Beware a new trojan!!

ChartMan

Legendary member
Messages
5,580
Likes
47
This will get you if you haven't got today's definitions from Norton, and/or you DO NOT have a firewall installed. You will get a message block come up that says NT Administrator \ System will shut your computer down in 1 minute.
The " blaster worm" has got into your system. Attached is the removal tool, zipped up or you can get it from Norton....This is hitting everywhere across the world so I guess someone on this BB will get it.
Load the file and extract it to a floppy.
Reboot your machine into safe mode then run the removal tool Blaster.exe. This will then tell you that the trojan has been removed and then direct you to a microsoft web page that will enable you to download a permanent fix for this security loophole:
Windows security patch:" Buffer Overrun in rpc interface could allow code execution...."
That's why I had PC problems last night.

http://microsoft.com/downloads/deta...6C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
 

Attachments

  • fixblast.zip
    157.7 KB · Views: 371
Hi Chartman

Thanks for sharing that. My brothers computer has been infected, and I couldn't work out what was wrong. Clever bug :devilish:
 
CM,
does this effect older versions of WIN,as I cannot see a patch for older versions on link.
Thanks
Steve
 
Is there any way of fiinding out we have it without running the above patch?
I have PC-cilling AV - just got update - but dunno if this virus/worm is being dealt with....
 
oatman

thanks for the links
I have anti-virus software by PC-cillin. Am not sure yet if this particular virus is dealt with.... i thiink it is - am confirming though...

cheers
 
It will only get you if you run CABLE/ADSL and DON'T have some sort of firewall installed. It won't hurt to install the patch though...
 
used to use adsl - am on dial-up at the moment.
have just installed a firewall as well..
and have Anti-virus (AV) installed - reckon i should be ok
 
Chartman

I had some thing similar last night.

Came up with the "NT Administrator \ System will shut your computer down in 1 minute."
and "Remote Procedure call terminated unexpectedly"

Managed to view Microsoft recommended page of

http://support.microsoft.com/?kbid=823980

Installed the patch upgrade to XP seems to be ok so far. The description looks similar to your one CM - RPC blah blah - but I'm currently on Dial up so not just ADSL and cable if it's the same.

Will download your blaster tool later on to be sure . Many thanks

fingers crossed ....
 
what is magic about adsl/cable ?

that relates to this problem ?

Is it an attack on retail user ?
 
The magic about ADSL is that you are always connected. Infected PCs try and infect every other device on the same subnet thus ADSL/Cable users are more at risk.

Loads of my customers have had major problems today, in fact the worst virus infection I have ever seen though the affects are mild and it's easy to get rid of.

This is an advert for Automatic Update to be enabled if ever there was one.

JonnyT
 
I had blaster yesterday. It was terrible. Freeserve have been absolutely hammered by it and wouldn`t stay on for more than 1 minute. It infiltrates xp and 2000. Beware of getting it because its impossible to download anything as the pc is constantly switched off. I managed to get freeuk working for long enough to download the tool and the patch from windows. I believe symantec has it in their download now

You need to switch off system restore when downloading the patch

I now have norton and zonealarm working and all is well but I am aware that it will reinfect if I turn my firewall off. I believe it is programmed to show itself between certain times so you may have it but not know until later
 
Run blaster.exe and it will kill the infection period. You may have to do it in safe mode....
Just as a precaution, IF you think you might get hit, load the zip file onto your desktop NOW, for later use. The trojan seems to run only when you are connected to the net, either browsing or email...if it's on your desktop, you wont need to go online to get it....
 
Top