Jump to content
Sign in to follow this  
TorreyIsLDS

I Got Msblaster!

Recommended Posts

now i got a question..how did i get infected? i have avg professional on all the time, sygate firewall on all the time, and I have all ms updates!

 

:(

Share this post


Link to post
Share on other sites

I have ZoneAlarm and haven't gotten it. Make sure your ports are blocked. Which version did you get?

Share this post


Link to post
Share on other sites

How to stay online :- Before you go online:

 

Click on Start

Click Run then type: services.msc

When the Services window opens up, scroll down the list to the first Remote Procedure Call (RPC)

Right-click on this and select Properties

Click on the Recovery tab

You will see the drop-down menus labelled First failure, Second failure and Subsequent failures. These will be set to 'Restart' as default.

Change each drop-down menu to 'Take No Action' then click Apply and OK.

Close the Services window

Now connect to the Internet and follow the instructions below to download the relevant security patch for your version of Windows

 

Then read this :- INFO. ;)

Share this post


Link to post
Share on other sites

well this is weird:

 

with the norton fixblaster program, it found nothing:

 

Posted Image

 

and my pc seems fine now..but the window loked just like the msblaster thing, with the 60 seconds to shutdown thingy, and saying something about RPC.

Share this post


Link to post
Share on other sites

Running a PC in the DMZ zone on your router maybe?? :mrwinky:

Share this post


Link to post
Share on other sites

The crashes occur NOT when you are infected, but when blaster calls the wrong rpc function. As in, you're on XP, and it calls the procedure to exploit 2000 and vice versa. So don't worry, you're not infected, but there is a hole in your firewall....

Share this post


Link to post
Share on other sites

ok thx everyone..so what was all that about? the thingy said it was gonna shut down my pc, but my pc restarted, but didnt shut down?

 

:blink:

Share this post


Link to post
Share on other sites

ok thx everyone..so what was all that about? the thingy said it was gonna shut down my pc, but my pc restarted, but didnt shut down?

 

:blink:

Yeah, it restarts even though the message says shutdown...thats fine.

See if there are any updates for your firewall.

Try to block tcp ports 135-139 and port 445

TCP port 4444

UDP Port 69

Share this post


Link to post
Share on other sites

AVG never found it on my mother in laws either. had to use stinger.

 

I stayed on line long enough by doing what Inprofile said to do.

Edited by lindalou

Share this post


Link to post
Share on other sites

ok thx everyone..so what was all that about?  the thingy said it was gonna shut down my pc, but my pc restarted, but didnt shut down?

 

:blink:

Yeah, it restarts even though the message says shutdown...thats fine.

See if there are any updates for your firewall.

Try to block tcp ports 135-139 and port 445

TCP port 4444

UDP Port 69

there arent, im using sygate free personal firewall, vs 5.5

Share this post


Link to post
Share on other sites

listen man. When it says that go to rin and type "command" you will see the command prompt. type "shutdown -a" and the shutdown will abort. Then do what you gotta do :blank:

Share this post


Link to post
Share on other sites

i have one...

 

its alinksys etherfast 10/100 4 port router

Edited by sk8bloke87

Share this post


Link to post
Share on other sites

ok thx everyone..so what was all that about?  the thingy said it was gonna shut down my pc, but my pc restarted, but didnt shut down?

 

:blink:

Yeah, it restarts even though the message says shutdown...thats fine.

See if there are any updates for your firewall.

Try to block tcp ports 135-139 and port 445

TCP port 4444

UDP Port 69

there arent, im using sygate free personal firewall, vs 5.5
Must be configured wrong, cuz if they were blocked, it wouldn't have happened ;)

 

Better check your rule set (or whatever sygate uses...)

Share this post


Link to post
Share on other sites

:blushing: duh...I'm an idiot :blushing:

 

especially after just posting on this thread. :lol::lol::lol:

 

I was playing around with some programs and disabled ZoneAlarm while not online. I forgot about it and logged on to the Pit and immediately got the MSBlaster. (and immediately disabled System restore).

 

I enabled ZA and it stopped blaster from connecting and allowed me to run Panda and got rid of it. Rebooted (since it is setup to enable itself at startup) and ran Microtrend and Panda again....everything clear. Certainly not a devastating virus and I was surfing while Panda was cleaning.

Checked the registry and all is clean.

 

ZoneAlarm works GREAT! (when it is enabled :P )

 

Odd thing is...the scan said there were no files or folders infected...just the System.

Edited by x5dr

Share this post


Link to post
Share on other sites

thats probably how i got infected...ive been benching a lot lately, and I shut down all the background programs...then when im done, i upload the results to madonion.com...that must be how i got infected...wieird thing is neither sygate nor avg found traces of it after i ran viruscan. No signs of msblaster. that norton fixblaster.exe didnt detect any viruses either...

Share this post


Link to post
Share on other sites

ok thx everyone..so what was all that about?  the thingy said it was gonna shut down my pc, but my pc restarted, but didnt shut down?

 

:blink:

Yeah, it restarts even though the message says shutdown...thats fine.

See if there are any updates for your firewall.

Try to block tcp ports 135-139 and port 445

TCP port 4444

UDP Port 69

how do i set that up in sygate? and what kinda port is 445?

 

Posted Image

Share this post


Link to post
Share on other sites

I just use online virus scans and it detected it...when I enabled ZA and went online to run Panda it gave me a popup that msblaster was trying to access the net and I stopped it. That is probably how I was able to stay online without being kicked off (which happened when I got the bug).

Edited by x5dr

Share this post


Link to post
Share on other sites

Did you know we now have an antivirus/spyware forum??

 

I know your new here so all is forgiven this time. :rolleyes: v

Share this post


Link to post
Share on other sites

The only virus I ever got was from my friend timisu89(alan). It sucked when I got it. I had to reinstall windows on all my computers(5). It was a real nasty one. It wasn't just one virus, but thousands of em.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...