you might have read about it but this is a pretty sneaky virus since it doesn't need you to do anything other be connected to the internet to infect you and other computers. here's the info on it.....(fix and remove tools available from mcirosoft and symantec or me)

Based on the number of submissions received from customers and based on information from the Symantec's DeepSight Threat Management System, Symantec Security Response has upgraded this threat to a Category 4 from a Category 3 threat.

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and execute it.

Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.

NOTE: This threat will be detected by virus definitions having:
Defs Version: 50811s
Sequence Number: 24254
Extended Version: 8/11/2003, rev. 19

Symantec Security Response has developed a removal tool to clean infections of W32.Blaster.Worm.


Anyone that uses a decent firewall system should be safe enough. This virus attacks systems running Windows 2000 and Windows XP it can infect NT 4 and windows 2003 systems too.

if don't want to search through the MS and Symantec websites for the fix and removal tools I've downloaded them they'll be on my web site for a couple of days.

http://www.fluffyknight.co.uk/fix.zip

* smooches* TY sweetie. I patched mine at a friend's suggestion yesterday. I know lots of works systems that were inundated by this slippery sucker.

I have gotten it at home twice. Fixed it then got it when applying the patch. Thank god it doestn hurt anything but damn it is annoying.

thanks FP!!!! :D

Just a couple of points:

While the worm itself only exploits the DCOM RPC hole over TCP port 135, the hole can also be exploited over TCP ports 139 and 445. Block those too.

This worm is really quite stupid in a number of respects, and yet the impact it has had is enormous. An expertly written worm exploiting this flaw would be nothing short of disastrous.

The only thing Virus does effectively is spread istelf around. That's really the idea of it, just to highlight a flaw in Microsoft operating systems it was never meant to be destructive just an annoyance.
An anit-virus company called F-secure wanted to test how quickly this thing can spread. They set up an unprotected PC and in just over 5minutes it had been infected.........they left it running and later that day it was only taking 27 seconds to get the virus !!!

It was just a flick in the balls to Microsoft in order to get them to better check their software.

Couldn't they just get a written petition...fuckin' worms....i'll give the bastards worms!!!

These ppl that make these things piss me off BIG TIME!!

I got it last night while i was in the chat, had to leave in the middle of a great show. XD
my virus scan seems to have crapped out on me so i just ran my comp in safe mode and did a system restore for a day before it happend, thank god I make checkpoints every 24 hours, im compulsive like that. ^.^

oh yea, and for anyone who doesnt know (dunno if it was posted in posts before mine cause i didnt read'em all) what the virus does, it opens this annoying lil box that says "blah blah blah your computer has been forced a shutdown authorized by blah blah" then it gives you a 1 minute countdown timer until it dicks you. at least the person who made it gave you tiem to save what you're doing =) *tips his hat to the maker*

LOL actually ozling if you open a DOS window and type "shutdown -a" errrr without the "s of course then it aborts the shutdown that the virus starts :D it may be "shutdown /L /A" on some Windows version I can't remember for the mo but I think XP pro or maybe win 200 needs you to specify L - the local machine then A - abort ;)

will keep that in mind next time lil annoying bastard decides to show 'imself

Well hopfully once you've installed the microsoft hot fix it should never appear again!

Originally posted by FussyPucker


It was just a flick in the balls to Microsoft in order to get them to better check their software.
If it was then it was misguided. Microsoft patched this hole about a month ago. I'm no Microserf myself, but credit where it's due.

I found it funny that the virus contained but never displayed this bit of text..
"I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!"

The pacth for this problem was released July 16th by microsoft and since then 4 updates have been made to it. The reason I said it was a flick in the balls to MS is that despite having patched the problem the whole issue of security and bugs in MS software has been thrown in to the news AGAIN by this virus. The main problem is really with the release of information on security patches, your average home uer is unlikely to ever know about them until it's too late. There are two options to this:-

1. Software companies (not just MS) need to do more work on testing software prior to release... you have to remember that it's impossible to track down every possible bug.

2. When there is such a critical secuirty flaw discovered people need to be made aware of them so that protection can be in place before a hacker/virus writer can exploit them.

I doubt either will ever happen really since it is impossible in such complex software to track and fix every problem..... and of course it's usualy the hackers/virus writers that find these flaws first.

oh well it keeps life interesting :D:D

by the way this virus now has two variants
W32.Blaster.B.Worm
W32.Blaster.C.Worm

Now that's just silly !

Skip's wife spent about 10 minutes berating him on the post it note written on July 21st reminding him to get the patch....I told her I ignored those damn things...

Skip ! You naughty boy, now bend over and prepare NOT to be spanked as punishment !