|
Perhaps your computer has started re-booting itself and possibly
displaying an odd message. You may have picked up the Blaster virus,
or something similar. This page deals mainly with the Blaster worm,
however, the information presented here may be helpful to anyone
interested in combating viruses.
|
|
The Blaster worm exploits features within Windows that allow remote
functions to be run on your desktop computer. While these features
can be very handy they can also leave your system vulnerable to
attack.
There has been plenty of finger pointing concerning Microsoft's
not plugging the holes in Windows that leave computers vulnerable
but we'll leave all of that to pundits and lawyers. Suffice to say,
whatever the good guys build into any operating system, be it Windows,
Macintosh, Unix, Linux, or even Palm, someone will find a way to
exploit it.
This page came about after we helped a friend recover from the
Blaster worm. His system kept shutting itself down and virus scanners
kept finding infections with names like Lovsan, Nachi, and Welchia.
The Blaster worm is so destructive and so pervasive that all of
the major anti-virus vendors, as well as Microsoft, have released
free utilities to clean it.
|
 |
If you have the Blaster worm or one of its derivatives you will need
to turn off the System Restore feature before your anti-virus program
can neutralize it effectively. After cleaning the system reboot it
so the cleaned file(s) will load properly. To work with System Restore:
- Click the Start button.
- Choose Settings and then choose Control Panel.
- Select System. Click on the System Restore tab.
- Click the button to turn System Restore off or on. It is normally
on.
|
When Windows boots up it looks for system files that have
changed since the last boot. If it finds any it will restore
a backup copy and then continue to boot. At this point the
system will likely become re-infected even if you cleaned
it.
Turning off System Restore will allow the cleaned files to
become the backup files, replacing the infected ones. This
will allow the system to boot without loading the infected
files.
|
If just one person went through all of the grief we and our friend
endured then just imagine how many thousands of others have experienced
the same problem. We have posted this page before all of the requests
for help came pouring in from both of our visitors. If we can help
even one person avoid all the grief we endured then this page will
have been worth the effort.
|
|
Microsoft has a number of bulletins
concerning Blaster, Nachi, and the like. Unfortunately, navigating
their Website is not simple because each bulletin refers to yet
others. Some highlights are listed below. If this is overwhelming
to you (and it very may well be) check the items below this one.
| Do
I have Blaster? |
How to tell if you have the Blaster worm. |
| Read
more |
MS03-026: Buffer Overrun in RPC May Allow Code
Execution |
| Read
more |
824146 MS03-039: A Buffer Overrun in RPCSS Could
Allow an Attacker to Run Malicious Programs |
|
Read
the document
Download
the file
|
KB 824146 Scanning Tool to Identify Host Computers
That Do Not Have the 823980 (MS03-026) and the 824146 (MS03-039)
Security Patches Installed. |
| Read
more |
Information about the Blaster virus and its variants. |
| Read
more |
Information about the Nachi virus. |
|
|
Network Associates markets the McAfee
line of anti-virus and security products. Their Website has a substantial
amount information about viruses and worms and they have utilities
to clean out specific viruses.
| Stinger
Utility |
Cleans the Blaster worm and over 30 related viruses,
worms, and the like. This small utility is a fast download and
it is simple to run. Documentation is available online. |
| Virus
information library |
Learn more about viruses and things. |
| Network
Associates |
Visit the Network Associates Website. |
|
|
Symantec markets the Peter
Norton line of anti-virus and security products. Their Website has
a substantial amount information about viruses and worms and they
have utilities to clean out specific viruses.
| Free
virus removal tools |
Symantec has a number of utilities for specific
viruses. |
| Virus
removal tutorials |
On-line virus removal tutorials. |
| Virus
encyclopedia |
Learn about different viruses. |
|
|
Trend Micro markets PC-Cillin and other
products. Their Website has a listing of current viruses and some
very useful information.
| Virus
information |
Symantec has a number of utilities for specific
viruses. |
| General
information |
The virus primer explains how viruses and worms
work. |
|
|
Grisoft offers both free and paid versions
of the anti-virus package AVG. Their Website has a very useful assortment
of information.
| Virus
information |
Grisoft's current virus bulletins. |
| Glossary |
The glossary explains a number of virus and security
terms. |
| Interesting
links |
Grisoft has a wonderful assortment of links and
other resources. |
|
| Please use these, and any other
hints you find at our Website, with caution and common sense. We make no
claims for accuracy, completeness, or much of anything else. In other words,
you are free to use these hints at your own risk. |
