Does Blaster Worm Fix Affect IP Browsing?

[CP de la Cruz]

I have a Win2000 PC on a Toshiba USB broadband modem
connection, and another connection to a home subnet using
a Macronix 10/100 NIC. I have Internet Connection
Sharing enabled on the USB connection, as a "gateway" for
Internet access from the subnet. I do not have a
firewall, so I just make sure I always have the latest
virus definitions installed. Over the external broadband
connection, I've been sharing some non-critical folders
on my PC in read-write mode with some friends, with only
strong-password protection. To access the folder, all
they had to do was to open Win Explorer or IE and type my
ISP-issued IP address \\xxx.xxx.xxx.xxx\MyShareName and
they could view all shared resources on my PC. If they
wanted to open one of the shared folders, all they had to
do was either provide a valid user ID and the password
when prompted, or they could map the shared folder as a
network drive with the same ID and password. When my PC
got hit by the Blaster Worm, I updated my system with the
security patch, and also got all the latest bug fixes via
Windows Update. Now, however, no one is able to find
their way to my PC, and they are getting the error
message "network path to xxx.xxx.xxx.xxx not found". I
checked my TCP/IP settings on the USB network connection
and I do NOT even have TCP/IP Filtering enabled! From
any other PC connected on the subnet though, I have no
problem accessing my "gateway" shared folders if I type
the ISP-issued IP address in Explorer.

I'm not sure if I just did something wrong, but would
anyone know if the Blaster security fix (or any other
recent Win Update fix) might have blocked inbound access
for browsing my shared resources? Any suggestions on how
I can fix this?

 

[Marina Roos]

The 'fix' as you call it, is not a cure when you're already infected with
msblast. It is a patch that prevents your computer getting infected.
Open Taskmanager and look for msblast.exe-proces. If you find it, kill it.
Go to www.sophos.com to get the removaltool.

Marina

 

[CP de la Cruz]

Thanks, Marina. But I guess my question was not very
clear. I was infected, but I deleted the msblast.exe
file, installed the patch, updated my virus defs, ran the
scan and now have a clean system. The problem now is
that my IP address can no longer be located by my friends
trying to access my shares, and I'm wondering if the
patch and other recent service packs are now blocking
external folks from browsing my shares.

Any thoughts from anyone? Thanks!

 

[JerryH]

Thanks, Marina. But I guess my question was not very
clear. I was infected, but I deleted the msblast.exe
file, installed the patch, updated my virus defs, ran the
scan and now have a clean system. The problem now is
that my IP address can no longer be located by my friends
trying to access my shares, and I'm wondering if the
patch and other recent service packs are now blocking
external folks from browsing my shares.

Any thoughts from anyone? Thanks!

More likely your ISP is blocking ports 135, 137, 138, and 445 to prevent
this worm and others from spreading. These are the same ports that are used
to access MS file shares. To confirm this, you can have your PC port-scanned
by a server that provides this service, for example grc.com, to see if the
Microsoft networking ports are accessible from outside your local network.

Jerry

 

[Oli Restorick [MVP]]

I agree that this is the most likely cause.

I think it's something ISPs should have done a long time ago. If you need
to share files over the Internet, you should find a more secure method. The
two that spring to mind are FTP or establishing a VPN connection, which
probably isn't so great for ad-hoc file sharing.

Oli