msblast.exe ---> worm/virus?

It is the worm referred to in this thread:
https://www.wincustomize.com/msgboard.asp?BID=WC&id=176083
It started really spreading around this morning/last night.
You can protect yourself against it by getting the windows update critical update Q331953 or by blocking port 135 on your computer.

Also, this utility can scan and remove most recent big viruses including this one:
http://vil.nai.com/vil/stinger/

Thanks a lot, RotAtor! I didn't realize there was a post for this already. Thanks again!

No problem, been having fun here this morning with this one trying to keep it off our systems and make sure they're all patched.

I wish everyone here would stop complaining about viruses. By now, after having windows for such a long time, all you Windows users should have learned to cope with the extreme amount of flaws and security "imperfections". Windows motto should be "Learn to deal". What you get is what you pay for. You want a $500 PC with a craptastic OS? Go ahead and take it, but quit complaining.

If you're sick of windows, get a mac, or at least get linux. ANYTHING is better than an OS ripped from an OS which was ripped from Xerox, of all people.

macrobaye, please keep your comments constructive and on topic.  Please also remember that this site is populated by Windows users who are discussing windows issues and are trying to help each other.

There is also another reason why you don't see viruses for other OSs: the people who program viruses/worms/etc. like to hit a large market.  The 5% market share that Mac has and the 1% that Linux has just isn't worth the effort

This worm is a real pain.  Not hard to get rid of, so I hope everyone is zapping it!

For the past few days, I suddenly began receiving a large number of port scan hits, so today I checked some out and discovered this:

ZoneAlarm blocked traffic to port 135 on your machine from port 3441 on a remote computer. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise.

The above is only one of many targeting port 135, I had 138 yesterday and today in a 2 hour period 76 hits.
>

KarmaGirl, I was not trying to start an arguement. I was simply stating that I'm sick of all the complaining, but what I really sick of is Microsoft's constant OS problems. This isn't some small hole that some hacker found on a chance in hell. It's a HUGE hole that should have been fixed back when XP was being stol..err uhh, I mean "developed".

Apple and Linux have never had problems, because those OS's don't have the bugs that Windows does. Microsoft only released XP when they did because they were threatened by Mac OSX and it's obvious advantages of 2000 (and now still over XP). Microsoft needs to stop releasing BETA software and calling it a fully developed version.

GOD! I hope they don't mess up with Longhorn. But knowing Microsoft's history of moronic security holes and bugs, they will.

Anyone remember the Passport bug? Oh yeah, that one. The one where a hacker could steal a Windows (AND mac, linux) user's personal and sensitive information, effectively stealing their identity? Bill Gates needs to wake up from his dream.

As MSBLASTER.exe says: Billy Gates, why do you make this possible? Stop making money and fix your software!!!

It is now believed (and factually backed up) that a Mac user created the bug!

This particular little nasty has already been dealt with by Nortons update, 12.08.2003.

macro: This thread doesn't appear to have been started to complain or generate complaints about viruses or any OS. It appears the intent was to profide info to people.

White Moth: yes, there had been an increase in Port 135 scans for weeks and speculation was that some of the stuff that was seen may have been reconnoitering or a testing phase for a release of an exploit. Reportedly there was an IRC bot release at least similar to (if not the same as) msblaster before msblaster started propagating through the net via ports. At least 3 variants of msblaster were identified yesterday by people running honeypots.

Symantec has a free removal tool here and there are also inro for those who may wish to see what the worm does and instructionf for those who may wish to remove it manually: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

#9 by Developer wombat_1 - 8/12/2003 1:20:31 PM This particular little nasty has already been dealt with by Nortons update, 12.08.2003.

They were late with this one because I run Norton, it failed to stop the worm ... the update was late and I had to get rid of it manually.

Norton allowed my port to be probed.

Norton AV wouldn't block your ports; Norton's firewall should (if properly configured). Were you running a firewall or NIS?

I think there's probably a lot of people (me for one) who are really glad this information is posted.

I am glad it was posted. To all those who keep bashing microsoft: get real, grow up, get a life!

Im with you Garry. The worm didnt get to my main PC but it got to my other desktop. The info here and other sites helped a lot.
The Security Update (823980) solved the problem.
macro, instead of 'complaining' about what you hate about MS OS in this site, shouldnt you be writing to Bill Gates about this issues?
And always remember, no matter how hack-proff they make a system, there is always someone out there that eventually is gonna find a way to hack it.

A_67, believe me I have written to MS and Bill Gates about this, but I'm sure my emails are among countless others from people who are just as annoyed with MS as I am. And also, this isn't a tiny hole that someone had to look for with a fine tooth comb. All of the security bugs/holes in Windows are tremendous. The problem isn't the hackers. It's the software makers.

Kona: Please no personal attacks. If you can sit there and say that you're not annoyed by all the BS you've had to put up with as a Windows user, you will now become the most tolerant person I know. So please, I wasn't attacking any of you, nor did I make any distasteful or improper comments. So please mind your manners. There's no reason to get mad at me over a few comments made on a public message boad.

And as a Windows (and mac) user myself, I am allowed to bash Microsoft as much as I want.

but macrobaye, that isn't particularly productive is it? Sharing information about problems is. At least in my opinion.

Sigh, why do we have to put up with these trolls...

macrobaye...this is not a 'bash Microsoft' thread....it is a virus notification thread.

If you wish to bash anything, start a thread as its topic and allow this one to serve its purpose.

Thankyou.

I wish these worm and virus senders would get a life > >

Listen everyone I'm sorry, I hope you can imagine how annoyed I am by all this Microsoft b/s. I was infected with this worm, and dealt with what all you have, so I know what you're goin through.

Fuzzy Logic: That "Scribe" in front of your name means something right? It makes you higher up on the ladder than other regular members, right? ACT THAT WAY. Calling me a troll, unnecessarily taking personal shots at me, is not the way someone with the "scribe" dignification should be acting. I would like to be friendly with everyone here, I just thought that maybe my comments would be accepted along with everyone here who seems to be affected by this worm. If they weren't, well I had to try. So please, if you want me to stop bashing companies, how about you (and not just you) stop bashing individual members. >

Ms cargor, I understand where you're coming from, and I wish they would stop too, but they are just people like you and me, showing the world how vulnerable Windows is. If you read the message in the virus, it tells Bill Gates to stop making money, and to fix his software. The person who made this worm, however assinine he/she may be, are just trying to prove their point, and they see that this is the way to do it.

Now I don't agree with their methods at all, but if you can tell, I am a firm believer in freedom of speech and expression. So despite these worms being annoying and numerous, we should take a message from them. Maybe if we listen more to these virus senders, we would be better off.

And that goes with anything in the world. Take the war, for instance. I think if we stopped bombing and listened, we would learn that the Iraqi people, along with the rest of the middle east/muslim world, we could learn about their culture, and we could learn why many of them feel the way they feel about America.

Please listen to me. Take what I say with as much weight as you would like, but please, I don't appreciate the unnecessary "user-bashing" personal attacks.

#23 by macrobaye - 8/12/2003 7:21:30 PM

The person that wrote this virus is a criminal who has disrupted the lives of millions of internet users. The Iraqi people are better served by not living their lives ruled by a dictator so cruel that he would send human beings head first into meat shredders. Macrobae your whining and incessant bickering is beginning to become an irritant so you had better go to the fridge and fetch me a beer before I beat you’re a**

Whoops that was a threat / personal attack ... I think

Against the rules ... Hell we all slip