Blaster Virus Fallout
Moderator: Moderators
Blaster Virus Fallout
Like many others out there, the blaster virus has affected me. I screwed up and disconnected my router (that's a long story) and about 5 minutes later...BAM virus hit and told me that my computer was going to shut down. I actually disabled it before my computer shut down...and ran the update and patch. All seemed fine...
Now, I CAN run active on DC++ (although many claim they can't)...but I can't run active on WinMX. If I hurry up and connect to WinMX, and search using a ".", I will get about 8 search results. But if I try to search again, nothing. I can try the "." again, but it won't return anything.
If that isn't aggravating enough, I then started receiving those "netsend" or messenger service popup windows. Like 15-20 of them. They wouldn't popup when I was using my computer...they would popup when I didn't use my computer for a while, and then came back and logged on. They ceased after I disabled the messenger service.
I was just wondering what your thoughts are on this. Do you think it is a coincidence? Do you think it was the Microsoft update that did it? Or was the Blaster Virus not completely removed from my computer, or maybe the patch didn't undo some changes the virus made to my computer?
I have searched and searched and searched about this for a week now...I can't really get anywhere. I'm hoping you could help. Thanks.
Now, I CAN run active on DC++ (although many claim they can't)...but I can't run active on WinMX. If I hurry up and connect to WinMX, and search using a ".", I will get about 8 search results. But if I try to search again, nothing. I can try the "." again, but it won't return anything.
If that isn't aggravating enough, I then started receiving those "netsend" or messenger service popup windows. Like 15-20 of them. They wouldn't popup when I was using my computer...they would popup when I didn't use my computer for a while, and then came back and logged on. They ceased after I disabled the messenger service.
I was just wondering what your thoughts are on this. Do you think it is a coincidence? Do you think it was the Microsoft update that did it? Or was the Blaster Virus not completely removed from my computer, or maybe the patch didn't undo some changes the virus made to my computer?
I have searched and searched and searched about this for a week now...I can't really get anywhere. I'm hoping you could help. Thanks.
Hehe.
-
- Forum Moderator
- Posts: 1420
- Joined: 2003-04-22 14:37
it's mainly port 135 that the blaster attacks...
Restoring Internet connectivity and preventing the computer from shutting down
In many cases, on both Windows 2000 and XP, changing the settings for the Remote Call Procedure (RPC) service may allow you to connect to the Internet to obtain downloads, and will stop the computer from shutting down.
Click Start > Run. (The Run dialog box appears.)
Type:
SERVICES.MSC /S
in the open line, and then click OK. (The Services window opens.)
In the right pane, locate the Remote Procedure Call (RPC) service.
--------------------------------------------------------------------------------
CAUTION: A service named Remote Procedure Call (RPC) Locator exists. Do not confuse the two.
--------------------------------------------------------------------------------
Right-click the Remote Procedure Call (RPC) service, and then click Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
Click Apply, and then click OK.
--------------------------------------------------------------------------------
CAUTION: Make sure that you change these settings back once you have removed the worm.
--------------------------------------------------------------------------------
Yeah. Like I said in the initial post, I was able to disable it before it shut down (by selecting "Take No Action" in the RPC service pane).
The problem is, I am having weird things happen since I got infected. I can't go active on WinMX...and I started getting messenger service popups (I ran adaware, to no avail). I stopped the messenger service popups by disabling messenger service, but I still can't go active in WinMX.
The reason I bring this up is because there are so many people in the Help/Support forum that are having troubles going active in DC++. I can't figure out wtf could have caused it. It seems to be the patch provided by microsoft. Who knows, maybe the RIAA is behind this. (=
The problem is, I am having weird things happen since I got infected. I can't go active on WinMX...and I started getting messenger service popups (I ran adaware, to no avail). I stopped the messenger service popups by disabling messenger service, but I still can't go active in WinMX.
The reason I bring this up is because there are so many people in the Help/Support forum that are having troubles going active in DC++. I can't figure out wtf could have caused it. It seems to be the patch provided by microsoft. Who knows, maybe the RIAA is behind this. (=
Hehe.
No other firewalls...just the hardware one. I have a modem with a built in router and an additional router that is set on bridged ethernet...so it's not NATing, etc.
Oh, and my XP firewall is OFF!
If you really want to know...it had to do with getting Medal of Honor to work behind the firewall with servers that use non-default connection ports. The reason I didn't want to tell you is because it was a stupid thing to do...and I really didn't have a good reason to expose my LAN like that, especially in the wake of an outbreak.
I thought I was invincible. Ha. That stupid worm proved me wrong.
Oh, and my XP firewall is OFF!
Hehe.TheNOP wrote:got somethings you don't want others to know ?
If you really want to know...it had to do with getting Medal of Honor to work behind the firewall with servers that use non-default connection ports. The reason I didn't want to tell you is because it was a stupid thing to do...and I really didn't have a good reason to expose my LAN like that, especially in the wake of an outbreak.
I thought I was invincible. Ha. That stupid worm proved me wrong.
Hehe.
to jbyrd
about bridged/half bridged modem.
it is possible (?), that the patch change something in your PPPoE settings.
i would take look at it if i were you.
since in bridge mode, the computer PPPoE handle the NAT thingy.
also one draw back when you're bridgeing, is you can't connect more then one puter to the modem, no hub will work here, router will help if the router handel the PPPoE connection.
about bridged/half bridged modem.
it is possible (?), that the patch change something in your PPPoE settings.
i would take look at it if i were you.
since in bridge mode, the computer PPPoE handle the NAT thingy.
also one draw back when you're bridgeing, is you can't connect more then one puter to the modem, no hub will work here, router will help if the router handel the PPPoE connection.