Permanent traffic

  • Thread starter Thread starter Luc Lecocq
  • Start date Start date
L

Luc Lecocq

Hello,

I just did a fresh install of XP Pro, without any patch or service pack.
I configured my internet connection (ADSL 512K), went on Internet and almost
immediately got the blaster worm which shutdown the system.
I then installed the patch from Microsoft, and did not do anything else (no
antivirus available at the moment).

I am now observing a strange behavior:

As soon as my internet connection is opened, there is an outgoing traffic
of about 56 to 64 K, as no application is running, except ADSLautoconnect.
When I close my connection, this stops.

Is this an effect of the blaster worm?
Is this some XP service ?

Thanks for helping.
 
Use CTRL ALT DEL and go to processes.
Find a process named MSBLAST hi-light it and click end process
Next assuming your AV software is upto date, scan your hard drive for
msblast.exe
Use the shift key and hi-light the file to permanently delete it, if you
don't use the shift key it will only go to your recycle bin
 
You should have downloaded the patch from someone else and installed it
before enabling ADSL. Also enabling / installing the firewall software.
 
JasonA said:
You should have downloaded the patch from someone else and installed it
before enabling ADSL. Also enabling / installing the firewall software.
Click to expand...


Luc, I had the Blaster worm in exactly the same manner as you described. It
appears that this worm is constantly, continuously seeking to infiltrate any
computer, the moment the machine is open, connected to the internet. While
you are connected, and if the computer is working, download the protection
sofeware your computer needs. Burn the setting up programmes, the
installers, on CD. Then, do a clean install, to start from scratch, of
WinXP. Before you connect to the net, install and open these protection
software run directly from the CD, or, as I did, from My Documents where you
imported the software from the CD.

*My* protection software: Immediate
ZoneAlarm Rounding up the usual suspects, messages too
Universal PnP disabled (Gibson's site)
PopupManager
As-soon-as-possible category: And, bring them up-to-date
Spybot
Ad-aware
AVG (Grisoft): the code is always AVG-1-8530785-AQY
So this can be set to scan even before net connection
But you need add-on to be up-to-date.

After installing and run Automatic Syst Restore Pt (D Knox' site)
Emergency Recovery Utility NT (i.e. ERUNT)
SP1a (from a magazine cover CD)
THEN connect to the net.

The first critical/security update to download and install should now be the
Blaster worm specific Q824146. But even before this was posted on the
Windows Update site, I had no more bother from the worm.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

outgoing traffic 2
January 07, Register - Microsoft releases Blaster clean-up tool. 9
wierd rebooting issue 1
system shutdown NT authority 2
New Blaster Virus? 3
Ping: Ken Blake 4
Blaster Worm Relapse????? 7
Variation of the Blaster Worm? 1

Back
Top