1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Danger!!!!!!! Not the normal MSblast.

Discussion in 'All other topics' started by christie, Mar 6, 2004.

  1. christie

    christie Member

    Joined:
    Feb 5, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    A friend of mine has just installed Xp pro. Within minutes of it running he encountered the MSblast virus. Being a novice and having never encountered a virus before he freaked out and telephoned me in a state of panic. I laughed because i didn't see it being so big a problem to solve.

    Here are the steps i told him to take.

    1. Activate his firewall.

    2. Download the MS03-026 patch, if the countdown should take place in the middle of this then he should hit start/run "shutdown -a".

    3. Next he should disconnect form the internet and run the patch.

    4. OK Here is where it gets strange, If he goes into task manager/processes there is no process running called "ms-blast.exe" or "penis32" or whatever other variants of this name exist.

    5. If he goes into the registry and looks for the entry from "MSblast" it isn't there.

    6. If he goes to system32 and looks for the file "MSblast.exe" then it isn't there.

    7. I hope that these are trivial matters and easy for someone to solve. But this isn't all...

    8. It is to my understanding that if you type in "shutdown -a" then the worms process is halted until the computer is rebooted. With his worm it comes back very frequently and the pc doesn't need to be rebooted. And even when your not connected to the net it will come back over and over again but there are no traces of its files anywhere on the pc (it seems to be growing in strength everyday). Also the Symantec removal tool doesn't detect anything.

    9. I have recommended to him that he should backup the MS03-026 patch and disconnect from the internet and begin with a fresh installation. Which if this were the MSblast virus would be sure to work. But i'm not sure if this is the same because the symptoms seem to be so different.

    If anyone has the answers which would solve this problem i would appreciate it very much if you would get in contact.
     
  2. drchips

    drchips Active member

    Joined:
    Nov 29, 2003
    Messages:
    1,157
    Likes Received:
    0
    Trophy Points:
    66
    Hiya,

    From your post, it seems he has the minimum required.
    The best way is to wipe and start again, but IN THE RIGHT ORDER.

    Application of his Firewall BEFORE connection to the net will avoid the infection.

    Do the following, in the exact order listed:

    1 - PHYSICALLY DISCONNECT from the net
    2 - Boot from XP CD
    3 - Remove ALL partition(s)
    4 - Create partition(s)
    5 - Format with NTFS
    6 - Install XP
    7 - Install any drivers required from ORIGINALS (NOT copies)
    8 - Install and enable Firewall (MUST reboot)
    9 - configure Firewall to ask on EVERY connection
    10 - Install AntiVirus
    11 - Connect to net [bold] (do not browse ANYWHERE on the net UNTIL all security has been installed and updated)[/bold]
    12 - Update AntiVirus (repeat until complete) [bold]ONLY USE update facility of AV software[/bold]
    13 - Windows Update (repeat until complete) [bold]ONLY USE Windows Update link[/bold]
    14 - Apply remaining security programs (CookieCutter, AntiSpyWare, PopUpKillers etc)
    15 - Configure Firewall to his normal operating pattern
    16 - Install rest of his programs

    Hope this helps...
    _
    _X_X_X_X_X_[small]Life is just more of the same:[/small]
     
    Last edited: Mar 6, 2004

Share This Page