MSCL.com

There's LIFE after death on the 'net
https://www.mscl.com/forum/

Anyone else get hit with the lovsan Virus?

https://www.mscl.com/forum/viewtopic.php?f=12&t=2665

Page 1 of 1

Anyone else get hit with the lovsan Virus?

Posted: Aug 12th 2003, 11:22 am
by Nothingman
Last night my computer restarted about 5 minutes after I connected to the internet. It gave me an error about a remote shutdown and a count down clock that counted down from 90 seconds and then restarted my computer. It only happens when I log on to the net. This morning I found out it was virus via the radio and that windows update should fix the problem. Trouble is, it is going to take forever to download the updates when my computer keeps restarting. I'm trying to figure out what updates I need so that I can download them here at work and take them home, but the system is automated to scan your computer and install it, when all I want is the file.

I was told to go to windowsupdate.com

I was curious if anyone else got hit with this and if they have fixed the problem yet.

Posted: Aug 12th 2003, 1:16 pm
by Sascha
I haven't been affected by "Lovsan" aka "W32.Blaster" thanks to my firewall, but a lot of PCs here at the university are unuseable. *sigh*.

Anyway, you should go to windowsupdate to download a patch (Microsoft InfoPage) to avoid further infections, but that won't solve your problem: You are already infected with a virus.

Symantec offers a removal tool to get rid of the worm here, so try this first.

There are also more infos about this worm at Symantec

Posted: Aug 12th 2003, 1:18 pm
by fnordboy
Luckily I haven't been hit by hit, but try this someone posted on another forum:
I succesfully used this procedure yesterday to end the Trojan actions:

Windows NT/2000/XP
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.

I also deleted the file from registry:

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"windows auto update"="msblast.exe"
Exit the Registry Editor.

I still have a file msblast.exe living on my drive in:

C Drive/Windows/Prefetch

But there are a ton of .exe files in that folder. Many are from 8/11.
Look on Symantec and see if there are any patches, and run Windows Update as soon as you can. So far I have seen many a few ways people have been clearing this up, but try to find an "official" way from one of the major anti-virus co's. That would be your best bet.

virus

Posted: Aug 12th 2003, 2:18 pm
by lance
I have not personally been hit by this virus. One of the sites that I normally go to (http://www.bartcop.com) appears to have been hit.

Lance Man
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/