Is this the same as the one discussed on the Off-topic?

and how do I know I got a 32 bit or 64 bit Windows XP?

Damn. Here I thought this was going to be a thread about a level 10 gun or something.




Jose Chavez: "Trent! It's good to see my kind of scum."

This worm is no joke. And most virus definitions won't catch it until they're update to 12AUG03. I had to remove it from my boss's computer today. It's a pretty easy fix... Here's how you know you have it....


#1. You're using your computer when a message comes up telling you that the Remote Procedure Call has crashed and your computer will shut down in 1 minute. (THIS IS THE BIGGEST GIVEAWAY!)
#2. Slight performance decrease on the internet (Worm replicating)
#3. The file "msblast.exe" is found on your computer.

What do you do? Well first, you need to fix your Remote Procedure Call vulnerability. God bless Microsoft (sarcasm) for including that security loophole. As thousands of infected computers randomly select IP addresses to send the worm to, the Remote Procedure Call vulnerability is exploited to transfer the files to your system. The crashing problem happens because once your computer is found as vulnerable, the IP address is saved and you will constantly receive the worm. All of this cluttler on port 165 (could be 135, don't remember) causes the Remote Procedure Call (Hereto known as RPC) to crash. Windows XP (especially, but other OSs as well) will shut down the computer if the RPC service fails!

Microsoft has provided a patch for this, simply search for "Remote Procedure Call vulnerability" under Google and you should be able to find the latest patch.

Now... go to Symantec's website and download the W32.Blaster.Worm removal tool and run it.

Of course, this is a dumbed down version of the actual processes that the worm goes through, but I think for explaining to laymen it should suffice (it's probably more than you wanted to know anyway!)

Hope I was able to to help!

---

#1. You're using your computer when a message comes up telling you that the Remote Procedure Call has crashed and your computer will shut down in 1 minute. (THIS IS THE BIGGEST GIVEAWAY!)

---

WOW, I hope the system administrators know this at our office. We got a network of 8000 computers throughout Holland and I received that message about three times before I gave up and went home.

Edited by - Nickless on 12-08-2003 23:14:28

great, one version is the wrong one for my computer, the other isnt a valid win32 app? WTF

"What? Another girl! Tell me my boy. *whispers* what have you been doing?" - Tobias

the worst thing about this piece of .... virus is trying to download the patch
as the pc gets reinfected and shuts down as you try and get the file you need 1.25meg it keeps targeting your ip (a few seconds and i had it again)
the remover is small and getting it before shutdown is easy but the patch is a pain 100kb at a time ((((((((((((
but its gone now thank god
all i can say is GET THE PATCH before you get this major source of grief

I am hoping my firewall and Norton Antivirus keeps this one out. I have had good luck so far.

I upgraded my firmware in my firewall to its latest edition, didn't know that that was possible...

And i upgraded norton to its latest virus version.

So I think i am set... We will see.

----------------------------------------

I really can't stress this enough, get the Microsoft patch BEFORE you get the W32.Blaster.Worm repair tool.

Why?

Because even if you clean off the worm, without the security patch you will be retargeted very quickly and it will be back. This worm brings back memories of the Opaserv/Opasoft worm.....

Like the guy asked, how can you tell of your XP is 32 or 64 bit edition?

There are 3 XP editions, namely Home edition, Professional edition and 64 bit edition. The first two are 32 bit editions. So if you officially bought your XP edition (), then you should know if it´s 32 or 64 bit. If you want another way to check which version you have, then press CTRL, ALT, DELETE and the Task Manager will come up. In there, select help and then about Task Manager . This will bring up a screen which tells you what edition you have and its version (build, possible Service Pack added etc.)

@ nickless

where do you work. the Bloemenveiling Aalsmeer perhaps. that is the biggest network throughout holland I heard