Why not register?
Author |
Message |
Purple.Nightmare
|
Posted: Tue Aug 12, 2003 7:46 pm Post subject: |
|
The Ancient One Joined: Wed Jun 18, 2003 5:48 pm Posts: 2912 Location: The House On The Edge Of The Park
|
i somehow got infected by this yesterday(i dont use ie or outlook and had installed nothing) and on a scheduled reboot my firewall/application protection (Black Ice) queried something (msblast) was running for the first time/was trying to access the 'network'. i did a quick search and saw it was malicious so didnt alow it to run and manually removed the registry entries(most of the ports i already had blocked in my firewall) . any way if you got no av soft running (i dont - although i do have some free av soft which i use to scan any new files i get) here are instructions to remove the nasty bugger manually:
*MANUAL REMOVAL INSTRUCTIONS*
*Terminating the Malware Program*
This procedure terminates the running malware process from memory.
1. Open Windows Task Manager press
CTRL+SHIFT+ESC, and click the Processes tab.
2. In the list of running programs*, locate the process:
MSBLAST.EXE
3. Select the malware process, then press either the the End Process
button.
4. To check if the malware process has been terminated, close Task
Manager, and then open it again.
5. Close Task Manager.
*Removing Autostart Entries from the Registry*
Removing autostart entries from the registry prevents the malware from
executing during startup.
1. Open Registry Editor. To do this, click Start>Run, type Regedit,
then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
?windows auto update" = MSBLAST.EXE
4. Close Registry Editor.
*NOTE:* If you were not able to terminate the malware process from
memory as described in the previous procedure, restart your system.
*Additional Windows ME/XP Cleaning Instructions
<http://www.trendmicro.com/en/security/advisories/win_me_clean.htm>*
_________________ I Need More Parts!
<a href="https://forum.dead-donkey.com/viewtopic.php?t=7143" target="_blank">Giallo Collection</a>
|
|
Top |
|
|
PrayeR
|
Posted: Tue Aug 12, 2003 8:53 pm Post subject: |
|
a member of the recently deceased Joined: Fri Jun 13, 2003 12:55 pm Posts: 1194
|
wargand
in that case router could protect from that virus
cuz closing 135-139 is very good idea ALWAYS.
and HAVING no antivirus on one of my comps and having 135-139 closed saved my ass from that worm.
|
|
Top |
|
|
PrayeR
|
Posted: Tue Aug 12, 2003 8:56 pm Post subject: |
|
a member of the recently deceased Joined: Fri Jun 13, 2003 12:55 pm Posts: 1194
|
Purple.Nightmare
man, there r alerady many patches from various antivirus software companies...
|
|
Top |
|
|
Polityk
|
Posted: Fri Aug 15, 2003 4:31 pm Post subject: |
|
Mod of the Living Dead Joined: Fri Nov 22, 2002 4:30 pm Posts: 3346 Location: Where dead angels lie
|
My system recently starded saying some process has been interrupted unexpectedly and I should close all my apps within 1 minute. And then it starts a countdown! F***, nothing helps. I think I'll have to format my hdd.
|
|
Top |
|
|
ohgodnotanotherone
|
Posted: Fri Aug 15, 2003 4:49 pm Post subject: |
|
The Devil, Probably Joined: Sun Apr 27, 2003 6:21 pm Posts: 1676
|
Polityk wrote: | My system recently starded saying some process has been interrupted unexpectedly and I should close all my apps within 1 minute. And then it starts a countdown! F***, nothing helps. I think I'll have to format my hdd. |
HELLO, and welcome to YESTERDAY
Scan your system; Install the patch get norton's free seek & removal tool......should fix you..........
Damn I lost the links..
_________________ .....Extended holiday at the funny farm......
|
|
Top |
|
|
monkeysmasher
|
Posted: Fri Aug 15, 2003 7:47 pm Post subject: |
|
The Devil, Probably Joined: Sun Dec 08, 2002 3:07 am Posts: 2174 Location: I'm inside of you.
|
err, there have been a lot of variants of that mblaster worm pop up recently, with differen prog names running.
safe to say if you press ctr alt del and taskmaster has a nameless program running, you may want to terminate it.
hehe, i block those ports too. 135-139, as well as 0-134,140-4660,4663-100000000000000.
only bout 10 websites i go too anyway, so i dont miss much.
_________________ 'You - you monster! Why? Why in God's name do you do these horrible things??!'
'I thought it was obvious, you sillly girl. I'm a monster. I do monstrous things.'
|
|
Top |
|
|
Polityk
|
Posted: Sat Aug 16, 2003 12:18 pm Post subject: |
|
Mod of the Living Dead Joined: Fri Nov 22, 2002 4:30 pm Posts: 3346 Location: Where dead angels lie
|
ohgodnotanotherone wrote: | Scan your system; Install the patch |
What do you mean scan your system get the patch?
|
|
Top |
|
|
ohgodnotanotherone
|
Posted: Sat Aug 16, 2003 4:00 pm Post subject: |
|
The Devil, Probably Joined: Sun Apr 27, 2003 6:21 pm Posts: 1676
|
Oh dear----here we go again:
Get either good firewall blocking certain ports (135 I believe) OR get a patch from microsoft : link is somewhere on this thread...
Then still it's probably on your computer so get a scan and removal tool from norton....it's free.....
___>>> READ THRU THE THREAD AGAIN <<<<<____
_________________ .....Extended holiday at the funny farm......
|
|
Top |
|
|
spudthedestroyer
|
Posted: Sat Aug 16, 2003 4:44 pm Post subject: |
|
Site Admin Joined: Sat Nov 02, 2002 1:35 am Posts: 19755 Location: En España
|
u need to block remote port 135-139 UDP/TCP
local port 135-139 UPD/TCP
local port 445 TCP/UDP
remote port 445 TCP/UDP
_________________ Mouse nipple for the win! Trackpoint or death!
|
|
Top |
|
|
Who is online |
Users browsing this forum: No registered users and 34 guests |
Moderator: Help Mods
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|