Blaster seems to have popped up again on my PC - urgent advice sought

[A Whiteford]

I got the Blaster virus when it was going around a couple of months ago. I
downloaded patch, ran it etc and everything seemed to be OK until last
night. My PC has gone into a continuous shutdown loop since then.

I power up and approximately 2 minutes later I get the message which came
with Blaster that it's being auto powered down. It turns itself off. The
first time this happened I ran Norton's AV which I'd auto updated last week.
It didn't identify any viruses. I also looked at the original Blaster patch
information and did a search for the Blaster.exe file - nothing on the PC
(including in hidden folders).

So do I have the Blaster virus or it something that mimics it?

Since the original power down the time lag between auto power downs has
decreased so I only have a couple of minutes before the PC auto shuts down -
it's like a continuous loop.

How do I stop this process so I can get an appropriate patch installed?

I've been advised to look at a site with info about the
w32.hllw.gaobot.az.virus info but it's pretty useless if I can't get the PC
to stay powered up long enough to download the required patch.

Advice appreciated
Thanks

Anne

 

[Nick FitzGerald]

I got the Blaster virus when it was going around a couple of months ago. I
downloaded patch, ran it etc and everything seemed to be OK until last
night. My PC has gone into a continuous shutdown loop since then.

I power up and approximately 2 minutes later I get the message which came
with Blaster that it's being auto powered down. It turns itself off. The
first time this happened I ran Norton's AV which I'd auto updated last week.
It didn't identify any viruses. I also looked at the original Blaster patch
information and did a search for the Blaster.exe file - nothing on the PC
(including in hidden folders).

So do I have the Blaster virus or it something that mimics it?

A new RPC denial of service against _fully patched_ Windows boxes has been
released in source and binary forms. As I understand it (untested) these
tools will compromise (remote shell?? -- no worm though) boxes missing either
or both the earlier DCOM RPC patches and cause service lock-ups and/or
crashes on machines with the latest DCOM RPC patch installed. On XP, the
default config is for the machine to shutdown when RPC fails, which is what
caused the shutdown dialog on XP machines during the Blaster outbreak and is
what I would expect to see if this latest DoS tool were used against a
(default config) XP box.

Since the original power down the time lag between auto power downs has
decreased so I only have a couple of minutes before the PC auto shuts down -
it's like a continuous loop.

Enable the Internet Connection Firewall. It is shite, but at least it is
enough to protect aagainst incoming RPC "attacks". (WTF anyone would have RPC
openly exposed to the Internet is beyond me and all thinking folk anyway...)

How do I stop this process so I can get an appropriate patch installed?

You almost certainly can't as it is happening "outside" your machine. You can
protect your meachin by preventing it seeing the "problem" traffic though --
simply enable the ICF on your Internet connecting network interface(s) (and
do so _before_ going online again!!).

I've been advised to look at a site with info about the
w32.hllw.gaobot.az.virus ...

Why??

You'd be much better off looking at this general advice about Blaster:

http://www.microsoft.com/security/incident/blast.asp

 

[GSV Three Minds in a Can]

I got the Blaster virus when it was going around a couple of months ago. I
downloaded patch, ran it etc and everything seemed to be OK until last
night. My PC has gone into a continuous shutdown loop since then.

I power up and approximately 2 minutes later I get the message which came
with Blaster that it's being auto powered down. It turns itself off. The
first time this happened I ran Norton's AV which I'd auto updated last week.
It didn't identify any viruses. I also looked at the original Blaster patch
information and did a search for the Blaster.exe file - nothing on the PC
(including in hidden folders).

So do I have the Blaster virus or it something that mimics it?

Since the original power down the time lag between auto power downs has
decreased so I only have a couple of minutes before the PC auto shuts down -
it's like a continuous loop.

How do I stop this process so I can get an appropriate patch installed?

I've been advised to look at a site with info about the
w32.hllw.gaobot.az.virus info but it's pretty useless if I can't get the PC
to stay powered up long enough to download the required patch.

Turn your firewall on (if you have WinXP, it's built in, however the
free version of ZA is better, if you can acquire it .. or even better,
connect to the internet via a NAT/firewall router/switch).

 

[A Whiteford]

I downloaded the patch for the w32.hllw virus from this PC onto floppies and
updated my NAV on the problem machine, scanned and guess what, the virus was
there. Don't understand why NAV didn't pick it up originally. I run Live
Update weekly.

Problem now - I set the machine up in Safe Mode to stop the constant
powering down so I could try and find out what the problem was. When I go
back in to reset to normal mode (F8 and select Normal Mode) it won't revert
back. It keeps taking me into Safe Mode.

Any ideas of how I can get back to Normal Mode. I've looked at System
Restore but it's shut off and won't run in Safe Mode and the System Restore
Wizard also won't run.

Thanks

Anne