A new virus threat has been identified on the McAfee Site.
The virus is the LOVESAN W32/Lovsan.worm or aliases of the following: msblast.exe or tftp or W32.Blaster.Worm (Symantec) or Win32.Poza (CA) and or WORM_MSBLAST.A (Trend)
This virus will only affect PCs that are using the Windows OS (operating system) i.e., Windows 2000, Windows XP and Windows NT. It will not affect Windows 95 or 98 OS.
Symptoms
Error messages about the RPC service failing (causes system to reboot)
Presence of unusual TFTP* files
Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory
Measures to Take
To prevent this virus from spreading ensure that you have the latest McAfeeVirus Definitions of 4.0.4284 and that your Scan Engine is 4.2.60
Run a full scan of the computer hard drive(s).
You will also need to Apply the MS03-026 patch to all vulnerable systems (Windows 2000, Windows XP and Windows NT).
This is the official alert from we released to our employees today…the virus calls the RPC DCOM service and launches an internal command to download the required files for the virus to work - this is a particulary nasty virus in that it doesnt necessarily come in as a file, but as a call to a service…very tricky
Matroxity, I’m not meaning to make you feel bad, but viruses need to be taken seriously; especially ones involving network commands and services…a well programmed virus would be like the “Keymaker” from the Matrix 2 movie.
Everyone might not understand what it can do ( or why it walks funny hahahahaha) but in the right hands the exploit can do some damage.
*Originally posted by Niann *
**Isn’t it an RPC (Remote Procedure Calll) issue? Where the RPC buffer gets over run and shuts the PC down? Or am I thinking of a seperate issue?
*Originally posted by prstudio *
Matroxity, I’m not meaning to make you feel bad, but viruses need to be taken seriously; especially ones involving network commands and services…a well programmed virus would be like the “Keymaker” from the Matrix 2 movie.
Everyone might not understand what it can do ( or why it walks funny hahahahaha) but in the right hands the exploit can do some damage.
Sry?
Yep, prsstudio said it ALL. Its name is msblast.exe. Go into ‘my computer’, search, all files and folders, select from browse : local disk, windows, system32. Type in search : MSBLAST.EXE. If it has a result of that name…your comp has that virus.
RCP is REMOTE PROCEDURE CALL.
I got rid of it!!! Well, all u need is a av prog. Prefably McAfee AV if you cant get better ones. Update it and install ALL the updates. Search thoroughly through local disk. Find it and delete that b-astard.
