Worm!!!!

[sisabet]

I have a worm. And not the kind at the bottom of a bottle of tequila (btw - I saw Poltergiest II at a very impressionable age and it forever shaped any opinion I might have had on the worm) or even the intestinal kind. Nope - this is a system worm. Or something...I'm actually not to up on what it is - sounds kinda bad - I just know my system keeps shutting down.

I learned what little I know from TBQ. As always.

http://www.livejournal.com/users/thebratqueen/304152.html

So maybe someone is trying to take remote control of my computer? I can't imagine why - unless they really want to watch some gay porn. But hell - I'll share my porn - all ya gotta do is ask. Maybe my computer is mad because I am deleting my Farscape files... but I'm burning them to disk - I'll vid Farscape sometime - just not now. I'd like to get the DVDs through at least season 3 first.

Comments

[elke-tanzer.livejournal.com]

I wish I could give you specifics, but here is my hunch: if you are running Windows, and have not run LiveUpdate in the past week or so, you're probably vulnerable to the RPC DCOM vulnerability. There are some automated hacker tools out there that exploit it, and many of them attempt to install themselves via the affected network port and then reboot your machine to finish the installation. It's possible that the tool which has tried to break into your machine isn't compatible with your OS version, and is instead just having the effect of DOSing you (that's Denial Of Service).

Further information:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://securityresponse.symantec.com/avcenter/security/Content/8205.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Your best bet is probably to stop trying to run your virus checker, and instead try running Windows Update first. If that doesn't (or even if it does) work, check your hard drive for the following registry key entry, which indicates the latest automated hacker worm to exploit that vulnerability:

"windows auto update"="msblast.exe"

in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If it's there, remove that msblast.exe entry line. Then try running Windows Update again. You also should update your virus definitions and do a full virus scan, but until you stop the spastic rebooting, you probably won't be able to accomplish that. After that, follow the instructions on the blaster info page at Symantec for removing the blaster worm.

Good luck... if worse comes to worst, back up your user files, locate your software installation CDs and licensing information, and then bite the bullet and reinstall your OS, being sure to run Windows Update and to get the latest virus definitions ASAP after the install.

{{{{{{hugs}}}}}}

And it's not what they want on your computer, it's that they want to control it to then attack other systems.

[sisabet.livejournal.com]

You are really smart.

I am trying to install the critical updates now - the spastic rebooting seems to have stopped for a bit - but there is something wrong with the cryptographic service. I have no idea what that means. I think I need to check for that registry key entry like you said. So -um, not that I am totally computer illiterate, but y'know I've been really busy what with the porn and all, so I haven't exactly kept on top of things, and I'm not exactly certain what I am doing is what I should be doing...that and I have a new idea for a hook for "Battleflag" and wait...did you say blaster worm?? Like in Thunderdome? Cause I so do not want to mess with that - they feed you to the pigs and I am having none of that, ew.

[elke-tanzer.livejournal.com]

This isn't smartness, I just have to deal with this sort of thing at work, and I've seen other people have to go through this sort of thing. I'm so glad that I'm not our primary security expert today...

I think you're on the right track... As far as I know, your priorities should be:
1. get the critical updates installed.
2. search for that registry key and get rid of it.
3. get the latest virus definitions.
4. back up your critical files.
5. scan your machine for viruses.
6. read up on the blaster worm, and make sure you've done all the steps needed to clean it off your computer completely.

Hang in there. Have some tea or chocolate or something, too.

[elke-tanzer.livejournal.com]

Oh, one more thing... if the blaster worm has managed to hose your computer to the point where you can't actually install the Windows Updates, there are ways to undo that. I think they're in those three links in my first comment.

{{{{{{more hugs}}}}}}

[sisabet.livejournal.com]

It has - no updates for me - but I'm working on the fix...which is making me very sleepy. Do I really need a computer? Is it worth the frustration? Hmmm...well there is the free porn.

[elke-tanzer.livejournal.com]

Remember the free porn! Remember the free porn!

Think of it this way as well... if you leave your computer on the internet in an infected state, chances are really high that the worm on your computer is also infecting other computers, which then infect other computers... every infected computer that gets fixed and patched is one less exponential contributor to the global problem.

{{{{{{hugs}}}}}}

[sisabet.livejournal.com]

Dude - you are so right. My computer should wear a rubber - I'm in the registry now.

[momentsintime.livejournal.com]

I have evil worm too
(((sisabet)))
it is evil and mean and I have a sinus infection and should be in bed instead of fighting a puter that starts down almost all the time! grr!

[elke-tanzer.livejournal.com]

More info is here: http://www.livejournal.com/users/elke_tanzer/222271.html

I feel your pain... I have a sinus infection as well at the moment.