Blaster Virus



Barry
07-09-2005, 10:48 PM
Hi
Where can i get a anti-virus to remove the Blaster Virus , my Server
2003 shutsdown suddenly

Barry

David H. Lipman
07-09-2005, 10:48 PM
From: "Barry" <someone@somewhere.com>

| Hi
| Where can i get a anti-virus to remove the Blaster Virus , my Server
| 2003 shutsdown suddenly
|
| Barry
|

Well you haven't shown that you have the Lovsan/Blaster virus. To truly diagnose, you have
to supply supporting facts. You all so *need* anti virus software on a Server !

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Barry
07-09-2005, 10:48 PM
Hi David
Sorry i did not mention my OS, its Windows 2003 Server
After i logon to the Internet, after a few minutes i see the windows
, System shutting down in xx Minutes
Sometime ago when i wen back to the system without logging on to the
Internet, The RAM or whatever had reduced drastically, whats wrong

Thanks for you advice so far

TIA

Barry

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eira26qZFHA.1448@TK2MSFTNGP09.phx.gbl...
> From: "Barry" <someone@somewhere.com>
>
> | Hi
> | Where can i get a anti-virus to remove the Blaster Virus , my Server
> | 2003 shutsdown suddenly
> |
> | Barry
> |
>
> Well you haven't shown that you have the Lovsan/Blaster virus. To truly
diagnose, you have
> to supply supporting facts. You all so *need* anti virus software on a
Server !
>
> Obtain McAfee's virus and worm removal tool, Stinger:
http://vil.nai.com/vil/stinger/
>
> 1) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 2) Reboot your PC into Safe Mode and shutdown as many applications as
possible
> 3) Using McAfee Stinger, perform a Full Scan of your platform and
clean/delete any
> infectors found
> 4) Restart your PC and perform a "final" Full Scan of your platform
> 5) If you are using WinME or WinXP, Re-enable System Restore and
re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),
> 6) Reboot your PC.
> 7) If you are using WinME or WinXP, create a new Restore point
>
> * * Please report back your results * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman
07-09-2005, 10:48 PM
From: "Barry" <someone@somewhere.com>

| Hi David
| Sorry i did not mention my OS, its Windows 2003 Server
| After i logon to the Internet, after a few minutes i see the windows
| , System shutting down in xx Minutes
| Sometime ago when i wen back to the system without logging on to the
| Internet, The RAM or whatever had reduced drastically, whats wrong
|
| Thanks for you advice so far
|
| TIA
|
| Barry

Barry:

You did mention that it is Win2003 Server ;-)

But you still haven't provided any substantiatibg facts. We need the EXACT "NT SHUTDOWN"
message.

For example see the attached associated with the LASSAS vulnerability and the Sasser worm.
The Lovsan/Blaster is similar except it specifically mentions RPC in the shutdown message.

However, you will be glas to know that Stinger targets both the Sasser and Lovsan/Blaster
worms. But to protect the server, one must know EXACTLY what the problem is to mitigate the
vulnerability that is being exploited (assuming that's the case).

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Barry
07-09-2005, 10:49 PM
Hi

The virus has suddenly disappeared, i have no clue why, i downloaded
s-t-i-n-g-e-r.exe but when i scanned with it i found nothing , can this
happen ??, i am a little confused, is the virus activated through some date
or some other trigger.
Can someone tell me how i could have got this virus, i am using
Windows 2003 Server

TIA
Barry

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:#BqGYIrZFHA.1456@TK2MSFTNGP15.phx.gbl...
> From: "Barry" <someone@somewhere.com>
>
> | Hi David
> | Sorry i did not mention my OS, its Windows 2003 Server
> | After i logon to the Internet, after a few minutes i see the
windows
> | , System shutting down in xx Minutes
> | Sometime ago when i wen back to the system without logging on to
the
> | Internet, The RAM or whatever had reduced drastically, whats wrong
> |
> | Thanks for you advice so far
> |
> | TIA
> |
> | Barry
>
> Barry:
>
> You did mention that it is Win2003 Server ;-)
>
> But you still haven't provided any substantiatibg facts. We need the
EXACT "NT SHUTDOWN"
> message.
>
> For example see the attached associated with the LASSAS vulnerability and
the Sasser worm.
> The Lovsan/Blaster is similar except it specifically mentions RPC in the
shutdown message.
>
> However, you will be glas to know that Stinger targets both the Sasser and
Lovsan/Blaster
> worms. But to protect the server, one must know EXACTLY what the problem
is to mitigate the
> vulnerability that is being exploited (assuming that's the case).
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-09-2005, 10:49 PM
From: "Barry" <someone@somewhere.com>

| Hi
|
| The virus has suddenly disappeared, i have no clue why, i downloaded
| s-t-i-n-g-e-r.exe but when i scanned with it i found nothing , can this
| happen ??, i am a little confused, is the virus activated through some date
| or some other trigger.
| Can someone tell me how i could have got this virus, i am using
| Windows 2003 Server
|
| TIA
| Barry

Did the shutdown look like the attached (I just recently found my graphic of the shutdown
event)?

Do you have the following patch installed ?
"Cumulative Update for Microsoft RPC/DCOM (828741)"

http://www.microsoft.com/downloads/details.aspx?FamilyId=07317CE9-520D-4574-B575-5FB85DA9A4D7&displaylang=en

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Barry
07-09-2005, 10:49 PM
Hi

No i did not apply any patch, and before i could run stinger.exe it
disappeared, i will keep you posted if it reappears again
I also cannot recollect what the shutdown message was.

Barry

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:#ZyVOMEaFHA.2076@TK2MSFTNGP15.phx.gbl...
> From: "Barry" <someone@somewhere.com>
>
> | Hi
> |
> | The virus has suddenly disappeared, i have no clue why, i
downloaded
> | s-t-i-n-g-e-r.exe but when i scanned with it i found nothing , can this
> | happen ??, i am a little confused, is the virus activated through some
date
> | or some other trigger.
> | Can someone tell me how i could have got this virus, i am using
> | Windows 2003 Server
> |
> | TIA
> | Barry
>
> Did the shutdown look like the attached (I just recently found my graphic
of the shutdown
> event)?
>
> Do you have the following patch installed ?
> "Cumulative Update for Microsoft RPC/DCOM (828741)"
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyId=07317CE9-520D-4574-
B575-5FB85DA9A4D7&displaylang=en
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-09-2005, 10:49 PM
From: "Barry" <someone@somewhere.com>

| Hi
|
| No i did not apply any patch, and before i could run stinger.exe it
| disappeared, i will keep you posted if it reappears again
| I also cannot recollect what the shutdown message was.
|
| Barry

Well then since the patch was not installed, an attempt at an exploit caused the shutdown
but not infecting the platform.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Blaster Virus