Lovesan Worm

SDJasonSDJason Join Date: 2003-05-29 Member: 16841Members
<div class="IPBDescription">fix</div> I got this virus... befroe it was announced on news and what not... but i fixed by unplugging my network.... the shutdown is remotely initiated and when i disconnected my network the computer did not automatically shut down... from there i was able to re enable Norton Auto protect... if i tried with the virus it would say error.... i then re plugged in the network.. rebooted, and downloaded the latest NAV files.. problem solved....

Just a heads up since you CANNOT enable Norton Anti Virus at all if you get it, and it disables it if it was engaged, which was the case with me...

~Jason

Comments

  • DoADrunkMonkeyDoADrunkMonkey Join Date: 2003-01-05 Member: 11902Members
    lesson learned, dont use NAV.
    get a real anti virus like mcfee or KAV.

    trust me nav is kidna useless in most ways, better than any av is yes... YOUR BRAIN! dont open anythinf u dont like, and see wat strange files get booted on start up.
  • XentorXentor Join Date: 2002-11-03 Member: 5877Members
    edited August 2003
    You don't need an antivirus program to get rid of this one... Here's how to do it:

    1) Go into task manager (Ctrl+Alt+Delete), find the one named MSBLAST.EXE, or something like that, and do an "End Process" on it.

    2) Start, Run, "regedit"... Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run and delete the key with MSBLAST in it

    3) Goto the Microsoft website and get the patch to fix the DCOM vulnerability. It's linked on the front page, but you can also find it by typing MSBLAST into the search box on their site. Download and run the patch.

    4) Do a global file search on your computer (Start, Find, etc). Search for "*MSBLAST*" and delete the two occurrences (If I remember correctly, there are two files).

    Tada, you're clean, and you can't be reinfected.

    Oh, and even if you're not infected, do step 3 and install that patch. You can also find it on windowsupdate, but since the worm attacks windowsupdate.microsoft.com at certain times on certain days of certain months, it might be a little tricky.

    [edit]
    <!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->trust me nav is kidna useless in most ways, better than any av is yes... YOUR BRAIN! dont open anythinf u dont like, and see wat strange files get booted on start up. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->

    Don't get me wrong, I hate Norton too... But this worm exploits a vulnerability in one of NT/2k/XP's subsystems. You don't have to download or install ANYTHING to be infected. It connects to you directly over the internet by scanning random IPs (Maybe not random, but something like that), and installs itself completely invisibly, even if you're not at the computer. The only way to stop it is to firewall yourself or install that patch.

    [/edit]
  • Cheez1Cheez1 Join Date: 2003-01-28 Member: 12900Members
    edited August 2003
    I know this is important, but please keep it in the off topic.
  • SpazmaticSpazmatic Join Date: 2003-05-10 Member: 16184Members
    <!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->I know this is important, but please keep it in the off topic. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->

    Mostly, we already got one thread about this, which was enough, imho.
  • XentorXentor Join Date: 2002-11-03 Member: 5877Members
    Well, I just felt like replying to something <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
  • Nemesis_ZeroNemesis_Zero Old European Join Date: 2002-01-25 Member: 75Members, Retired Developer, NS1 Playtester, Constellation
    Xentor and Spaz already gave the reason for what is going to follow...

    <span style='color:red'>***Locked.***</span>
This discussion has been closed.