found out how it got on mine.. I have to lower my firewall to get into my FTP (bloody Zonealarm!) .. it got me then....

Weird. I got a 60-sec shutdown message a week ago. First for a long time. I d/ld and ran the patch today, ran the worm killer, which said I didn't have the worm. and chaecked at ShieldsUp. Apparently I'm in total stealth mode and protected. No open posts, nuttin'. So why'd I get a shutdown a week ago? Oh well, I'll run the blastfix thingy again just to make sure. mac PS This meassage belongs in this forum and then some! I'd never have known about it if praxis hadn't posted here. A big 'Thank you!', praxis.

x2000 - I have a feeling it's just that you spend a lot of time here lol.... after all, you don't have to be anywhere special to get it. Even a PC standing unused (but connected) is vulnerable. :] Fish

FishNose - Guilty as charged.;) No, it doesn't matter where you go. In fact, when my second restart hit, I was still connected but not actually on the net, IE was closed. Maclean - Read the link I posted in the Hardware/Technical forum thread. This guy got hit a week ago, too, so I guess it started then, it's only that it's kicked into high gear now, probably because more and more people got infected and kept infecting more... 2, then 4, then 16, etc, you know? As far as detecting the worm, I don't think it had been identified until yesterday. I checked Norton updates yesterday and I was fully updated, a scan showed no sign of anything. But then there was a new update this morning, and with that installed, another new scan spotted the little bugger. So everyone, check your virus scanner updates today, even if you did it yesterday.

Oh, and if the wormkiller app shows nothing, then I guess you're clean. The restart thing doesn't necessarily mean you were infected, but contrary to some beliefs, it doesn't mean you weren't, either.

AOL uses proxies to cache visited websites and then calls up the proxy to serve you the files faster. You don't have a direct connection to the web most of the time, the proxy has a connection and you're connected to it, as are thousands of other users. This causes endless grief to AOL users that want to use chat services, as the proxy often kicks in and kicks them off. so that can explain why a great deal of AOL people didn't get hit.

I had my system restart several times when I was downloading from DAZ. I have run the Symantec wormkiller twice and come up clean twice. I have also installed the patch. The sad part was I had spent about six hours the previous day backing up and verifying my system onto tape. I suppose the tape is clean but the operating system on tape lacks the patch. If I do restore it for some reason, I need to run the patch again. I could backup again (another day shot) but I still am uneasy about the worm being on my system.

I just run a check and the worm could not be found on my PC..I also downloaded the patch and run Norton again. Hehehe my puter seems to invisible for Shields Up. Gosh I'm very paranoid if it comes to things like that and my updates are always up to date :)

I never got hit by it either, never had a spurious restart. But got concerned as I saw this situation develop. Just went through with Norton and all clean... whew. I always let Windows update do its thing automatically but I downloaded the patch and installed it just in case.

I am glad I use my old Win/ Me for Internet connection only for first time!! best solution to protect your work use 2 compu one not Online.. no more viruses or worms that never sleep and waiting for damage your poser stuff you spare for years..lol I heard in the radio that 200.000 computers was plat today thanks to this worm... what a drama

Catherine, I usually surf only from my 2nd computer - an old 166Mhz with win 98. It's a junkheap, but the reason I keep it is for net use only. Problem is, lately I've used my main one a lot because it's so much hassle to keep transferring files. I guess I'll go back to the junkheap again. In fact, I'm on it now. It's the best virus protection ever. mac

I went to the avg website and found that ther are actually three worms. The big one is LoveSan not MSBlaster. The site tells where these worms reside - You mighr check it out. A google using "AVG +virus" should produce a link to AVG 6 and 7. If you don't have an AV program there is or was a free version of AVG6 on the site.

Thanks Fish!! I've always liked ME but for once it's a GOOD thing to use Win ME!

Hi All, I was hit by this virus also. It is called W32 Blaster worm or Lovsan worm and infects your system threw your internet connection at port 135 on window based systems such as ME, NT, Win 2000 and XP. It is a global virus that was launched yesterday and has effected thousands and has invaded many ISPs. You will get these error window messages: "Generic Host Process for WIn32 Services has encountered a problem and needs to close". "This shutdown was iniatiated by the NT AUTHORITY/SYSTEM windows must restart now because the Remote Procedure Call(rpc) serivice terminated unexpectingly". This virus causes your machine to crash and reboot over and over until the virus is removed and you have downloaded and installed the latest security patch from Mircosoft. Here are some links which may help: You can download the latest security patch here: http://www.microsoft.com/security/incident/blast.asp This site has a very good removal tool for this blaster worm virus: http://securityresponse.symantec.co...aster.worm.html http://us.mcafee.com/virusInfo/default.asp?id=lovsan If you use any removal tools please remeber that the System restore option must be turned off in WinXP before you run the removal tool. If not the virus will no be removed and will continue each time you boot up. Also, getting the patch is very recommended Zone Alarm does effectively block port 135 (if you keep it enabled). If you would like to test that port, to be sure, go to GRC.com and run the ShieldsUp program. Hope this helps and best of luck! Miche

the http://securityresponse.symantec.co i down get server error.. :(

ok.. another problem.. I downloaded the pach and when I tried to install it , it said it couldnt cause my system windows files are i another language.. so.. does anyone have a patch for windows in portuguese? I would appreciate it! hugs Ilona

Attached Link: http://securityresponse.symantec.com/avcenter/venc/data/w32.femot.worm.removal.tool.html

" security holes are built in so the government can check up on what your doing, it's part of the homeland security act." Mesh magic, that is ten tons of pure bull droppings! The real reason is plain sloppy code writing not any sort of conspiricy on part of any government.

The words 'Microsoft' and 'Security' can not be used in the same sentence unless 'error', 'hole' or 'problem' is also included. MS has always created sloppy, bug ridden, security impared code. Everytime I see on the news or read about, yet ANOTHER bug or security problem with something from MS I just sneer in the direction of MS headquarters an go on my virus free way unburdned by multipule firewalls and virus checkers and don't even pay attention to security alerts and virus updates. BTW, I'm on a Mac :-)

The revered UNIX had way more security holes than Windows and it took literally DECADES to plug them. But this was before the web so nobody noticed.

the virus also travels as message.zip in emails...beware. Ive been protected from it:)

grrrrrrrrr- I got it too :( sniffles just spent the whole night getting rid of it I hope. symantec's removal thingy couldn't even see it- had to do it manualy. thank god the patch is kinda small.

I'm not sure if anyone is still having the problem but I thought I would share my expeirence with the virus. I'm not 100% positive where I got the actual virus from -- seeing as how I usually don't open shady emails, and can't recall opening a strange email but I can recall getting one that I threw away. It was from the "System Admin" and subject was "Delay in E-Mail" or something of that nature. I waited a day to trash it because I thought it was junk, not virus. And to my knowledge had no attachments. But, again, I'm not sure this was the source of the problem. Anyway, I shrugged off the first of the RPS errors feeling it was just computer problems. But after reading this post in the 5 minute interval I had before my computer shut down, it seemed as if I had the problem. I ran symantec (took a long time, had to search through a lot of files) and symantec caught nothing yet I still had the virus. I went to the Microsoft page noted in the first of posts and downloaded the patch. Then I went and checked my task manager, and sure enough "msblast.exe" was residing. I ended the process, deleted it from my C:/Windows/System folder. I also changed the values or whatever that was noted for me to do. I'll post the link I followed in a couple secs. So far, it seems ok. knock on wood :) Hope you get your systems cleaned.

I've seem to have lost the link, sorry. Erg. Send me an IM if you need more detaield instructions on what I did.

Well it looks like it just got us, the whole office got it at once, except moi of course, but I have other problems, ah well, that'll be somebody with a laptop then... later jb

Attached Link: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

BTW download the patch from micr*soft too so you finished to protect your system, the URL it's inside the like on post 77. was very fast at deleting it like 20 secs or something, well bye

Are you guys just running a search for msblast.exe? I did and didn't find anything, but I'm running Windows ME and from what I've read, it doesn't effect ME (but you never know).

hrm...for those that are wondering where it is from. Xp calls home...alot, this is where the virus sneaks in at according to symantec and microsoft. (considering every xp update contains the words "might take over your system" this does not suprise me and I'm surprised it took this long to happen) It activates when you get online. Broadband users who don't disconnect have the greatest threat. The biggest problem is that the virus is flawed(go fig) and sends screwed data causing your system to reboot or turn off. So when you hear of systems going down, large or small, this is what happened. As far as I know they are looking but they don't know where the remote cmd.exe's are opening and who or if can even use them if 1000's are opening at once(they probably crashed their own computer) I got protected and shut down the ports, I have to run the symantec tool tonight to get rid of everything else. I was bummed last night I had time to play and it all got taken by this stupid virus.

I hope people don't go and disable automatic updating because of this. It wouldn't help anyway. The patch fixes the buffer overrun. Even XP's firewall closes the port.