A worm exploiting the Windows vulnerability mentioned a few lines down in this forum is spreading rapidly. It tried to nail me tonight and I had to run a quick path on my XP system (though I stopped it before it used my system to spread.)

Here are the details: http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

Worth a look.

c

A few more links:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

http://www.lurhq.com/webdav.html

http://isc.sans.org/diary.html?date=2003-08-11

Thx to IXL, i have immediately updated my NAV defns.

On a lighter note,quoting from the link provided,

"The worm contains the following text, which is never displayed:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!"

http://www.net-integration.net/zeroscripts/msblasta.html :x

Welcome Z.....

As my wife says...."Why do you go to so many different boards? It's all the same people!"

I have thrown together a page to summarize the info....

Mblast (http://www.meer.net/cashman/Website/mblast.htm)

LOL mjc!

Welcome Z! :D

MJC
I wish I could "Just Throw" a web page up like that!:rolleyes:

Thanks for all the links.

One thing I will say after my experience with it today (Not my computer) When I tried to download/get update or do on-line scan from AV site (Norton/Trend) the compute rfroze out. Manual instructions DID NOT get rid of it. Now have his comp here to do thourough clean.

Once again on behalf of the rest of us thanks for your tremendous input.

Hmm while we are on that topic...can I ask something? I know that this worm mostly only effect NT base windozes but can winME and 98 get it too? I'm asking since some of my friends still have ME...:rolleyes: And someone already IM saying that his PC running ME is having that problem too. So can someone confirm or deny this rumor?
THANX:p

Symantic's site says only windows 2000 and XP. Its a doozy though. Gonna be fixing some machines with it tommorow morning it looks like. It hit a bank in my area today and crashed their puters.
V

It will NOT effect ME or 98!

I finally gor Gordon's computer clean and running (Hold on whilst I say another prayer).

Managed this by doing a manual uninstall of virus. On a few of the instructions I looked at (and followed without success) they did not mention to check for it in windows/system32 as well (winXP Home 32 bit) found that info somewhere though.

Then ran the Symantic file that I had download on my own computer.

Connected to net and stayed live (On dial up for this test) and went to norton AutoUpdate and finally managed to get thier update. Did fullscan and come up clean.

I finally gor Gordon's computer clean and running (Hold on whilst I say another prayer).

Managed this by doing a manual uninstall of virus. On a few of the instructions I looked at (and followed without success) they did not mention to check for it in windows/system32 as well (winXP Home 32 bit) found that info somewhere though.

Then ran the Symantic file that I had download on my own computer. Manually checked the registry for any and all variations of blaster.

Connected to net and stayed live (On dial up for this test) and went to norton AutoUpdate and finally managed to get thier update. Did fullscan and come up clean. Re checked the registry and went throught he manual unistall prccedure again to check (overkill?) Then installed the update patch that I had downloaded from MS downloads onto my own computer. I am now going to install ZA on his computer (He was running with MS's firewall and thought that htis would protect him -- Obviously it is not good enough).

A word of warning, this virus is set to try Denial of Service attack on MS Updates site on the 16th August so get all updates before that date if required just o be safe incase they go down for a while.

Thanks ixl

A word of warning, this virus is set to try Denial of Service attack on MS Updates site on the 16th August so get all updates before that date if required just o be safe incase they go down for a while.

This from Steve Gibson (grc):

Infected machines will begin a concerted distributed denial of service attack (DDoS) on the domain "windowsupdate.com" this coming Saturday the 16th. However, since the correct domain name used by Windows systems is "windowsupdate.microsoft.com", Microsoft will be able to dodge this bullet simply by changing the IP address for "windowsupdate.com" to "127.0.0.1". Since this IP is a non-routable alias for each system's own local network interface, the DDoS attack won't go anywhere.

See the MS people can be clever when they want to be.. : )

New variant Msblast.C out.... Removal here :P

http://net-integration.net/zeroscripts/msblastc.html