Basically this worm looks for open connections on port 135 on your PC. If it finds port 135, it tries to install the worm. Even if it can't install itself on your PC, it's annoying because your PC is being bogged down by somebody else that has the worm. The best solution is to have a software or hardware firewall.

Have you patched your PC's yet? Has anyone gotten the dreaded "RPC Shutdown" message?

Links to solutions:

ZoneAlarm is a firewall that will block your PC from being attacked by the worm. Download and install Zone Alarm.

http://www.zonelabs.com/store....oad.jsp (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp)

Patch from Microsoft
http://www.microsoft.com/security/incident/blast.asp

Info on worm from Symantec:
http://securityresponse.symantec.com/avcente....rm.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html)

CERT Advisory:
http://www.cert.org/advisories/CA-2003-20.html

At least I don't have to patch my radio. One of the many wonderful things that make our hobby great.

Indulge an OP for a moment. What the hell is "blogging?"

Blogging is the act of keeping a weblog. A weblog is an online journal of your thoughts and feelings. I write about my experience being a new ham and growing into the hobby.

Description from Blogger:
http://www.blogger.com/about.pyra

Example of a good ham radio blog:
http://www.w8pgw.org/?q=blog/1

Don't think this applies, however something to post in the back of your head.

My computer started to run very slow, right around the time the "worm" was suppose to hit. Several Norton scans found nothing. I was ready to take the computer in for service BUT as a last resort I checked everything that was "looked at" during boot up.

The one program that stuck out was "GO BACK", usually given to you when you purchase the Norton products. I removed Go Back and the computer came back up to speed, then some. When I called the computer store they mentioned that the worm could have attacked this software, or it just may have been corrupt.

Either way, Xp has it's own way of going back, so the product is not needed.

-Sam

k3sam:

The worm shuts down Norton AntiVirus. If NAV shuts down unexpectedly, good chance you have the worm. Get the removal tool from the Symantec website.

If you are connected directly to the internet without a firewall, your PC is being pounded with copies of the worm out on the Internet trying to install itself on your PC. To stop this, you need to block port 135. You have XP, you may want to turn on the built in firewall. Long-term get Zone Alarm or a hardware firewall because XP's firewall suffers from utter bogosity.

It's truly insane not to have some sort of firewall to protect your PC. I like hardware firewalls because there's an actual isolation on the physical and network layers. Netgear works well and works with EchoLink for those who use EchoLink.

http://www.netgear.com/product....view=hm (http://www.netgear.com/products/prod_details.asp?prodID=131&view=hm)

Darn things cost $50. Also there's a $15 rebate.

The system I use for a front end is a 4/100 router w/ a built in firewall, and Norton AntiVirus and Internet Security. #

The Norton update for this was automatically sent to all registered users so I should be safe.

As mentioned, everything is back up at full speed.

BTW, I am on 24/7 with Powerlink by Adelphia so this DID concern me.

Thanks !
- Sam

And for alternative setups, just so you know that there are "choices" available........

I run a simple 2-box home network sharing the Internet behind a #Linksys BEFSR41 Router (http://www.linksys.com/), # NOD32 Antivirus (http://nod32.com/home/home.htm), # and #OutPost Pro (http://www.agnitum.com/) #software firewall.

For a better log viewer for the Linksys, the free #Wallwatcher (http://www.wallwatcher.com) #is available also.

Oh yeah, and BoClean (http://www.nsclean.com/boclean.html) for trojan protection.

73, Mike
kc5nyo

My computer is infected with Windows!

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (kf4lne @ Aug. 16 2003,12:42)</td></tr><tr><td id="QUOTE">My computer is infected with Windows![/QUOTE]<span id='postcolor'>
Isn't that the truth!

As for the blaster worm, people were saying it was supposed to do some &quot;big&quot; event yesterday (being Saturday, the 16th). Any one else hear this, or was it just me?

I have been Windows free since 1998. I don't miss Virus Scanners, Internet Explorer, lack of built in firewalling or rebooting one bit :)

Gentlemen

I have read on the tesco website that this little blighter doesnt effect windows 95, or 98 platforms.

Is this true ?

Best Wishes

Nigel G1ZFS

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (ke4pjw @ Aug. 17 2003,09:16)</td></tr><tr><td id="QUOTE">I have been Windows free since 1998. I don't miss Virus Scanners, Internet Explorer, lack of built in firewalling or rebooting one bit http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif[/QUOTE]<span id='postcolor'>
I only use it when I have to. There's just a few things you cannot get away from. If you're not running windows, what are you running? *nix I hope http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif. If so what distro?

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (G1ZFS @ Aug. 17 2003,10:27)</td></tr><tr><td id="QUOTE">Gentlemen

I have read on the tesco website that this little blighter doesnt effect windows 95, or 98 platforms.

Is this true ?

Best Wishes

Nigel G1ZFS[/QUOTE]<span id='postcolor'>
Yes this is true. It only attacks windows 2000/windows xp.

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (KC0JHM @ Aug. 16 2003,12:02)</td></tr><tr><td id="QUOTE">I only use it when I have to. There's just a few things you cannot get away from. If you're not running windows, what are you running? *nix I hope http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif. If so what distro?[/QUOTE]<span id='postcolor'>
On my workstation at home here I run Mandrake 9.1 and I started out with Redhat 6.0 with my workstation at work. The workstation at work has been upgraded to the point I don't think it should be called RadHat though.. (Compiled most things from source so rpm is now useless http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif )

I started out on Slackware in 1996 or so but it took a few years before I decided to completely dump Windows.

*nix is not for everybody, but it felt a whole lot more like home to me since I cut my teeth on Microware's OS-9 and not MS-DOS.

I see you are a BSDer. Nothing like running an honest to God, genetic Unix. http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif One of these days I will try it out. I hear Slackware was kinda BSDish, I know the init scripts were way different than what I am used to with RH and Mandrake.

This virus started about 2 weeks earlier but very sparse. Only had about 10 firewall hits trying to access port 135.

Then on Monday the 11th, between 1PM and 1 AM had over 1500 hits on a 24/7 connection.
The source IP's were from all over the world, just too many to actually look up, but a lot from Australia and Europe. Our servers in Orlando were overloaded.

During the past 3 days only about 5 hits to port 135 plus there is no way to tell if its LOVSAN or just random port scans.

There are a few people I know that installed the patch and now WIN XP refuses to boot even in safe mode by using the F8 key.

You would be surprised of the number of scans that are done every day, different ports and no particular ISP.

If the TFTP.EXE file was renamed or missing in the SYSTEM32 directory, the unprotected computer would keep re-booting but not be infected as the virus needed this file to write. The average computer user does not need this file.

I know a few computers that had File and Printer Sharing disabled on XP. It would not stop the re-boot but the virus would not write to the HD. It would try by putting the file in the startup directory but would be &quot;0&quot; bytes, and would give an error on reboot that XP could not execute the file.

A lot of people were having the problem of not being able to download the patch because of re-booting every 30 seconds. A temporary fix was click &quot;START&quot; then &quot;RUN&quot;, then type in
&quot;shutdown -a&quot;, but how many computer users knew that
command ?

It actually disabled the XP automatic update, you had to go into the system settings and turn it back on as you could not highlight anything.

I would suggest never run a Windows machine without a firewall no matter what version you have, and just open the ports you need for the internet.

I average over 75 port scan attempts daily, and our legislature says this is all legal.

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (ke4pjw @ Aug. 16 2003,12:52)</td></tr><tr><td id="QUOTE">http://www.qrz.com/iB_html/non-cgi/emoticons/wow.gif2--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (KC0JHM @ Aug. 16 2003,12http://www.qrz.com/iB_html/non-cgi/emoticons/wow.gif2)</td></tr><tr><td id="QUOTE">I only use it when I have to. There's just a few things you cannot get away from. If you're not running windows, what are you running? *nix I hope http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif. If so what distro?[/QUOTE]<span id='postcolor'>
On my workstation at home here I run Mandrake 9.1 and I started out with Redhat 6.0 with my workstation at work. The workstation at work has been upgraded to the point I don't think it should be called RadHat though.. (Compiled most things from source so rpm is now useless http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif )

I started out on Slackware in 1996 or so but it took a few years before I decided to completely dump Windows.

*nix is not for everybody, but it felt a whole lot more like home to me since I cut my teeth on Microware's OS-9 and not MS-DOS.

I see you are a BSDer. Nothing like running an honest to God, genetic Unix. http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif One of these days I will try it out. I hear Slackware was kinda BSDish, I know the init scripts were way different than what I am used to with RH and Mandrake.[/QUOTE]<span id='postcolor'>
Remember there are Unix Viruses, Now quit gloating or I'll send you one.

HAR!

-Chuck

http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (ke4pjw @ Aug. 17 2003,11:52)</td></tr><tr><td id="QUOTE">http://www.qrz.com/iB_html/non-cgi/emoticons/wow.gif2--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (KC0JHM @ Aug. 16 2003,12http://www.qrz.com/iB_html/non-cgi/emoticons/wow.gif2)</td></tr><tr><td id="QUOTE">I only use it when I have to. There's just a few things you cannot get away from. If you're not running windows, what are you running? *nix I hope http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif. If so what distro?[/QUOTE]<span id='postcolor'>
On my workstation at home here I run Mandrake 9.1 and I started out with Redhat 6.0 with my workstation at work. The workstation at work has been upgraded to the point I don't think it should be called RadHat though.. (Compiled most things from source so rpm is now useless http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif )

I started out on Slackware in 1996 or so but it took a few years before I decided to completely dump Windows.

*nix is not for everybody, but it felt a whole lot more like home to me since I cut my teeth on Microware's OS-9 and not MS-DOS.

I see you are a BSDer. Nothing like running an honest to God, genetic Unix. http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif One of these days I will try it out. I hear Slackware was kinda BSDish, I know the init scripts were way different than what I am used to with RH and Mandrake.[/QUOTE]<span id='postcolor'>
Ahh I ran mandrake for a couple months about 2 years ago. Played with redhat on and off and then got openBSD and got hooked. I have a few redhat servers in Phoenix running plesk (web servers). I'm not too familiar with Redhat but I do know my way around. I've never in my life touched slackware but have had the urge too.

I remember like the first month that I was running a redhat server I some how screwed up the RPM database. I could not rebuild it for the life of me. This was on a production server mind you. After that I said forget it and stick to only source now.

Linux fun http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif I have more *nix servers in my beloved sever room at work that w32 servers...me happy *nix user :)As soon as I get everything settled in my new house I hope to get my Linux server back up for linux-junkies.org...