Anabolics
Search More Than 6,000,000 Posts
Results 1 to 17 of 17
  1. #1
    SilverSiR's Avatar
    SilverSiR is offline Junior Member
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    144

    Exclamation Windows User, Patch computer now!!!!

    I got the heads up from another forum about this worm, downloaded the patch but didn't install til the next day. A few hours ago, got hit by the worm, it says:

    The RPC has unexpectedly terminated and your computer will shut down in 60 seconds

    Here are the patches

    Windows 2000: http://www.microsoft.com/downloads/d...displaylang=en

    Windows XP: http://www.microsoft.com/downloads/d...displaylang=en

    Windows NT: http://www.microsoft.com/downloads/d...DisplayLang=en

  2. #2
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    I had that fucking worm for the past 2 days and I couldn't stay online long enough to download any patchs or fixs, until today.
    If you have the worm go to www.symantec.com First and download the fix tool...then it will prompt you to download one of the patchs that Silver posted.

  3. #3
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    A problem you may encounter is that whatever it did was in there long enough to reconfigure the reg...as it has with mine. Symatec detects nothing, but the trojan horse carot2 or cabot2, whatever is it in windows system 32 where it hides will not leave, even when i delete it..i am unable to turn off auto restore since it got into the reg and I am likewise unable to unencrypty the patch since for the same reason.

  4. #4
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    BigG it does add code to the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" that enables the worm to start running when windows starts.but the fix tool here will get: http://securityresponse.symantec.com...oval.tool.html

    Just follow that link and do exactly what it tells u to do and you'll be ok.

  5. #5
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    I've downloaded and ran that specific tool and it says there is no trace of the virus on my computer. Between my girlfriend and I, we've been on the phone for 8 hours in the last 24 with either a Sony or Microsoft help person. They're convinced the virus is still somewhere, convincing the registry that it is not and fooling the symatec scanner. They're convinced of this because of that carot2 folder that will not be deleted, renamed or otherwise told to go to hell. That and the fact that even with mudman's suggestion in the other thread on this subject my own computer will not let me download ANYTHING from microsoft (no updates whatsoever, whether it has to do with this virus or something completely different).

  6. #6
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    Quote Originally Posted by MBaraso
    BigG it does add code to the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" that enables the worm to start running when windows starts.but the fix tool here will get: http://securityresponse.symantec.com...oval.tool.html

    Just follow that link and do exactly what it tells u to do and you'll be ok.
    Should I manually delete that tag from the registry when i get home? Might that help?

  7. #7
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    Quote Originally Posted by BigGreen
    Should I manually delete that tag from the registry when i get home? Might that help?
    Yeah you can do that, but your saying you can't download anything from microsoft etc?? Then that's not the worm doing that. All the worm is basicly doing is running code on your machine that will cause your computer to either crash..or restart (which is basicly a crash).
    You can try deleteing it from the registry manualy by doing this:
    A. Click Start, and then click Run. (The Run dialog box appears.) B
    B. Type regedit

    C. Then click OK. (The Registry Editor opens.)


    D. Navigate to the key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run


    E. In the right pane, delete the value:

    "windows auto update"="msblast.exe"

    Exit the Registry Editor.

  8. #8
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    Now that I think about it...The worm might be disableing your computer from downloading the patch from microsoft because the code in the worm itself I think has something to do w/ MS's auto update. So yeah try looking for that line of code by going in the registry and if it's there delete it...

  9. #9
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    okay, will do that as soon as i get home

    EDIT: ONe more question - i was told that messing with the registry in any way can seriously f me up more so than I am now. I plan on deleting just this line if it exists, but in the event that causes problems, will doing a system recovery on the C drive (i have a c and d drive) restore any probelms caused by screwing with the registry? Thanks again
    Last edited by BigGreen; 08-12-2003 at 03:31 PM.

  10. #10
    dizzle's Avatar
    dizzle is offline Respected Member
    Join Date
    May 2002
    Location
    Boise, Idaho
    Posts
    2,829
    Download the file as fast as you can, then unplug your dsl/cable modem and reboot your computer. I found that you don't get the shutdown error unless you're connected to the internet. Then you can run the patch.

  11. #11
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    Yeah screwing w/ anything in the registry can cause major problems on your computer, so ONLY delete that line of code I gave you. Follow those instructions to the T and you'll be fine.
    I would recomend backing up your registry to a disk before even going into it. Before you do that though you need to do this if your going to do everything manually..
    1.Disable System Restore (Windows XP).
    2.Update the virus definitions.
    3.End the Trojan process.
    4.Run a full system scan and delete all the files detected as W32.Blaster.Worm.
    5.Reverse the changes that the Trojan made to the registry.

    I'm sure u know how to turn your system restore off but you need to end the trojan process by:
    1.Press Ctrl+Alt+Delete once.
    2.Click Task Manager.
    3.Click the Processes tab.
    4.Double-click the Image Name column header to alphabetically sort the processes.
    5.Scroll through the list and look for msblast.exe.
    6.If you find the file, click it, and then click End Process.
    7.Exit the Task Manager.

    Once you do all that then go into the Registry and make the nessasary changes.
    Do you know how to back up the registry?

    There could be something else that's happening too but if this doesn't work will cross that bridge next.

  12. #12
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    Quote Originally Posted by dizzle
    Download the file as fast as you can, then unplug your dsl/cable modem and reboot your computer. I found that you don't get the shutdown error unless you're connected to the internet. Then you can run the patch.
    My bad...let me rephrase. I've successfully downloaded the patch, but whether i'm online or offline, my PC will no longer allow me to OPEN and RUN anything from microsoft. So i have the patch on my hard drive, but it may as well be a JPEG of bill gates giving me the finger, which is essentially what it is. By the way, i have a conspiracy theory that companies clandestinely release these things on purpose. Best Buy is backed up for four days in my town cleaning this thing and how many people are going to go out and by Norton and/or firewall software tomorrow?? Bastards.

  13. #13
    clockworks's Avatar
    clockworks is offline Anabolic Member
    Join Date
    Jul 2002
    Location
    texas
    Posts
    2,036
    why is it that windows has thousands of recorded viruses, worms, "malicious programs", etc...yet i've never even heard of any for linux/unix?

    question for all you people who are affected by this worm/virus: are you running windows as the administrator or someone with full access privilages to the computer?

    -- cb

  14. #14
    BigGreen's Avatar
    BigGreen is offline Anabolic Member
    Join Date
    Aug 2002
    Location
    12,000 feet above it all
    Posts
    4,453
    Quote Originally Posted by MBaraso
    Yeah screwing w/ anything in the registry can cause major problems on your computer, so ONLY delete that line of code I gave you. Follow those instructions to the T and you'll be fine.
    I would recomend backing up your registry to a disk before even going into it. Before you do that though you need to do this if your going to do everything manually..
    1.Disable System Restore (Windows XP).
    I should also mention that this wormy little bastard was so kind as to disable my ability to disable system restore...and this is what keeps that carot2 coming back according to the techs. Additionally, it has disabled slew of other things. I've taken it out on the task bar, run the symantec wormblaster (it claims there is nothing there any longer), etc, etc. I'll check for that specific line of code...if I don't see it, i'm simply going to do a system restore to the C drive after i backup what i need. I think i got the steroided up version of this worm, as it has KICKED my PC's ass.

  15. #15
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    Quote Originally Posted by BigGreen
    My bad...let me rephrase. I've successfully downloaded the patch, but whether i'm online or offline, my PC will no longer allow me to OPEN and RUN anything from microsoft. So i have the patch on my hard drive, but it may as well be a JPEG of bill gates giving me the finger, which is essentially what it is. By the way, i have a conspiracy theory that companies clandestinely release these things on purpose. Best Buy is backed up for four days in my town cleaning this thing and how many people are going to go out and by Norton and/or firewall software tomorrow?? Bastards.
    Oh wow Does windows even start? I thought u were only having problems when u were connected to the internet like dizzle mentioned. I don't even know what to tell u cuz I'm not there to see what's going on. I'm horrible at tech support if I can't physicaly be there.
    Clockworks: It doesn't matter if your the admin or just a regular user. The worm will affect all users. You have admin privleges on your pc to run the fixblast. And Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me cannot and will not be affected by this worm.

  16. #16
    dizzle's Avatar
    dizzle is offline Respected Member
    Join Date
    May 2002
    Location
    Boise, Idaho
    Posts
    2,829
    Good Luck BigGreen, looks like your problem is far beyond what I have seen with this worm. I've seen it on 3 computers and was able to get rid of it in a few minutes on all 3.

  17. #17
    MBaraso's Avatar
    MBaraso is offline Retired Mod
    Join Date
    Oct 2001
    Location
    Somewhere
    Posts
    7,611
    Ok I understand what's going on now.. Duhh me, if windows wasn't running you wouldn't be able to get online lol
    But you definetly got a juiced up version of this worm.
    How bout the hidden line of code in this thing?
    "I just want to say LOVE YOU SAN!!
    billy gates why do you make this possible ? Stop making money and fix your software!!"

    It's true...it's microsofts fault that they hurry up and put these fucked up operating systems out so quick that they don't even take the time to realize how many holes there are in their codeing

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •