Computer virus: worm_msblast dam

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

justleesa

justleesa

Neither here nor there
ScubaBoard Supporter
Scuba Instructor
Divemaster
Messages
16,091
Reaction score
24
# of dives
For all you computer savvy folks out there. Ran our routine scan last night (those things take forever!) and it showed that we have worm_msblast dam on our computer. My software tells me the virus is quarantined, are we safe? I surfed the net and found there should be a MS patch, tried to download it and it says that we have a more current version and can't DL it. Now what?

Ya know, I don't know how it could have snuck (is that a word?) on as we never open attachments, never open things from people we don't know, always update the current MS and virus protection stuff. How could this have happened?
 
right now it wouldn't let me delete it, am taking a closer look....deleting would be better, eh?
 
What virus software are you using? The Macafee site lists something called "worm_msblat.d", but it's pretty old and listed as "low-profile". Have you been updating stuff regularly?

I'm never quite exactly sure what they mean by "quarantined"; I think I'd want it gone altogether.

Sometimes the virus protection companies will offer complimentary removal tools for the more well-known critters. Try a net search. HIH chris
 
There's a removal tool for the Blaster worm here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Worms often don't require you to take any action in order to get infected. All you can do is:
* Keep your computer up-to-date with Windows updates (Auto-update is best)
* Have anti-virus software installed and keep it up-to-date (Auto-update is best)
* Have a firewall installed (Especially if you have a high-speed/always available internet connection.)
 
justleesa:
For all you computer savvy folks out there. Ran our routine scan last night (those things take forever!) and it showed that we have worm_msblast dam on our computer. My software tells me the virus is quarantined, are we safe? I surfed the net and found there should be a MS patch, tried to download it and it says that we have a more current version and can't DL it. Now what?

Ya know, I don't know how it could have snuck (is that a word?) on as we never open attachments, never open things from people we don't know, always update the current MS and virus protection stuff. How could this have happened?
Click to expand...

here is a link to a removal tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

and here is one that gives a discussion about it:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

as for how... it appears that this one finds you and does its deed. Are you connected via DSL or Cable? If so, keeping the computer on and connected is all that needed to happen. Nefarious folks have written programs to search IP addresses to find vulnerable computers to install. Nice, eh?

To quote Symantec:
"We recommend that you block access to TCP port 4444 at the firewall level, and then block the following ports, if you do not use the following applications:
  • TCP Port 135, "DCOM RPC"
  • UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability."

Most folks don't use DCOM (Distributed COM - for programming) or TFTP (a flavor of file transfer program) so blocking those TCP Ports is probably OK.
 
doole:
What virus software are you using? The Macafee site lists something called "worm_msblat.d", but it's pretty old and listed as "low-profile". Have you been updating stuff regularly ?
Click to expand...

I have Trendmicro on this computer, have been happy with it for several years. it alerts me of new stuff several times a day and I always update.... :(
This is what they have to say about it
 
ya, deleting would be better. But ya, ditto with Doole. Try looking for it on the website of your AV provider and if isn't listed (I'm sure it is though) report it.

Incase you need a reliable AV program: http://free.grisoft.com/doc/1 . I currently use it.
 
I have now deleted them and this is what the log had to say:

Files that have been quarantined are safe and present no threat to your computer.
View Virus logs to check if the file is a Trojan or worm. Trojans (names are typically: TROJ_<name>, VBS_<name>, JS_<name>) and worms (names are typically: WORM_<name>) should be deleted.

If you have selected a file, do you want to keep it?

Yes, I need this file (e.g., this file is irreplaceable or is an essential system file. If you are unsure, choose this option).
No, I want to remove this file from my computer.
Click to expand...

When I delete it is it totally gone or is it like a weed where a bit of the root gets stuck and it still causes trouble?
 
devolution365:
* Keep your computer up-to-date with Windows updates (Auto-update is best)
* Have anti-virus software installed and keep it up-to-date (Auto-update is best)
* Have a firewall installed (Especially if you have a high-speed/always available internet connection.)
Click to expand...

Check in all 3 cases....that is why I don't understand what happened

Thanks Steve, I guess that might explain it :wink:
 
You must log in or register to reply here.

Similar threads

boulderjohn
Rental computers and newer divers
7 8 9
Replies
87
Views
5,741
Eric802
Eric802
DandyDon
Unknown Two missing Lacs de l'Eau d'Heure, two bodies found - Plate Taille, Belgium
Replies
7
Views
1,590
JMarc
JMarc
R
Best place for Dive Masters?
Replies
7
Views
552
TMHeimer
TMHeimer
DannyoftheDeep
Greetings from the CSRA
Replies
2
Views
215
GLBryan
G
B
Questions about Dive Gear?
2
Replies
19
Views
2,185
Green Frog
G

Back
Top Bottom