Need HELP...which virus is it and whats the antidote

  • Thread starter Thread starter G S
  • Start date Start date
G

G S

Hi All,

I have a windows XP Home edition on my laptop. It was
running fine but since last week, a shutdown message
started appearing, it was something like this,

system Shutdoin in 60secs, NT Authority etc.......
I thought it was something to do with RPC,so i did
shutdown the service.

Since then, the situation has gone from bad to worse, now
it takes about 5 minutes for the system to log me in after
a reboot, plus it never asks for a login username or
password, but directly logs me in.
Secondly, the TASK BAR at the bottom of the window, also
disappeared. And, i cannot access the internet or create
anymore users etc....
My modem or ethernet connections are not visible in the
NETWORK CONNECTIONS window as well.

I do not know what the problem is and how to go about
repairing the system. It is a major pain...any help would
be dearly appreicated.


Cheers,
G S
 
Hi GS,
You are just one of a million of those people complaining about
this worm ;" MSBLAST"

Do the followings step by step:

1. Shut down your computer

2. While shut down disconnect the phone line

3. Turn on computer but do not connect to the internet

4. Disable RPC Notification (Start button, Run, in Open
box type SERVICES.MSC, click OK, scroll halfway down and
double click the first Remote Procedure entry, click the
Recovery tab, for ALL failure dropdowns select TAKE NO
ACTION, click OK, exit the window

(If you see the shutdown message appears again, go to RUN from the Start, and type: shutdown-a
This will terminate the shutdown process)

5. Reconnect to the internet to download the virus
cleaning tool (I used Norton), and download the MS patch
and save both to a folder. Do not install yet.

A script to disinfect:
http://www.kellys-korner-xp.com/regs_edits/msblast.vbs
You can also download the patch from there.


6. Again physically disconnect from the internet and
disconnect the phone line.


7. Disable System Restore. Start button, right click "My
Computer" left click "properties", click the Restore tab,
click to check off "Turn off System Restore", click OK
button, click YES to disable System Restore.


8. Run the virus cleaning tool (DO NOT CONNECT TO THE
INTERNET)


9. Install the MS Patch (DO NOT CONNECT TO THE INTERNET)


10. Restart your computer.


11. Reconnect to the internet and run a scan. Your system
should be completely clean.

If you have troubles installing the patch, visit:

http://www.updatexp.com/cryptographic-service.html


I had the same problem , followed the same instruction , and killed the worm successfully.
 
Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top