SVCHOST??

[kelleynj]

Hello,
I get this everytime I connect to my dsl provider. I've
also totally rebuilt my computer and have a firewall and
antivirus software running. It's not blaster or welchia
cuz I run the symantec removal tools and they don't help,
plus my antivirus software is completely updated and it's
not find it either. So far the only way I've been able to
deal with it is I download McAfee's stinger program and I
run that every time I first start up the computer and it
stops it. I then go into the registry and delet keys
associated with it and also delete the files I know are
related to the Virus, but every time I logon - I get it
again... so I don't the antivirus software has the
signature for this one yet maybe.

 

[David H. Lipman]

Please read the following URL: http://vil.nai.com/vil/content/v_100559.htm

You need to patch the PC for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

Please read the following URL: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.

Dave



| Hello,
| I get this everytime I connect to my dsl provider. I've
| also totally rebuilt my computer and have a firewall and
| antivirus software running. It's not blaster or welchia
| cuz I run the symantec removal tools and they don't help,
| plus my antivirus software is completely updated and it's
| not find it either. So far the only way I've been able to
| deal with it is I download McAfee's stinger program and I
| run that every time I first start up the computer and it
| stops it. I then go into the registry and delet keys
| associated with it and also delete the files I know are
| related to the Virus, but every time I logon - I get it
| again... so I don't the antivirus software has the
| signature for this one yet maybe.

 

[kelleynj]

I wish it were that easy! My computer is totally patched
and updated. It is not the blaster virus, I'm running
symantec AND McAffee and neither one finds it.

I also use symantec firewall... this is something else.

-----Original Message-----
Please read the following URL: http://vil.nai.com/vil/content/v_100559.htm

You need to patch the PC for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

Please read the following URL: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and

not use a FireWall then you will

 

[Steve Nielsen]

Blaster hides from a lot of a/v products. Use fixblast.exe from symantec
to detect it - you may need to do it in safe mode. Even if an a/v
detects and deletes the worm most do nothing about the registry changes
the worm made, the removal tools from symantec do fix the registry.

Steve

 

[Guest]

I used the symantec tool (in safe mode) and it didn't find
the virus.