It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Hardware Madness > Hardware/Software Problems, Bugs
worm virus !!! worm virus !!!
FAQ Members List Calendar Search Today's Posts Mark Forums Read

worm virus !!!
Closed Thread
Thread Tools
Old 12th August 2003, 10:07   #1
[M] Reviewer
Gamer's Avatar
Join Date: May 2002
Posts: 4,587
Gamer Freshly Registered
Default worm virus !!!

dutch only.

english :

Aliases: W32/Lovsan.worm, Lovsan, W32.Blaster.Worm


TrendLabs has received several infection reports of this new worm, which exploits the RPC DCOM BUFFER OVERFLOW. This vulnerability in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.

This worm has been observed to continuously scan random ip addresses (x.x.x.0) and send data to vulnerable systems on the network using port 135. On the following system dates, it performs a Distributed Denial Of Service attack against

On the 16th to the 31st day of the following months:


Any day in the months of September to December.
This worm runs on and is able to propagate into Windows NT, 2000, and XP systems.

For more information on the RPC DCOM Buffer Overflow, please visit the following Microsoft page:

Microsoft Security Bulletin MS03-026



To automatically remove this malware from your system, please use the Trend Micro System Cleaner.


Terminating the Malware Program

This procedure terminates the running malware process from memory.

Open Windows Task Manager press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs*, locate the process:

Select the malware process, then press either the the End Process button.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
In the right panel, locate and delete the entry:
”windows auto update" = MSBLAST.EXE
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_MSBLAST.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.

Applying Patches

TrendLabs advises all affected users to apply the patch issued by Microsoft at the following page:

Microsoft Security Bulletin MS03-026

TrendLabs also asks users to filter access to port 135 and allow trusted and internal sites only.
got the same problem this morning, problem solved in 10 minutes

Gamer is offline  
Old 12th August 2003, 10:12   #2
Bosw8er's Avatar
Join Date: May 2002
Posts: 3,711
Bosw8er Freshly Registered
"Think of how stupid the average person is, and realize half of them are stupider than that."
Bosw8er is offline  
Old 12th August 2003, 10:17   #3
[M] Reviewer
Gamer's Avatar
Join Date: May 2002
Posts: 4,587
Gamer Freshly Registered

I know, windows update isn't one of my favourite sites
Gamer is offline  
Old 12th August 2003, 11:15   #4
Posts: n/a

Soooooo many "connection reset by peer" on irc
Old 12th August 2003, 18:12   #5
ModdiN MansoN
Posts: n/a

@ work today, about 7 people brought in their pc with that virus on it :wtf:
Old 12th August 2003, 18:17   #6
Posts: n/a

Originally posted by ModdiN MansoN
@ work today, about 7 people brought in their pc with that virus on it :wtf:
no wonder. normally a virus spreads by mail, but this virus just starts infecting machines by picking random IP's :wtf:

not one virusscanner stops it, and prolly most firewalls either!
Old 12th August 2003, 18:41   #7
Posts: n/a

had 2peeps with the problem.
Next to all the coputer @ work.
Old 12th August 2003, 21:53   #8
Join Date: May 2002
Posts: 1,543
DUR0N Freshly Registered

kewl virus :s
DUR0N is offline  
Old 12th August 2003, 22:15   #9
Posts: n/a

had it last night, quite irritating
Old 13th August 2003, 14:24   #10
Posts: n/a

BlackIce on paranoid mode will do it
Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
MIT builds battery from bacterial virus, humans to power machines by 2012 jmke WebNews 0 3rd April 2009 10:05
Malicious Worm Causes CPU Fan To Stop Working jmke WebNews 1 27th February 2009 11:39
Microsoft Offers $250,000 Reward to Catch Worm Authors jmke WebNews 0 15th February 2009 00:07
Conficker worm spikes, infects 1.1 million PCs in less than 24 hours jmke WebNews 0 16th January 2009 22:15
Buy an Asus Eee Box and get a free virus jmke WebNews 0 10th October 2008 17:18
Virus Infects Space Station Laptops (Again) jmke WebNews 0 28th August 2008 13:11
January 2006 Virus and Spam Statistics jmke WebNews 0 19th February 2006 17:43
First potential virus risk for Windows Vista found Sidney WebNews 0 5th August 2005 18:52
Intel Releases Pentium 4 with Dedicated Virus Coprocessor jmke WebNews 1 29th May 2005 09:49
Sober worm makes a comeback Sidney WebNews 0 7th May 2005 17:04

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 16:56.

Powered by vBulletin® - Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO