| Topic: |
Religions > Atheism |
| User: |
"Liz" |
| Date: |
12 Aug 2003 10:05:25 PM |
| Object: |
Re: OT - Blaster Virus |
On Wed, 13 Aug 2003 00:36:22 GMT, Steve Knight <wooly@onic.net> in
news message <g60jjv892pig2kl0k67f5v8uo5n2c0rh54@4ax.com> wrote:
I'm not sure but is the RPC part of the really annoying action when
the computer screws something up and wants to call home with a report
to MS? Anybody got a registry fix for this?
Sorry, didn't read see this part the first time around. Yes, I do.
From:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit
Then click OK. (The Registry Editor opens.)
c. Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
d. In the right pane, delete the value:
"windows auto update"="msblast.exe"
e. Exit the Registry Editor.
Good luck.
Überwench #658 Now a *real* atheist!
Dame Liz the Undaunted BAAWA
Charter Member of SMASH
and Queen of the known universe
.
|
|
| User: "Mike Smith" |
|
| Title: Re: OT - Blaster Virus |
13 Aug 2003 09:54:51 AM |
|
|
Liz <ehuth1@donotspam.com> wrote:
=a. Click Start, and then click Run. (The Run dialog box appears.)
=b. Type regedit
=
= Then click OK. (The Registry Editor opens.)
=
=c. Navigate to the key:
=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
=
=d. In the right pane, delete the value:
=
="windows auto update"="msblast.exe"
Easier way:
http://www.mlin.net/StartupCPL.shtml
__________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Mike Smith | aa #1164 | Founder of SMASH
__________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
"He that believeth not shall be damned." - Mark 16:16
.
|
|
|
| User: "" |
|
| Title: Re: OT - Blaster Virus |
13 Aug 2003 09:54:22 PM |
|
|
On Thu, 14 Aug 2003 00:02:02 GMT, Steve Knight <wooly@sonic.net>
wrote:
On Wed, 13 Aug 2003 14:54:51 GMT, Mike Smith <mikesmith@godisdead.com>
wrote:
snip
Easier way:
http://www.mlin.net/StartupCPL.shtml
Thanks!
Cool program.
Warlord Steve
BAAWA
www.sonic.net/~wooly
How about "Start>run" type "msconfig" and ok it. Check the selective
startup dot, then click the "startup" tab?
1,$d
shiftbrain
.
|
|
|
|
|
| User: "Liz" |
|
| Title: Re: OT - Blaster Virus |
13 Aug 2003 05:52:00 AM |
|
|
On Wed, 13 Aug 2003 03:38:29 GMT, Steve Knight <wooly@sonic.net> in
news message <kgbjjvc38tv006p39vevl7fjcc5kgjalk5@4ax.com> wrote:
On Wed, 13 Aug 2003 03:05:25 GMT, Liz <ehuth1@donotspam.com> wrote:
On Wed, 13 Aug 2003 00:36:22 GMT, Steve Knight <wooly@onic.net> in
news message <g60jjv892pig2kl0k67f5v8uo5n2c0rh54@4ax.com> wrote:
I'm not sure but is the RPC part of the really annoying action when
the computer screws something up and wants to call home with a report
to MS? Anybody got a registry fix for this?
Sorry, didn't read see this part the first time around. Yes, I do.
From:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit
Then click OK. (The Registry Editor opens.)
c. Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
d. In the right pane, delete the value:
"windows auto update"="msblast.exe"
The Run says 'value not set'
The next one says Run_Disabled, it has 'msblast.exe' at the bottom
of the right pane but it has other values above it like my burner etc.
Delete 'msblast.exe' only?
Ack! I can't tell you. The above directions worked exactly for me.
I did not have a Run_Disabled in my registry. I'd make a backup of
the registry and then delete the 'msblast.exe' only. Of course, you
might want to get a second opinion on this.
Did you check to see if 'msblast.exe' is erased from WINNT/system32?
For those of you reading this and are not fully informed about the
Registry, don't mess with it unless you are an advanced user. It's a
place of serious damage. I'm on XP Pro now so rarely need to mess
around with it. Present moment to the contrary.
Steve is correct. Don't edit the registry unless you know what you
are doing.
Überwench #658 Now a *real* atheist!
Dame Liz the Undaunted BAAWA
Charter Member of SMASH
and Queen of the known universe
.
|
|
|
| User: "Brian F. King" |
|
| Title: Re: OT - Blaster Virus |
13 Aug 2003 11:25:33 AM |
|
|
Liz <ehuth1@donotspam.com> wrote:
On Wed, 13 Aug 2003 03:38:29 GMT, Steve Knight <wooly@sonic.net> in
news message <kgbjjvc38tv006p39vevl7fjcc5kgjalk5@4ax.com> wrote:
On Wed, 13 Aug 2003 03:05:25 GMT, Liz <ehuth1@donotspam.com> wrote:
<whack>
c. Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
d. In the right pane, delete the value:
"windows auto update"="msblast.exe"
The Run says 'value not set'
Click on the "+" in the left pane to expand the "Run" key.
There should be a decent number of *sub*-keys on any normal system.
If there's a sub-key that says "windows auto update=msblast.exe"
in the right pane, that's the one they're telling you to delete.
Or, read below...
The next one says Run_Disabled, it has 'msblast.exe' at the bottom
of the right pane but it has other values above it like my burner etc.
Delete 'msblast.exe' only?
Ack! I can't tell you. The above directions worked exactly for me.
I did not have a Run_Disabled in my registry. I'd make a backup of
the registry and then delete the 'msblast.exe' only. Of course, you
might want to get a second opinion on this.
In Windows XP, click on the Start Button and then Run.
Key in "MSCONFIG" and hit enter.
A window should pop up.
Click on the "startup" tab.
That's a list of all programs that run when windows starts.
[The list is stored in the \H_L_M\...\Run key that's listed above.]
Unchecking "msblast" would have the same effect as
deleting the key mentioned, without the risk of
editing your registry**.
[It would, however, leave open the possibility of you
accidentally reactivating that key...]
If the virus is RUNNING, I would imagine it would try to
_put back_ the key regardless of whether you "deactivate"
it or delete the key entirely.
** Use this to clean up your start-up as well.
Uncheck ANYTHING you don't want running when Windows starts.
You can't break anything; if you have a problem {say, your
volume control goes away}, just go back in and put the checkmark
back for that one item.
Did you check to see if 'msblast.exe' is erased from WINNT/system32?
That would be a must-do before playing with the registry.
Personally, I would also hard-boot the machine immediately
after deleting that file so that any virus wouldn't have a
chance to recreate itself when you politely tell it that
Windows is shutting down.
But that's just me. I'm mean to Windows. 8-)
With any luck, after restarting windows {politely or meanly}
you'll get an "error" saying that it can't find msblast.exe ...
*Then* clean out the registry.
For those of you reading this and are not fully informed about the
Registry, don't mess with it unless you are an advanced user. It's a
place of serious damage. I'm on XP Pro now so rarely need to mess
around with it. Present moment to the contrary.
Steve is correct. Don't edit the registry unless you know what you
are doing.
Überwench #658 Now a *real* atheist!
Dame Liz the Undaunted BAAWA
Charter Member of SMASH
and Queen of the known universe
.
|
|
|
| User: "Al Klein" |
|
| Title: Re: OT - Blaster Virus |
13 Aug 2003 11:18:08 PM |
|
|
On 13 Aug 2003 09:25:33 -0700, (Brian F. King)
posted in alt.atheism:
Unchecking "msblast" would have the same effect as
deleting the key mentioned, without the risk of
editing your registry**.
[It would, however, leave open the possibility of you
accidentally reactivating that key...]
If the virus is RUNNING, I would imagine it would try to
_put back_ the key regardless of whether you "deactivate"
it or delete the key entirely.
Three-fingered salute (Ctrl-Alt-Del). Click on Task Manager. Click
on the Processes tab. Click on the Image Name header to alphabetize
the column. Look for msblast. If it's there, highlight it and click
on End Process.
--
"I have never imputed to Nature a purpose or a goal, or anything that could beunder-
stood as anthropomorphic. What I see in Nature is a magnificent structure that we can
comprehend only very imperfectly, and that must fill a thinking person with a feeling of
humility. This is a genuinely religious feeling that has nothing to do with mysticism."
- 1954 or 1955; quoted in Dukas and Hoffman _Albert Einstein the Human Side_, p. 39
(random sig, produced by SigChanger)
rukbat at optonline dot net
.
|
|
|
|
|
|
|
Related Articles |
|
|
