Author Topic: ALERT: VIRUS WARNING (Read 1062 times)

Moogie · « **on:** August 16, 2003, 04:21:59 pm »

Friends, Romans, Planeshifters,

There\'s a new Worm virus on the loose, and I\'m sure alot of you have heard of it during the past 1-2 days.

I\'d like to make everyone aware of \'MSBLAST\'. It has a few different variants, the most common being the A, B and C variants. While not harming your computer\'s data, it can shut down your PC randomly (you will see a message box appear with a 60 second countdown).

Now, here\'s how to know if you\'re infected. I have taken this information straight from this page for your immediate viewing. You may refer to the original page for more detail.

THIS VIRUS ONLY INFECTS WINXP/2000 USERS!

Step 1. Are you infected?

A. Press and hold down the Ctrl-Alt-Del keys simultaneously. (Or Right-Click on an empty area of the Task Bar and select Task Manager) This will open the Task Manager window.

B. Click the Processes tab at the top of the Task Manager window.

C. Scroll down and look for MSBlast.exe (Variant \"A\"), PENIS32.EXE (Variant \"B\") or TEEKIDS.exe (Variant \"C\"). If not found, your machine is not yet infected. Close the Task Manager.

D. If found: Click once on MSBlast.exe (Variant \"A\") or PENIS32.EXE (Variant \"B\") and then click the End Process button. Close the Task Manager.
Check the Variant box in the upper right for the latest file names to look for.
(Continue to Step 2)

Step 2. Edit the Registry.

A. Click the Start button, then click Run.

B. Type REGEDIT in the Open: field, and click the OK button.

C. Expand the HKEY_LOCAL_MACHINE by clicking once on the small plus to it\'s left.

D. Expand SOFTWARE by clicking once on the small plus to it\'s left.

E. Scroll down and expand Microsoft by clicking once on the small plus to it\'s left.

F. Scroll way down and expand Windows by clicking once on the small plus to it\'s left.

G. Expand CurrentVersion by clicking once on the small plus to it\'s left.

H. Scroll down and click on the word Run (Don\'t expand this one.)

I. In the right window, locate and RIGHT-Click on the Windows Auto Update entry, and select Delete.
(If you don\'t find the Auto Update entry, with MSBlast.exe or PENIS32.EXE to the right, simply close the Registry Editor window, and proceed to step 3.)

Step 3. Download and install the patch.

A. All machines running Windows XP and XP-Pro should install the Microsoft patch found here.

B. When done downloading and running the patch program, do a normal shutdown and restart of your computer. Your computer is now safe from infection from this little bug, and more dangerous ones like it that will most likely be released in the future.

[Edited: Disabled smileys farking with my post.]

Monketh · « **Reply #1 on:** August 16, 2003, 04:28:43 pm »

Thanks Moog

druke · « **Reply #2 on:** August 16, 2003, 07:45:03 pm »

thanks moog, in got the reboot in 60 seconds, would have never know, thanks a ton!!

Caldazar · « **Reply #3 on:** August 16, 2003, 08:10:26 pm »

Correct me if Im wrong, but this only \"works\" when you are connetected to the internet, right?

Kundalf · « **Reply #4 on:** August 17, 2003, 10:27:44 am »

What do you mean?

You can be infected, while online, you can download the patch, while online and the worm spreads, while you\'re online....

...you may also be infected, while connected to an infected computer on LAN, you can edit thte registry, while you\'re offline, and you can install teh patch, while you\'re offline, if you\'ve already got it on your PC. Btw, to install the patch you need the latest service packs, afaik.

Caldazar · « **Reply #5 on:** August 17, 2003, 02:29:23 pm »

I got MSblast while playing daoc, online. When I rebooted and connected to internet, I rebooted, again. When I didnt connect to internet, I didnt reboot. MSblast closes your remote procedure call (?), which is only active whilst online.

dorbian · « **Reply #6 on:** August 18, 2003, 02:00:10 pm »

well msblast doesn\'t conenct to the internet windows upodate connects to the internet and the worm changed the program from windows update to msblast if you have no internet msupdate won\'t be activated in this case msblast.exe.

\"windows auto update\"=\"msblast.exe\"

to the registry key:

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

so that the worm runs when you start Windows.

if that is removed all will be save the worm can\'t start anymore and you can do athever you want do keep in mind you should have removed the virus before yesterday ( i\'m a bit late aint i ) cuz the virus will send a mail to microsoft with the message:

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!

( i ripped the exe file open so i saw what it will do eventualy ) the reboot would stop after 3 days and then coutdown to the moment to mail :S

while symantec claimed it would never apear

derwoodly · « **Reply #7 on:** August 20, 2003, 12:34:36 pm »

Author Topic: ALERT: VIRUS WARNING (Read 1062 times)

Moogie

ALERT: VIRUS WARNING

Monketh

(No subject)

druke

(No subject)

Caldazar

(No subject)

Kundalf

(No subject)

Caldazar

(No subject)

dorbian

(No subject)

derwoodly

(No subject)