BlameThePixel!

Just got off MSN from talking to a mate. As you may of heard on the Radio or TV, there is a virus. It's called Blaster something. It makes your computer crash loads. Only affects Window users though. I got a link here, which might be helpful to anyone worried about the virus.

Just download, install and restart!

http://www.microsoft.com/downloads/details.aspx?FamilyID=2354406c-c5b6-44ac-9532-3de40f69c074&di splaylang=en

I except any donations of food, foreign currency or stretched springs.

Note: This file only protects XP. Sorry!

Hmm I'm not sure if it's only a 2000/XP virus anyway, it may be IIS running things only, in which case it couldn't affect my computer cause I'm on ME and I don't run IIS

Btw, accept*

blaster virus blaster shmirus.

a good computer user checks his startup and running processes daily, and kills anythign he dont know about (and procedes to destroy the system, until he realizes what is actually needed...)

In reality though, once you know u have the virus, its easy to kill

And that same bullitain, iirc, has a link for a 2k patch.

Also, offtopic, does anyone remember the windows messanger port number?

135, but according to an article I just read, alot have moved to 1026 because everyone's blocking that port to stop the spam.

goign back to monitoring running processes, i do that and have found something suspicious but when i search for the filename and find it I try and delete it and it says write protected or make sure file is not in use. I end process but how do i turn off write protected etc...

hmm what is the name of the thing that is suspicious?

Some viruses do set themselves to be like that methinks, but if you have a virus scanner it should've picked up on it... If it's monitoring all the time, anyway.

There are two suspicious executions, which are both run by Administrator. ICMON.EXE and ctfmon.exe

havent heard of those, but do this:

step zero: end process them
step one: delete. if not a sucess, then:
step 2: search registry in all startup loctions, usually works to do a registry find, but dont include the extention!
step 3: delete everything u found in step 2, unless it look simportant
step 4: check system.ini, win.ini, autoexec.bat, autoexec.net, wininit.ini or wininit.inf (cant remember), and other files
step 5: reboot to recovery console
step 6: delete the files
step 7: repair the damage, if any

oh, and, if you get access denied trying to endprocess them, go dl a program called process explorer by winternals (i think), that'll kill em for you.

will do sergent. thanks for help. it worked.

hmm dumazz has a virus. He said. And it makes it so some programs think they're not capable and then not work. So thats why hes not using msn but trillian now. And other programs as well dotn work. If anyone knows anything about this contact dumazz

do u know the name of the virus?

dumazz does. But again im at my friends house for well mostly everyday for a few days so i wasnt able to do the things i wanted to do.

this one is w32.blaster
dumazz's was a diffrent, less severe one

It can be known as W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A, w32. Blaster-A. http://www.sophos.com/support/disinfection/blastera.html helps. It might have references to Sophos Anti Virus Program, but most of the help instructions can be done without any program.

wat was dumazz's virus from?