Hey, all. Since I have been battling this little bugger all day at work, I thought that I would mention it here as well. Just as a safety precaution for you all.

There is a new worm loose on the Internet affceting users of Windows 2000 and XP and it is nasty! It is called the "W32.Blaster.Worm". Here is a little write up from Symantec (http://www.symantec.com/) about it.

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and execute it.

Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:


TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

If you want some in-depth info, you can read about it here - W32.Blaster.Worm. (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html)

You can run a test here to see if Port 135 is open on your PC - GRC. (https://grc.com/x/portprobe=135) If the port is not open, then you are pretty safe.

If you believe that you have been infected, you can download a removal tool here - FixBlast from Symantec. (http://securityresponse.symantec.com/avcenter/FixBlast.exe)

You should also either go to MS Windows Update to download the latest security patch or get them here:
Windows 2000 Security Patch (http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe)
Windows XP Security Patch (http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe)

Just thought that I would mention it. :)

Listen to Shakey's words - that 'lil flucker is a really bad one, since it can infest your computer without opening any e-mails, attachments etc.

Have to debug my sister's laptop today...her machine caught that virus yesterday. :mad:

Yep. Just got that one today. :argh:

I have managed to download the patch and things seems to be going ok.

I'm scanning my computer now with Fixblast.

Let's hope I've got rid of it.

The news on TV is reporting about it right now as I type this and is saying that it could affect up to 50% of computers. :eek:

Our IT guys just sent a fix yesterday. It fixed a problem my laptop was having that made it seem like the CD-ROM drive didn't work any more. Good luck to you all.

I have it on my home PC. all it does is make my computer re-boot over and over and over again!!! I couldn't get the patch since i was constatly getting re-booted. Thanks Shakey!

Luckily I was able to download the patch last night before my computers could be infected. My laptop is immune since I still have it running on Windows 98.

Thanks Shakey! I ran that test for Port 135, and my results came up as "Stealth".

It's times like this I'm glad I haven't upgraded.... seems the newer the OS, the more unstable and vulnerable :p

I have Windows XP and was recommended to set up the firewall that comes with it. (I thought it was an automatic thing, but no it's not). I did that and then was able download the patch without any problems. I can't really see how that would have made a difference though. Maybe I was just lucky.

Originally posted by Roemello
It's times like this I'm glad I haven't upgraded.... seems the newer the OS, the more unstable and vulnerable :p

Yep, that's true. Of course, they are also more stable and full featured. :p

Recker. I wouldn't put a lot of faith in the firewall that comes with XP. There are some very good (and strong) firewalls available for free. You can find them under "Network Utilities" in our Freeware (http://www.80sxchange.com/forums/showthread.php?threadid=15809) section. Personally, I recommend Sygate, but you can't go wrong with any of them.

Thanks for the advice Shakey!

My mom was sent home early from work today cause it the comps where she works. Messed up the whole system. Not sure she'll be working tomorrow or not. ;)

People were buying the patches & cleaners at Walmart the other night..spending $70-$80.. our server put them on their website for their customers to download for free! It took several times but because that timer would shut down our computer within 3 seconds of the download completing. But we beat it by a split second!

All is good now.