08-12-2003, 01:02 PM #1
Windows User, Patch computer now!!!!
I got the heads up from another forum about this worm, downloaded the patch but didn't install til the next day. A few hours ago, got hit by the worm, it says:
The RPC has unexpectedly terminated and your computer will shut down in 60 seconds
Here are the patches
Windows 2000: http://www.microsoft.com/downloads/d...displaylang=en
Windows XP: http://www.microsoft.com/downloads/d...displaylang=en
Windows NT: http://www.microsoft.com/downloads/d...DisplayLang=en
08-12-2003, 01:46 PM #2
I had that fucking worm for the past 2 days and I couldn't stay online long enough to download any patchs or fixs, until today.
If you have the worm go to www.symantec.com First and download the fix tool...then it will prompt you to download one of the patchs that Silver posted.
08-12-2003, 01:54 PM #3
A problem you may encounter is that whatever it did was in there long enough to reconfigure the reg...as it has with mine. Symatec detects nothing, but the trojan horse carot2 or cabot2, whatever is it in windows system 32 where it hides will not leave, even when i delete it..i am unable to turn off auto restore since it got into the reg and I am likewise unable to unencrypty the patch since for the same reason.
08-12-2003, 02:07 PM #4
BigG it does add code to the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" that enables the worm to start running when windows starts.but the fix tool here will get: http://securityresponse.symantec.com...oval.tool.html
Just follow that link and do exactly what it tells u to do and you'll be ok.
08-12-2003, 02:13 PM #5
I've downloaded and ran that specific tool and it says there is no trace of the virus on my computer. Between my girlfriend and I, we've been on the phone for 8 hours in the last 24 with either a Sony or Microsoft help person. They're convinced the virus is still somewhere, convincing the registry that it is not and fooling the symatec scanner. They're convinced of this because of that carot2 folder that will not be deleted, renamed or otherwise told to go to hell. That and the fact that even with mudman's suggestion in the other thread on this subject my own computer will not let me download ANYTHING from microsoft (no updates whatsoever, whether it has to do with this virus or something completely different).
08-12-2003, 02:15 PM #6Originally Posted by MBaraso
08-12-2003, 02:22 PM #7Originally Posted by BigGreen
You can try deleteing it from the registry manualy by doing this:
A. Click Start, and then click Run. (The Run dialog box appears.) B
B. Type regedit
C. Then click OK. (The Registry Editor opens.)
D. Navigate to the key:
E. In the right pane, delete the value:
"windows auto update"="msblast.exe"
Exit the Registry Editor.
08-12-2003, 02:24 PM #8
Now that I think about it...The worm might be disableing your computer from downloading the patch from microsoft because the code in the worm itself I think has something to do w/ MS's auto update. So yeah try looking for that line of code by going in the registry and if it's there delete it...
08-12-2003, 02:27 PM #9
okay, will do that as soon as i get home
EDIT: ONe more question - i was told that messing with the registry in any way can seriously f me up more so than I am now. I plan on deleting just this line if it exists, but in the event that causes problems, will doing a system recovery on the C drive (i have a c and d drive) restore any probelms caused by screwing with the registry? Thanks again
Last edited by BigGreen; 08-12-2003 at 02:31 PM.
08-12-2003, 02:34 PM #10
Download the file as fast as you can, then unplug your dsl/cable modem and reboot your computer. I found that you don't get the shutdown error unless you're connected to the internet. Then you can run the patch.
08-12-2003, 02:42 PM #11
Yeah screwing w/ anything in the registry can cause major problems on your computer, so ONLY delete that line of code I gave you. Follow those instructions to the T and you'll be fine.
I would recomend backing up your registry to a disk before even going into it. Before you do that though you need to do this if your going to do everything manually..
1.Disable System Restore (Windows XP).
2.Update the virus definitions.
3.End the Trojan process.
4.Run a full system scan and delete all the files detected as W32.Blaster.Worm.
5.Reverse the changes that the Trojan made to the registry.
I'm sure u know how to turn your system restore off but you need to end the trojan process by:
1.Press Ctrl+Alt+Delete once.
2.Click Task Manager.
3.Click the Processes tab.
4.Double-click the Image Name column header to alphabetically sort the processes.
5.Scroll through the list and look for msblast.exe.
6.If you find the file, click it, and then click End Process.
7.Exit the Task Manager.
Once you do all that then go into the Registry and make the nessasary changes.
Do you know how to back up the registry?
There could be something else that's happening too but if this doesn't work will cross that bridge next.
08-12-2003, 02:44 PM #12Originally Posted by dizzle
08-12-2003, 02:49 PM #13
why is it that windows has thousands of recorded viruses, worms, "malicious programs", etc...yet i've never even heard of any for linux/unix?
question for all you people who are affected by this worm/virus: are you running windows as the administrator or someone with full access privilages to the computer?
08-12-2003, 02:54 PM #14Originally Posted by MBaraso
08-12-2003, 02:57 PM #15Originally Posted by BigGreen
Clockworks: It doesn't matter if your the admin or just a regular user. The worm will affect all users. You have admin privleges on your pc to run the fixblast. And Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me cannot and will not be affected by this worm.
08-12-2003, 02:57 PM #16
Good Luck BigGreen, looks like your problem is far beyond what I have seen with this worm. I've seen it on 3 computers and was able to get rid of it in a few minutes on all 3.
08-12-2003, 03:01 PM #17
Ok I understand what's going on now.. Duhh me, if windows wasn't running you wouldn't be able to get online lol
But you definetly got a juiced up version of this worm.
How bout the hidden line of code in this thing?
"I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!"
It's true...it's microsofts fault that they hurry up and put these fucked up operating systems out so quick that they don't even take the time to realize how many holes there are in their codeing
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)