There is a virus going around right now called the W32.Blaster.Worm or the W32/Lovsan.Worm. If you have this virus, when you attempt to connect to the internet, a warning message appears telling you you have a major error and that your system is about to be shut down. The system then reboots.
~ Make sure you have the latest updates to your virus scan software. If you are able to connect to the internet long enough, download the latest virus definition files and reboot. Then run a complete virus scan of your system.
~ Also search your hard drive for the file "MSBLAST.EXE" - if you find it, you have the virus! Follow the instructions in the following two bullets.
~ Microsoft has created a patch. It is downloadable here. If you have the virus, in many cases you must download the patch before you can remove the virus. If you are not infected, the patch will prevent the virus from infecting your system.
~ McAfee has posted information about the virus and what to do if you have their virus scan software here. Norton has done the same thing here.
At the very least, everyone needs to ensure their virus scan software is up-to-date and run regular scans. Also download the Microsoft patch.
Michelle, I can't believe you posted this today, I tried logging on to my laptop last night and was unsuccessful, I got this message you are talking about. I will try this procedure. Do you think there are any long term effects this might leave on my laptop?
Our systems administrator informs me that it doesn't appear to have any long-term effects. But it's still important to get rid of the virus ASAP. Download the patch and follow the instructions from your virus-scan software.
Since the virus impairs your internet ability, you might consider downloading the patch and virus-scan definition files on another computer, burning them to a floppy or CD, and installing them on your laptop from there.
Now posting as MichelleP.
Yup... I have the virus.. but when I try and download the patch, the machine shuts down before I get through the process! Dont have time between now and when I leave to figure this out.
Have to get my sons to deal with it.
Surprised because I thought my anti virus software was pretty current.
I just downloaded the latest definition files from Norton to protect my laptop. An urgent message came over our company system. Called the wife at home and she said we have the virus on our machine there. It keeps shutting down windows.
I'm getting the same thing Thomas. They're either overloaded or they're updating the system.
The worm is set to bombard Windows Update and overload it on August 16. I know Microsoft is working frantically to install techniques to prevent this. It could be that they are doing some sort of maintenance toward that end which is momentarily preventing the site from being accessible.
Now posting as MichelleP.
I have the latest definition files on my laptop now. If I download them onto a disk and then try to put them on my machine at home, how can I do this when the computer won't power up Windows?
I remember when these things ran on MS-DOS platform you could slide a disk in the A: drive when powering up and that was the first thing the CPU read. Then you could manage files through DOS. But now since the platform is Windows does it still work the same way?
Got the fix done on my office computer. Home desk top is creating more of a problem to fix.
And my home laptop, the only machine not infected with the virus, froze from a different cause while installing the windows update, and now it won't even boot up. UGGHH.
Weird...and hard to believe, but this is the first virus I've ever got, that made it through the anti virus software.
Unfortunately I'm no expert, so I'm not sure what to do if you can't access the internet.
Here's what Norton says about removing the virus (hope it's not against the rules to post this, as it may help someone, plus I've tweaked it a bit):
As an alternative to using the removal tool, you can manually remove this threat.
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before you can continue with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
Because of the way the worm works, it may be difficult to connect to the Internet to obtain the patch, definitions, or removal tool before the worm shuts down the computer. It has been reported that, for users of Windows XP, activating the Windows XP firewall may allow you to download and install the patch, obtain virus definitions, and run the removal tool. This may also work with other firewalls, although this has not been confirmed.
Disable System Restore (Windows XP).
Update the virus definitions.
End the Trojan process.
Run a full system scan and delete all the files detected as W32.Blaster.Worm.
Reverse the changes that the Trojan made to the registry.
For details on each of these steps, read the following instructions.
1. Disabling System Restore (Windows XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
2. Updating the virus definitions
Download the latest virus definition files from either Norton or McAfee. See if your virus scan software has an "auto-update" or "live update" feature that will do it automatically.
3. Ending the Worm process
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.
4. Scanning for and deleting the infected files
Start your antivirus program and make sure that it is configured to scan all the files.
Run a full system scan.
If any files are detected as infected with W32.Blaster.Worm, click Delete.
5. Reversing the changes made to the registry
CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start, and then click Run. (The Run dialog box appears.)
Darn, isn't there an easier way? I tried to click on the link above to get instructions to turn off windows System Restore and got a "page cannot be displayed" message. Apparently too many users again.
Thomas (who can't understand why a program can't be written to just click on and it scans your machine and fixes the problem)
What windows are you using? It could be that you login as normal user without admin privilege and it won't let you change the system properties.
In a previous post you asked about booting to DOS, try this to see if it will work:
1. turn on PC
2. immediately press and hold down the F8 key until you see a menu offering you boot-up choices.
3. select the command prompt option
Another thing to try is to use the steps above and pick safe-mode from the boot up menu. Then see if you can update the virus signatures and run your scan.
Yep, we were hit yesterday with this virus. Shut down our people in the field. Guess who got to spend ALL of today insalling the "fix" and the "patches"? Our computer guy was overwhelmed with all of the other sites that were hit...so I got to play "computer guru" today. It is really quite tiring. Not to mention, that I didn' t get any of my work done today. Seems this virus is only affecting Windows 2000, XP and possibly 2003?
I have ME at home and it didn't affect it ...and we have a couple of Windows 98 at work that were not affected. Our computerguy thinks there will be an even stronger virus within a week. Keep your antivirus up to date!
Mary Lou Scanlon
NCL Pride of America April 24, 2010
NCL Epic February 12, 2011
RCCL Allure of the Seas - September 18, 2011
Celebrity Eclipse - February 11, 2012:
RCCL Navigator OTS - February 9, 2013
This has been known for a month or so and if you happened to find out about it or receive a war4ning from Microsoft you could have gone to MSN.com and downloaded a patch that keeps this from attacking your computer. Fortunately we had done so and because of this and Norton it has not affected my home computer.
Thanks Michelle for that info. My computer's been down off and on for 2 days, and it seems like I have the virus, despite all the anti-virus stuff we have. Will check out your recommendations. As if I don't have enough to do (PACKING!!)
Well I got my home computer fixed. I copied the blasterfix.exe file from work onto a floppy and powered up my home computer. As soon as I could access the floppy drive I ran the fix-it program before the worm had a chance to shut down windows. Once the program found the virus and deleted it I was able to run a Norton scan and download a patch.
Back in business again...............until the next worm/virus comes.
Yep, I pretty much sat here all day at work and did NOTHING but research for the cruise. Getting paid to find shore excursions is pretty cool. So, we're doing the dolphin swim in Cozumel and horesback riding/snorkeling/reef runner at Tres Rios in Playa del Carmen/Cancun.
This virus is not spread by e-mail. Infected computers scan the internet looking for other machines running Windows that have an open security hole -- one that has not been "patched" or given a fix from Microsoft. The worm then sends itself to those computers.
You can get the virus by just being connected to the internet.
Now posting as MichelleP.
Kuki, go to symantec.com and you should find it there. Download it to your laptop and then copy the file onto a floppy. Take it home and power up your computer with the disk ready to go in the drive. Click on run as soon as possible and then point it to the floppy.
Well, whatever I am doing it works for me. I don't have the virus despite the fact that I am connected to the Web practically 24 hours a day. I haven't had a virus in over 2 years.
I have a Linksys hub for my cable modem with a built-in firewall. And I use McAfee which I update from the web everytime it notifies me that an update is available. I also update my windows everytime I get a message from MicroSoft that Windows updates are available.
Oh, I also NEVER open an attachment unless it is a .doc ,jpg or .gif
and never any of those unless I know the persoon who sent it to me.
I also have active-x disabled for my email.
I am the editor, but I also speculate, ask questions and play devil's advocate. I reserve the right to change my mind.
You're lucky Paul, some of those steps, especially updating McAfee regularly, are protecting you from the most common types of viruses.
Some nerds out there consider it a challenge to beat the anti-virus software, therefore write programs which infect your machine before the anti-virus software companies can recognize it and create a fix.