HELP!!suspect my laptop infected by "MSBlaster"

Discussion in 'Computer Support' started by Black Tractor, Jan 31, 2005.

  1. Hi there...

    Think my laptop is infected by "MSBlaster" (as the symptom looks similar,
    will auto shutdown when surfing the net)

    Any solution, please help... thanks
     
    Black Tractor, Jan 31, 2005
    #1
    1. Advertisements

  2. Black Tractor

    Aquanaut Guest

    Buy and run some anti virii software could be a real good start.
    http://www.google.co.uk/search?hl=en&q=msblaster+removal&meta=
     
    Aquanaut, Jan 31, 2005
    #2
    1. Advertisements

  3. Black Tractor

    °Mike° Guest

    <Canned response>

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for any entry/ies that include
    MSBLAST.EXE, PENIS32.EXE, TEEKIDS.EXE, MSPATCH.EXE,
    MSLAUGH.EXE, ENBIEI.EXE, ESCHLP.EXE or TFTP.EXE .
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe
    Variant D - mspatch.exe
    Variant E - mslaugh.exe
    Variant F - enbiei.exe
    Variant G (aka T) - eschlp.exe & svchosthlp.exe
    Variant H (aka K) - mschost.exe & tftp.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,
    msblast.exe-0235D8H6.pf, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants
    http://support.microsoft.com/default.aspx?kbid=826955

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/default.aspx?kbid=826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.D.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.d.worm.html

    W32.Blaster.E.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html

    W32.Blaster.F.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html

    W32.Blaster.T.Worm (aka G)
    http://www.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html

    W32.Blaster.K.Worm (aka H)
    http://www.symantec.com/avcenter/venc/data/w32.blaster.k.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
     
    °Mike°, Jan 31, 2005
    #3
  4. Black Tractor

    °Mike° Guest

    On Mon, 31 Jan 2005 23:13:58 GMT, in
    <WYyLd.585$>
    Aquanaut scrawled:

    There is no such word as "virii".

    <snip>
     
    °Mike°, Jan 31, 2005
    #4
  5. Black Tractor

    Kenny Guest

    Yes there is, both virii and viruses are accepted as plurals of virus.
     
    Kenny, Feb 1, 2005
    #5
  6. Black Tractor

    °Mike° Guest

    °Mike°, Feb 1, 2005
    #6
  7. Black Tractor

    G. Morgan Guest

    Subject: Re: HELP!!suspect my laptop infected by "MSBlaster"
    Newsgroup: 24hoursupport.helpdesk

    As usual, arrogant Mike is wrong.

    http://www.answers.com/virii&r=67


    In the English language, the normal plural of "virus" is "viruses". This form of
    the plural is correct, and used most frequently, both when referring to a
    biological virus and when referring to a computer virus. The forms "viri" and
    "virii" are also used as a plural, although less frequently. There is
    disagreement over whether these forms should be considered correct.

    The plural virii is frequently perceived to be founded on a misunderstanding of
    Latin plurals such as radii. It may have originated as whimsical usage on BBSes
    (see also: leet). The virii form is used most frequently, although not
    exclusively, among crackers and computer virus writers with reference to
    computer viruses. Most computer professionals unaffiliated with the warez,
    cracker, and virus writing scenes use the "viruses" form instead of the "virii"
    form.

    The viri form is used less often. It is sometimes used by professionals, and can
    refer to both biological and computer viruses. To complicate matters further,
    viri is already used in Latin as the plural of vir, meaning "man" (thus making
    viri meaning "men") [1]
    (http://www.archives.nd.edu/cgi-bin/lookup.pl?stem=vir&ending=i).
     
    G. Morgan, Feb 1, 2005
    #7
  8. Black Tractor

    Rob K Guest

    On Mon, 31 Jan 2005 18:22:44 -0600, G. Morgan wrote:

    I did not see a reply from arrogant Mike. I read a reply from ºMikeº.
    Just stick to the facts please.
    That's 50 % of the matter settled.
    So, the rest is a matter of Latin, right ? I agree with this bit :
    In Latin "virus" is generally regarded to be a neuter of the second
    declension, but the word is so rare that there are no recorded plurals.

    (Let me assume that you are not a troll and that you actually know what
    a neuter of the second declension is. I think I'll regret that
    assumption.)

    Let's keep it simple.
    Scholars have no "communis opinio" on a (constructed) plural, and
    personally I do not much care what "computer professionals unaffiliated
    with the warez (sic), cracker(?), and virus writing scenes " make of it.
    I repeat: there are no *recorded* plurals.

    Arma virumque cano.
     
    Rob K, Feb 1, 2005
    #8
  9. Black Tractor

    °Mike° Guest

    <Directed at G. Morgan, whose posts I do not see.>
    As I said, only ignorant fools....

    There is no need for you to regret that assumption, Rob.
    G. Morgan is nothing more than a troll, IMO, which is
    why he's been in my shit bin for some time.
    You would have to, to get through to the above imbecile.

    <snip>
     
    °Mike°, Feb 1, 2005
    #9
  10. Black Tractor

    Mara Guest

    I think you will, too.

    Here:

    http://makeashorterlink.com/?F1E323F5A

    or

    http://www.google.com/search?q=The+...ient=firefox-a&rls=org.mozilla:en-US:official

    "Just in case."
     
    Mara, Feb 1, 2005
    #10
  11. When I was high school we were taught it was 'virii'. Now that
    viruses is ok, I'm all for it.

    Swill

    --
    "Local Power Company, how may I assist you today?"

    "My power is going out."

    "Have all your lights gone?"

    "No, just the one in the refrigerator."

    www.userfriendly.org
     
    Governor Swill, Feb 2, 2005
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.