Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.

Underground > Conversation >

Virus Checkers - Tech Help

09:00 / 13.08.03

So, I hook up my desktop to the internet for the first time here in spain, I manually configure the dial-up connection. Oh dear. I forgot to put up the XP firewall and my virus checker has expired. Within 1 minute I was infected with the MSBlast worm, though it took me a good while to work out what was wrong.

Anyway, I was hoping that you techie folks could help. Sure, I should just buy a virus checker, but...I also have a laptop which runs windows98 and I'd rather not have to buy two virus checkers (desktop is XP). There are lots of offers out there, of course, but which are genuine and which are Trojans. I just don't know enough. Help.

09:12 / 13.08.03

AVG virus checker, it's free and does the job, as long as you let the automatic updates do their job, I'm often not on the net long enough for it to do that. But it and the virus definitions are all free to home and non-commercial usage, nice bit of kit all in all.

http://www.grisoft.com

STOATIE LIEKS CHOCOLATE MILK

09:22 / 13.08.03

Yeah, I just managed to get rid of that Blaster motherfucker... I feel quite proud of myself, actually, despite the fact that it took me ages using Very. Simple. Instructions. (Which I'd had to get at work last night because the fucking thing kept rebooting every time I stayed online for more than a couple of minutes in order to download the fucking patch).

I use Norton AntiVirus- it worked fine on my old computer... for some reason, the last couple of weeks the update thingy hasn't actually been working (hence the Blaster malarkey).

I'm suitably chastised by the experience, though, to watch with interest the answers you get in this thread. Methinks you won't be the only one following their advice!

Anyone who's got Blaster (you can tell cos your connection gets REAL fucking slow and every now and then your computer reboots itself) you have two days before it spends the entire day attacking Microsoft's site (come to think of it... maybe I should get it again? joke...)

09:27 / 13.08.03

Add me to the list of people who have just got rid of it - the XP firewall apparently let it through without a problem. I'm now running Sophos, but as I only installed it last night and previously didn't bother with antivirus software I can't give any firm recommendation one way or the other.

09:31 / 13.08.03

I'm a bit worried - I got an email last night from Symantec, with a link to a download to protect from the worm. It wasn't till that point, when I'd opened the site but not downloaded, that I thought, hang about, how do i know this is from Symantec? They don't normally email.

So... I'll have to check with them, i suppose. I've updated the checker and just have to hope i don't have it.

Good luck Lurid, hope you can clean it up okay.

09:32 / 13.08.03

The XP firewall let it through? Oh dear. Maybe I should add a firewall to my shopping list.

But that surprises me E. Randy. When I put the XP firewall up, my computer stopped rebooting every 2 minutes and I managed to download the microsoft patch for the vulnerability the MSBlast worm was exploiting. So I assumed that the firewall was doing...something.

09:39 / 13.08.03

Invisible al: cheers, man. That AVG thing sounds good. Like I said, it is hard to know if a virus checker is genuine, which is how the big names get to charge so much, I suppose. How do the AVG guys get earn their money?

Ariadne: As far as I can tell, this blaster worm has been pretty big. I think you can tell if you have it by pressing ctrl+alt+delete and looking at the processes in the task manager - it shows up as msblast.exe.

STOATIE LIEKS CHOCOLATE MILK

09:50 / 13.08.03

Yeah... it's been huge. Judging by the amount of 404s I'm getting even since removing the bastard, it's still fairly huge. (Also Ganesh mentioned similar symptoms yesterday morning in the Calamity Jane thread- first time I started thinking it might not just be MY computer overheating).

As far as I can tell, the XP firewall will stop it to an extent once it's already in there... you should be able to stay connected & download the relevant bits'n'pieces. Of course, being a spack, I hadn't actually activated the XP firewall until it was too late... but it did stop the constant rebooting.

Funnily enough, the worm itself seems to have killed the popups I was plagued with which no popup killer could get rid of... strange but true...

STOATIE LIEKS CHOCOLATE MILK

09:52 / 13.08.03

Oh... ditching it in Task Manager will stop it until you next reboot... I found that after downloading the patch doing a search for files with msblast.exe in the title came up with two... deleting those seems to have done the trick.

As long as I never have to enter (spooky music) THE REGISTRY (end spooky music) then it's all good.

10:01 / 13.08.03

Yeah, anyone whose computer is shutting down and thinks it may be the heat...well, its worth a look. Easy to follow instructions, here and you should download a patch from Microsoft. One of the things the worm is trying to do is to take down the MS update site, so it might be best to download it direct from here.

10:06 / 13.08.03

Funny, maybe it's just me - ending the process through Task Manager didn't help in my case either. I always have the inbuilt firewall switched on, but it still wouldn't let me connect for more than a couple of minutes before rebooting. Just enough time to find out what was happening, but I ended up having to get someone else to download the stuff needed to fix it. I've seen both pieces of advice (firewall & Task Manager) on other sites, though, so it looks like there are more cases of them working than not.

I'm also clear of popup adds so far today, but that may be more to do with the Windows patch than anything else. Got to say, if it stays that way it's a fairly major silver lining...

Oh yeah, there's a self-extracting file here that can be used to get rid of this particular problem if you're having trouble with other solutions, along with instructions on how to use it and other suggestions. It worked perfectly for me and may be worth using if you're worried - it checks all files for the worm and either kills it or lets you know that it's not there.

10:07 / 13.08.03

Well, I wasn't crashing or rebooting this morning, so maybe I'm okay - I'll check tonight. Thanks.

11:41 / 13.08.03

For what it's worth, because I'm on Win98, I use AVG as well. I think, by giving it away free for personal use in the UK Grisoft's plan is to create some brand recognition and loyalty. I don't know if that will work but the software seems to so good luck to them.

I used to use XP at work, and nearly every other day a little message would come up telling me Microsoft updates were available to download and install. I think the machine was set up to check this automatically, and it seemed the easiest way to keep on top of the patches you must install to keep many of these bastard things away. This didn't take long -- we were on a very broadband connection -- but even if it took time, e.g. on dial-up, it would probably save time in the long run, yes? As would waiting for anti-virus updates to download.

BTW, because my OS doesn't include a firewall, I use Zone Alarm (also free and recommended by an XP-using friend) and it's still blocking loads of hits on Port 135 (the virus doesn't know my machine can't catch it), so you may want to consider installing that as well. Some people prefer another free one but I can't remember the name, sorry.

.

12:34 / 13.08.03

Yep, I set up my new XP laptop on Sunday, only to be hit by the MSblast worm by Monday night... Naturally I was cursing Microsoft for their duff Windows for ages until I checked the web (via another PC) and found out it was a worm. I've installed the patch now and it all seems OK. So I recommend making sure your XP firewall is on, downloading that Symantec fix, then downloading the official patch which the Symantec fix leads to.

That said, it's still XP which decided to flash up the fucking scary 60 seconds till reset countdown. It hardly inspired confidence in my new purchase, seeing that message pop up within a couple of days of turning on the PC. At least I know now that it wasn't a) my new laptop being shit, b) the heat, c) XP being pants, which reassures me a little.

Q) How does Zone Alarm interact with XP's own firewall? Do I run them both, or disable the built in firewall in favour of Zone Alarm?

13:26 / 13.08.03

I've been using Trend Micro's online scan, at www.antivirus.com. There's also a downloadable one that's relatively tiny. It's been really convenient and effective. some viruses, worms, trojans, etc. require a bit of registry editing to properly clean, but the site is helpful there too.

14:55 / 13.08.03

Q) How does Zone Alarm interact with XP's own firewall? Do I run them both, or disable the built in firewall in favour of Zone Alarm?

I'm guessing you'd disable the MS one, but I'm sure there'll be instructions with the software. It's something my XP friend uses -- I imagine he gets better "tweakability" from ZA for playing games, using unlicenced media etc., but the difference in protection for day-to-day stuff may not be great.

One thing to remember about firewall and AV apps is that none of them make you invincible.

15:53 / 13.08.03

If you want an idea of how well your firewall's working, try going to Shields UP! and hit "Common Ports" under ShieldsUP Services.

The main page grc.com is pretty good for security info.

Cloned Christ on a HoverDonkey

23:29 / 13.08.03

Phew!

Just tried every test on the 'Shields Up!' site, and all my ports are 'stealthed' (sounds cool, huh?), meaning that, to the outside world they don't even appear to exist.

I'm just a vapourous mirage, wandering the wide hallways of the net.

Or something.

Cloned Christ on a HoverDonkey

23:32 / 13.08.03

Also - can anyone tell me of anybody who hasn't been infected with that fucking msblast.exe virus?

I just spent the last 2 days ridding my machine of its evil machinations.

Tw@

Cloned Christ on a HoverDonkey

23:41 / 13.08.03

On a side note, having re-read this thread, anyone who's concerned/annoyed/downright-pissed-off with pop-up ads should really consider integrating their browser with the all-new, bells-whistles-included, full-metal-jacket Google Toolbar v2.0.

It has an excellent pop-up stopper, which has defeated sites that commercial stoppers I've used have cowered in the corner, shuddering with fear when confronted with.

It's available HERE.

Hope this helps, and sorry about the post-barrage.

Cloned Christ on a HoverDonkey

01:15 / 14.08.03

Adding more bumph to my already bloated post-count on this thread, I thought anyone who's concerned about having a possible infection by the BlastWorm virus might want to look HERE.

This page outilnes most of the things necessary in eradicating this little git.

01:41 / 14.08.03

You can stop your PC from shutting down during the timeout period by running "shutdown /a" from the Start>Run menu.

The other free firewall - and one I still use - is Tiny Personal Firewall from Tiny Software. Unfortunately this software is no longer free.

I think everyone should be running a firewall, no matter what their connection. And if anyone has configuration issues they can come back here and ask.

trouser the trouserian

11:41 / 14.08.03

Also - can anyone tell me of anybody who hasn't been infected with that fucking msblast.exe virus?

Well, so far so good. I manage IT systems for a medium-sized b2b publishers. We have a dedicated UNIX box acting as a Firewall, plus email virus scanning, so the only way we can really get infected is if a stupid bastard (and there's always one) downloads some infected webmail stuff, which means they'll get jumped on in a major way. We're using NAV Corporate on the desktops & servers which has proved to be a good investment.

Personally, I use Symantec's Firewall app, which seems to do the job very well. I was using the 'lite' version of Zone Alarm until some f*'@cker on a remote FTP server managed to breeze right through it and screwed my HD's FAT table last year.

re: the XP firewall problem - we're running a mix of w9x, 2k & XPP systems here and I've already found a couple of potentially dangerous loopholes in XPP, but at the mo' we're nice and safe behind the UNIX box. Oops, there goes my bleeper....

12:25 / 14.08.03

I was drafted in to build a couple of new boxes at work. Totally forgot to put a virus scanner on them...oops ( I am what the french call un incompetent)...however we somehow weren't infected at all and no one really noticed...huzzah!

13:13 / 14.08.03

I was using the 'lite' version of Zone Alarm until some f*'@cker on a remote FTP server managed to breeze right through it and screwed my HD's FAT table last year.

Indeed. I don't think one is ever really safe, especially with software firewalls.

Time to fire up the ol' CD burner and make some backups, I think :-)

PS: I can think of at least 30 people who won't ever catch MSBlaster. There's me, too downversion for it to bite, and ... no, let's not start that here.

trouser the trouserian

14:18 / 14.08.03

Time to fire up the ol' CD burner and make some backups, I think :-)

Oh yeah, I went completely backup bananas - so I've now got a cd-burner, 2 external Firewire HDs and am just about to get an all-formats dvd-burner. It's kinda mad, but once bitten...

21:31 / 14.08.03

Also - can anyone tell me of anybody who hasn't been infected with that fucking msblast.exe virus?

me

I have never, ever got a virus, even when I was running Windows.

XP firewall is pants, by the way, don't bother with it. Turn it off and install at least ZoneAlarm.

Cloned Christ on a HoverDonkey

06:29 / 15.08.03

ZoneAlarm is also pants - it totally stopped me accessing the web when I installed it. And yes, I did have it configured properly.

If anyone uses any form of file-sharing software, I'm pretty sure you'll be able to get your hands on an old-ish version of Tiny Personal Firewall (you know, the free one). Is that etically correct?

14:21 / 15.08.03

Oldish-versions of security software may not be good. I couldn't possibly comment on the ethics ;-)

I had some problems with ZA at first, getting Winamp to receive streams and Mozilla to work on-line, but both were down to ZA configuration.

Zero Gravitas™

15:31 / 15.08.03

Also - can anyone tell me of anybody who hasn't been infected with that fucking msblast.exe virus?

Nope, never been infected. Been running my PC, with always on connectivity, for the last 3 years and have never been infected with a virus.... ever.

Have always used Norton AV and Zone Alarm Lite (the freebie version). Never been hacked either. Have used the Norton auto-update function to allow the app to check for updates and download them and install in the background.

Someone further up the post list mentioned that big companies charge big cash for anti-virus software. £30 is well worth it in my book *shrug*

18:41 / 15.08.03

Cheapskate move --

Download the latest trial virus checker - when it expires, zip up all your files, put them onto HD or net, reinstall your PC and redownload the virus checker. Unwieldy, but very cheap.

ONLY NICE THINGS

19:11 / 15.08.03

I'm clean at home, but it went through work like a dose of viral salts; nasty.

and if you get an email from Symantec or Microsoft or whoever with an attachment, that attachment is a virus which somebody is trying to trick you into opening. A lot of people got bitten by that when the Klezworm virus. Always check their website.

19:40 / 15.08.03

Well, despite opening the email, nothing terrible has happened and I seem to be okay. I've done the patch, updated my virus checker and all seems well. As I've ony had the PC a week I was going to be mighty miffed if it got infected.