xp worm

[stonerock]

I bought an OEM version of XP (Full Home Edition) a couple
of years ago pending my building a new computer. I finally
got around to it and XP was installed on a new Maxtor 30GB
hard drive using Maxblast 3. I tried to download the XP
service pack but was logged off by a remote program call
or something like that. It got so that I could only be on
line for about one minute. I reformatted three times and
found out from this newsgroup that I had the blaster
worm.I have removed the worm three times but it reappears.
I am certain that my Windows XP CD has an embedded worm. I
have reformatted and reinstalled three times and a Blaster
worm or some variant reappears within a few minutes. I
have not installed any other programs or imported any
files from the old HD. I am now running Win98SE on the new
30GB Maxtor after reformatting again with Maxblast 3 and
no problems. What is going on? I'm ready to buy a MAC.

 

[Jim Macklin]

When you install the ICF (Internet connection firewall) is
off by default. BEFORE you connect to the Internet you must
be sure that you turn the firewall ON. The MSBlaster worm
crawls the Internet and will infect any computer that
doesn't have the latest MS Windows patches (you can't get
those without going on-line) or the latest anti-virus
(ditto) so you protection is a firewall so the worm can't
find you.

To be sure the ICF is on, go to network connections, right
click you connection (before you connect) and select
properties/advanced tab. Be sure a check is in the box.

I just helped a friend the past two days rebuild his
computer after a similar problem, hope you have broadband,
there are about 250 MB of updates and downloads for your old
XP.


message | I bought an OEM version of XP (Full Home Edition) a couple
| of years ago pending my building a new computer. I finally
| got around to it and XP was installed on a new Maxtor 30GB
| hard drive using Maxblast 3. I tried to download the XP
| service pack but was logged off by a remote program call
| or something like that. It got so that I could only be on
| line for about one minute. I reformatted three times and
| found out from this newsgroup that I had the blaster
| worm.I have removed the worm three times but it reappears.
| I am certain that my Windows XP CD has an embedded worm. I
| have reformatted and reinstalled three times and a Blaster
| worm or some variant reappears within a few minutes. I
| have not installed any other programs or imported any
| files from the old HD. I am now running Win98SE on the new
| 30GB Maxtor after reformatting again with Maxblast 3 and
| no problems. What is going on? I'm ready to buy a MAC.
|

 

[Matt]

-----Original Message-----
I bought an OEM version of XP (Full Home Edition) a couple
of years ago pending my building a new computer. I finally
got around to it and XP was installed on a new Maxtor 30GB
hard drive using Maxblast 3. I tried to download the XP
service pack but was logged off by a remote program call
or something like that. It got so that I could only be on
line for about one minute. I reformatted three times and
found out from this newsgroup that I had the blaster
worm.I have removed the worm three times but it reappears.
I am certain that my Windows XP CD has an embedded worm. I
have reformatted and reinstalled three times and a Blaster
worm or some variant reappears within a few minutes. I
have not installed any other programs or imported any
files from the old HD. I am now running Win98SE on the new
30GB Maxtor after reformatting again with Maxblast 3 and
no problems. What is going on? I'm ready to buy a MAC.

.
First of all, unless it is a pirated copy of Windows Xp

then it does not have a blaster worm embedded, i can
garantee you that much. Second of all the reason you are
not having any problems with Win98 SE is because it is not
affected by the blaster worm. And lastlywhy dont you
download the updates when it promps you to in the windows
xp install.
Good Luck
Matt

 

[Guest]

The Blaster has only been around for about 6 months!

 

[Bruce Chambers]

Greetings --

The worm didn't even exist when you bought the CD, so I don't see
how you could possibly have come to the conclusion that it's embedded
in the CD. Don't connect the PC to the Internet until you've
safeguarded it against Blaster.

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH