For anyone else experiencing the joys of the world of computing... The problem I had was Norton removed W32.Blaster.worm, but then it kept coming back until I finally loaded the Windows XP patch. (I'm convinced my ISP wasn't clean.)
The MS download for XP is: WindowsXP-KB823980-x86-ENU.EXE My lesson today: It's not enough just keeping your virus definitions up to date. You need to check on the critical Windows updates too. Dennis ***** At 12:46 PM 8/1/2003 -0700, you wrote: >I had it on four of my computers here. I do not know how it came in yet. > >I went to the symantec website. They have a removal tool for it. Really easy >to remove. > >Dan > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dennis >Fleming >Sent: Tuesday, August 12, 2003 10:42 AM >To: RBASE-L Mailing List >Subject: [RBASE-L] - Re: New Worm > > >What was the probable source of this worm? (i.e., why didn't my ISP pick it >up?) > >What a pain! I would love to be in a locked room with all the worms who >write worms and viruses for just a day. > >Thanks for the heads-up, > >Dennis > > >At 11:00 PM 8/11/2003 -0400, you wrote: >>Buddy, >>It's called W32.Blaster.worm >>The symptom is, it will perform a shutdown as soon as you boot up, it >>generously gives you a minute to close any open processes. >>You have to reboot in safe mode with networking to do the following. >> >>I got it. Now it's gone, took me several hours. >> >>If using NAV goto www.sarc.com for instructions >>Basically do regedit, find msblast.exe and delete it. >>In XP Pro run task mgr and if cmd.exe is running, highlight it and click >>end process >> >>Before doing all this you should set system restore off, so what U R doing >>doesn't get registered in case you have to roll back. >>Then go to http://securityresponse.symantec.com/avcenter/defs.download.html >>This will download the urgent visrus defs. The live update is only updated >>each Wednesday, this site has the downloads for virus's found immediately. >> >>Good Luck >>----- Original Message ----- >>From: "Walker, Buddy" <[EMAIL PROTECTED]> >>To: "RBASE-L Mailing List" <[EMAIL PROTECTED]> >>Sent: Monday, August 11, 2003 7:12 PM >>Subject: [RBASE-L] - New Worm >> >> >> >> >>You may want to take a look at this URL: >>http://isc.sans.org/diary.html?date=2003-08-11 >> >>It's a new RPC worm that is going around. If one of your client machines >>has it, it may be spread it to the server. >> >>Buddy >> >> >> >Dennis Fleming >IISCO >http://www.TheBestCMMS.com >Phone: 570 775-7593 >Fax: 570 775-9797 > > > Dennis Fleming IISCO http://www.TheBestCMMS.com Phone: 570 775-7593 Fax: 570 775-9797
