I keep getting worms/viruses...why?

[elfa]

Running W2K with ZoneAlarm and AVG installed and running. I don't accept any
email with attachments. I'm on DSL. During a boot, before Windows loads, I get
an AVG message that I have mblast.exe......

Ran AVG and it finds "worm/lovsan.a"

How am I getting this stuff with ZoneAlarm and no email attachments opened?

Any help appreciated.

elfa

 

[Bill]

Running W2K with ZoneAlarm and AVG installed and running. I don't accept any
email with attachments. I'm on DSL. During a boot, before Windows loads, I get
an AVG message that I have mblast.exe......

First off, ZoneAlarm (the AOL of firewalls) doesn't detect or prevent
virus infection. No firewall is designed to do that. Secondly, AVG is
not exactly a premium choice of AV products. You probably became
infected long before AVG had Blaster in it's virus definition files.

Do yourself a big favor and invest a bit of cash into your PC and
purchase better software. As for the virus information, McAfee as well
as a number of other online virus websites have Lovesan listed if you
would bother to look.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547

 

[Mr. Chuck]

You must log on as an administrator and remove the virus or you will
continue to receive the message.

http://www.f-secure.com/v-descs/msblast.shtml

HTH

 

[null]

Running W2K with ZoneAlarm and AVG installed and running. I don't accept any
email with attachments. I'm on DSL. During a boot, before Windows loads, I get
an AVG message that I have mblast.exe......

Ran AVG and it finds "worm/lovsan.a"

How am I getting this stuff with ZoneAlarm and no email attachments opened?

Any help appreciated.

You got hit with it primarily because you didn't install the patch for
it. However, ZA, if it hasn't been disabled by malware, should have
blocked port 135 (and others) inbound providing you have it set to at
least Medium security for the Internet Zone. It should also have
alerted you that mblast.exe was trying for outbound. So is it disabled
by some malware? You need a good up to date antivirus (not AVG)
to find out about other possible malware and/or you should test ZA at
port scanning sites.

You mention email attackments but another major intrusion vector is
the use of IE. Use IEradicator to get rid of it and use Mozilla. See
my web site for links.


Art
http://www.epix.net/~artnpeg

 

[Duane Arnold]

Running W2K with ZoneAlarm and AVG installed and running. I don't
accept any email with attachments. I'm on DSL. During a boot, before
Windows loads, I get an AVG message that I have mblast.exe......

Ran AVG and it finds "worm/lovsan.a"

How am I getting this stuff with ZoneAlarm and no email attachments
opened?

Any help appreciated.

elfa

I don't how you're exactly getting the worm. But I'll tell you that ZA is
only going to stop a worm coming in on a port, if it's unsolicited
traffic that's trying to reach the machine on a port. That is no program
on your machine solicited for the traffic from the IP/machine that's
trying to reach your machine. In this case, the FW on the machine should
reject unsolicited inbound traffic to the machine.

If two machines are communicating by IP(s) on a WAN or LAN with valid
solicited communications between the two machines and they both have host
based FW on them, and one of them is infected with a self populating
worm, then the FW is not going to stop the worm from coming in on the
traffic.

The only element in a host based FW solution that can stop a worm coming
in on the traffic between two machines is a FW that has an IDS component
that will instruct the FW to close the port to an IP, if it determines
that a worm is coming in the traffic from an IP/machine.

Duane

 

[Ka Khiong Kwok]

Blast is different and I swear if I get my hands on the prick that
resurrected this sort of virus that the remainder of their very short measly
lives would be filled with interesting events. I will make Attila the Hun
look like a Care bear.

Blast doesn't come through e-mails. So there's goes most firewall
configurations. Blast hits the biggest target area on you computer, the O/S.
It abuses a buffer weakness in W2K machines.

You'll need to run a scan of your system and download the security patch
from Microsoft. Remember that it's policy for Microsoft to send out patches,
so ignore any patches coming from them.

Good luck,

Ka.

 

[DangerScouse]

Blast is different and I swear if I get my hands on the prick that
resurrected this sort of virus that the remainder of their very short measly
lives would be filled with interesting events. I will make Attila the Hun
look like a Care bear.

Blast doesn't come through e-mails. So there's goes most firewall
configurations. Blast hits the biggest target area on you computer, the O/S.
It abuses a buffer weakness in W2K machines.

Indeed, and it is surprising the amount of people that don't d/l the
security updates..

You'll need to run a scan of your system and download the security patch
from Microsoft. Remember that it's policy for Microsoft to send out patches,
so ignore any patches coming from them.

I think you meant to say that Microsoft *don't* send out patches. The
unfortunate thing is that when users get the message for an automatic d/l
they click on 'NO' because they don't know what it's for.

 

[Jason Wade]

Blast doesn't come through e-mails. So there's goes most firewall
configurations. Blast hits the biggest target area on you computer, the O/S.
It abuses a buffer weakness in W2K machines.

But if the Windows RPC service (on port 135) is disabled,
it can't get in -- right?

 

[Ka Khiong Kwok]

My bad, thanks for catching that out. It's AGAINST Microsoft's policy to
send out patches.
I have to stop sending these posts out while going doing other things. My
apologies, my mind was on the MCSA course.

Anyway, the standard these day for most company's is NOT to send out file
attachments (unless it's been discussed and arranged prior). Let me repeat,
that's NOT to send out files.

I think I'm owed a beer.

Have a nice one,

Ka.

 

[Ka Khiong Kwok]

Y'know. I'm not too sure of that. The instances I saw got on via a backdoor.
The system involved wasn't configured properly and the bastard abused a
weakness in SQL server and got in.

I ain't the best when it comes to virus detection, but I try harder.

Either way, if I get my hands on the smarmy, little so and so I'll give the
little bugger a free endoscopy. He'll need it after I put him and a Durian
together.

All the best,

Ka.