said:
Try doing it again, and when that messaghe pops up, type (no
quotes)
"shutdown -a" in start/run, and hit ok.
Click to expand...


That will stop it from shutting down, but it doesn't remove the
worm. If he has the worm, it will still be there every time he
boots. There are several ways to get rid of the worm, such as
running the program "Stinger" at http://vil.nai.com/vil/stinger/

Then go to Win Updates and
get all the security updates you can, and install them.
Click to expand...


Note that Windows security updates may prevent getting the worm,
but they don't remove it once its there.

Even he had removed the worm after issuing the shutdown command,
if he then connected to the internet long enough to get these
updates, he would very likely recontract the worm. It takes only
a very few minutes of connection without a firewall to get
infected. The critical step which you left out is immediately
enabling the Windows firewall.

But I mention these points only out of academic interest. His
situation is different. As he says "I'm left with no access to
the internet." It isn't clear what he's already done to get rid
of the worm or what his problem now is, but if he has no internet
connection, it's not as simple as just the worm being present.
 
Hey Ken,
Thanks for your comments. When the message box initially came up it shutdown
my computer. That happened a couple of times. So the 3rd time I ran AdAware
and it seemed to get rid of the error message but then i tried logging on the
net but it came up with the message saying i had low or No connectivity. I
have no access to the internet what so ever so i cant download anything. So
Im having to go to friends house to download from Microsoft, but all the
patches I have downlaoded so far are not any use as I already have them
 
Jacob said:
Hey Ken,
Thanks for your comments. When the message box initially came up it
shutdown
my computer. That happened a couple of times. So the 3rd time I ran
AdAware
and it seemed to get rid of the error message but then i tried logging on
the
net but it came up with the message saying i had low or No connectivity. I
have no access to the internet what so ever so i cant download anything.
So
Im having to go to friends house to download from Microsoft, but all the
patches I have downlaoded so far are not any use as I already have them
Click to expand...

jacob on friends computer go here http://www.cexx.org/lspfix.htm download
lspfix put on floppy or cd bring home and run on your putter is small
program that repairs winsock. should restore your connection. tcp/ip can be
damaged on windows XP by removal of malware and virus lspfix will repair
that damage
 
Yea Ken, well, if you also read the rest of my post, you'll see that I also stated to use an AV, Adaware, etc ot download, install. I only suggested the command to stop it during the interim.
 
If you get a chance, look and see in the Task Manager under the Processes tab, and check that maybe something is eating CPU %s. That may well be the culprit. Post back if you have the name of it, or run it through Google, and see what hits you get.
 
Jacob said:
Hey,

My pc got infected with one of the worms last night. Error message kept on
coming on and was switching my pc off after 60 seconds. Since then I have
tried connecting to the internet but no luck, now its says low or no
connectivity.

I have called my internet company who have confirmed that everything is ok
on there end. So I'm left with no access to the internet. The guy who I spoke
to thinks it may be a Winsocks error. I have never heard of this.

Can someone shed some light on this, and tell me ways i can get back on line.

Thanks
Click to expand...


As you haven't provided any specific details or error messages,
the following is the result of having to guess what your problem might
be. There are at least two possibilities:

1) If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


2) You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Back
Top