Re: Blaster Worm? Not? Opinions please

From: Sarah (anonymous_at_discussions.microsoft.com)
Date: 01/29/04 

Date: Wed, 28 Jan 2004 15:05:40 -0800

Big Mac writes:
>-----Original Message-----
>I have a couple of questions at the bottom of this post
after the
>somewhat lengthy explanation.
>
>I just reformatted my hard drive. I install Windows XP
from my
>install CD I originally got with the computer. I
Install a printer
>and whatever stuff (printer, mainboard, graphics) - all
from factory
>CDs (no back-ups of anything). Then I install "Total
Access 2004"
>from a CD (My ISPs Interent software).
>
>I log onto Earthlink (my ISP), with my fresh virgin-like
system, and
>get promoted by Windows to d-load a Windows Messenger
update. Ok, I
>do. It is quick to d-load/install, no reboot required.
The next
>thing I do is to download Total Access in case there is
a newer
>version, so I do. It takes a while at dial-up speeds.
After
>installing, my system needs to re-boot. Ok. Call right
back to
>Earthlink. Go to Windows Update to d-load all of the
Windows updates
>I will need (looking at well over 4 hours of d-loads).
>
>Ok - after a couple of minutes, I get a "system is
shutting down, save
>your data" message. Never gotten that before. System
shuts down and
>reboots. Call back. After maybe 5 minutes online d-
loading, again
>"system shutting down, etc". 3rd try, not even trying
to d-load,
>system shut down.
>
>I call Earthlink. The guy tells me I have the blaster
worm. He tells
>me to enable my firewall on XP (whoops, forgot - why
doesn't it enable
>when you install Windows??). Ok, so it works - no more
system
>shutdowns. ** However, I will need to remove blaster
from my system,
>as the firewall only stops the problem, not remove the
worm.
>
>Well I go and d-load Windows service pack #1 (4 hour d-
load).
>Install. Then I go to symantec online and get the
Blaster 32 removal
>file, and run it after setting up the system like it
says. It scans
>my hard drive and tells me NO Blaster Worm found. Then
I go back to
>symantec and do the online scan of my system for any
known viruses.
>Nothing. Clean as can be.
>
>I haven't turned off my firewall since, so I don't know,
but:
>
>(1) Does anyone have anything to tell me about what
was, or probably
>still is, on my system, or going on with my system?
>
>And I thought you needed to open a file to catch a worm
or a virus.
>Earthlink tells me that all I need to do is surf the
net, and that
>since I didn't have any updates to windows, I was
exposed to something
>that is all over (like I said - all I did was update
Messenger and
>d-load from Earthlink, and only after the install/reboot
of
>Earthlink's Total Access software did the system
shutdowns begin to
>happen).
>
>So (2) - is Earthlink right? Was I open to infection
by
>god-knows-what just by being online for a few minutes?
Or do I need
>to open a file (.exe, .bat, .pif, .scr, whatever) to get
a worm or
>virus?
>
>Any comments as to what was/is on my system are
appreciated.
>
>And BTW I went without my XP firewall turned on up until
November. I
>didn't even know I had it to use. I only opened files
online that
>were .jpg or .gif (pictures), or only d-loaded/opened
stuff from major
>web-sites. Never caught a virus or worm that I know
of. But only 15
>minutes online at Earthlink and....
>.
>
     I'd guess that you had your operating system patched
when you were online previously. The combination of no
firewall and a clean install of Windows with no critical
patches applied is nearly guaranteed to get you infected
in seconds. You have to admire the efficiency though -
seconds to get the infection vs. 4 hours to get service
patch 1 (j/k)
      If you have just installed XP, it is essential to
have a firewall up before you connect to the internet to
get the patches.

-Sarah
Those are my principles, and if you don't like them...
well, I have others.
Groucho Marx

Relevant Pages

  • PC Reboots whenever on Internet! Help!
    ... been using an internet connection firewall and have ... Then immediately turn-on Windows XP's built-in Firewall: ... What You Should Know About the Blaster Worm and Its ... ***Install a good firewall. ...
    (microsoft.public.windowsxp.general)
  • shutdown
    ... Then immediately turn-on Windows XP's built-in Firewall: ... What You Should Know About the Blaster Worm and Its ... ***Install a good firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: removing w32/sdbot.worm.gen
    ... Time to blow it away and start a new install. ... boot the Windows 2000 install CD-Rom or setup disks. ... because of the worm or something I dont know. ... the infection I cannot go to that Windows update site. ...
    (microsoft.public.win2000.general)
  • Re: alright whats the trick
    ... I have hardware for the DSL connection that seems to work just fine, all I have had to do until this particular situation is plug the PC network cord in and it is allowed to go online provided the PC is capable. ... the motherboard CD seems to have done its thing when I installed drivers off of it, BUT I will admit that so far I have not tested all the functions. ... I thought I would do all the basic stuff then get all the updates for windows XP 32bit before trying to hook up more stuff to the box. ... Would this NOT have been addressed when I used the motherboard drivers CD to install the drivers as I stated I did? ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: system rebooting intermittently
    ... What You Should Know About the Blaster Worm ... we need to install the critical updates which you are missing. ... Attempt to go to the windows update site and choose all of the Critical ...
    (microsoft.public.windowsxp.network_web)