W32.Blaster.Worm Virus

Submitted: Wednesday, Aug 13, 2003 at 22:16
ThreadID: 6560 Views:2386 Replies:4 FollowUps:12
This Thread has been Archived
For those living under a rock, theres a nasty virus around at the moment. It attacks Win2000 and XP machines.

Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me

Have a look here and update your AntiVirus..


The Removal Tool is located with instructions here-> http://download.com.com/3000-2092-10219754.html?tag=lst-0-1

One bloke has 2000PCs at work to do today and tomorrow :(

Back Expand Un-Read 0 Moderator

Reply By: koh - Wednesday, Aug 13, 2003 at 23:47

Wednesday, Aug 13, 2003 at 23:47
the virrus is a real threat .. will boot you off line most times befor you get a chance to get the update patch let alone the removal tool.. you need both

you need to run the fixblast removal tool plus the patch from microsoft

WindowsXP-KB823980-x86-ENU.exe(if you havent heard of this virus you will. so go get the patch if your on xp or 2k norts will remove it but wont stop it coming back which will test your patience no end..) to prevent you getting booted.. if you cant stay online long enough go to your mates place with a 98 box and dopwnload it from there.. follow the linx from symantec.

i have been busting this virus for a few weeks now for clients
cheers every one and thank you for the ppl that replied to my last post about dash pods... sorry for no response back but my mum past away and well you know the rest.

Hiway Digital
computer sales and service

if your up in it to your neck and cant get rid of it in which case you prob wont be reading this any ways so why am i bothering to write this... but any how .. if your in it up to your neck ill mail you a copy on disc.. email me
AnswerID: 27829

Follow Up By: Member - Paul T- Saturday, Aug 16, 2003 at 11:38

Saturday, Aug 16, 2003 at 11:38

I am running Windows ME and cannot hold a net connection any which way. My virus scanner (VET) is giving me the all clear, but I am not convinced I haven,t got a bug. Any clues.


PS I have connected to the net and sent this message via my laptop which is XP and firewall protected.PT
FollowupID: 19442

Follow Up By: koh - Tuesday, Aug 19, 2003 at 16:01

Tuesday, Aug 19, 2003 at 16:01
Sorry for the slow reply .. Went to the boat show in Perth ..

You won’t have the blaster worm with windows ME but may have something that could give similar symptoms however I would be looking in other directions first

If you can give me a few more symptoms ill try to nut it out for you.

Email me direct


Best regards

FollowupID: 19713

Reply By: UB.1 - Wednesday, Aug 13, 2003 at 23:55

Wednesday, Aug 13, 2003 at 23:55
So what its just a variation on the old W32 thats been around for 5 years. Any sysadmin with half a brain has already protected the network with a solid firewall and auto anti-virus scan. Serves him/her right if they didn't.

As for the rest of us, there is a free anti virus program on almost every IT magazine sold and regular updates. If you can't afford to buy the magazine go to the local library and borrow it or download it from the magazoine sites or;

While you're at it check your system for web bugs by getting ad-aware from

and checking you system's security by using UnPlug n' Pray, Shields Up and port probe at

Just copy the addresses I've provided into your browser's address window and hit enter to go to each address.

Taking precautions like these is like using a condom, if you know what I mean. Things are going to get worse before they get better in the IT virus world
AnswerID: 27831

Follow Up By: Member - Toonfish - Thursday, Aug 14, 2003 at 09:13

Thursday, Aug 14, 2003 at 09:13
i like the condom referral?
does that mean either way you are f d?1999 NISSAN NAVARA DUALCAB
FollowupID: 19201

Follow Up By: Truckster (Vic) - Thursday, Aug 14, 2003 at 11:52

Thursday, Aug 14, 2003 at 11:52
Maybe a variation, but its a new one that no AntiVirus picked up. So its not that new.

His network was infected by 1 user in Germany that use Dialup from Home, then took it to work (against co rules), and bang, nailed. Now he has 3-4 days work to clean it up...

Another link you forgot was http://windowsupdate.microsoft.com/, Probably the smartest of the lot, I run mine weekly.

Or an even better one

No Virus Problems

And for free antivirus and Firewall, like Zonealarm, Click Here

FollowupID: 19216

Follow Up By: UB.1 - Thursday, Aug 14, 2003 at 12:13

Thursday, Aug 14, 2003 at 12:13
Yes Truckster (or should that be Truck stir?) I deliberately left out MS because their sloppy coding caused the problem in the first place and most of their "fixes" need another fix to correct the other problems they create. But if you think MS is "...the smartest of the lot..." go for it!

Just in case you don't know: there are linux viruses but most people using linux well don't have a problem because of the firewall and AV configurations they use. The virus writers don't generally have a gripe against Linux because its open source. MS is different as its seen as "the evil empire". Also Linux doesn't get the publicity that MS gets.
FollowupID: 19218

Follow Up By: Groove - Thursday, Aug 14, 2003 at 13:05

Thursday, Aug 14, 2003 at 13:05
Actually UB1 this is a totally new virus. Technically the virus is the blaster virus. the w32 is added so that the publlic know it is a windows virus ie 32 bit versions of windows.

All windows virus are identified with a w32. The TCP ports this virus uses also have legitimate uses so not all firewalls would have avoided this virus, so even sysadmins with three quaters of a brain might have been afected by this one.
FollowupID: 19223

Follow Up By: Truckster (Vic) - Thursday, Aug 14, 2003 at 13:22

Thursday, Aug 14, 2003 at 13:22
So patching the faults is a dumb thing to do? You would put it in the "dumbest of the lot"? Not running Updates and patches is moronic!

Yup, there are virus for Linux, around 100th if that of as many for WInderz.

People carrying on about the Evil Empire and crap are just stupid.

Agree Linux doesnt get the publicity, for a Shait reason, MS dont want people to see the options.

Mandrake Linux or Redhat, Or Suse all are brilliant operating systems.

I have Mandrake 9 on a second PC here, Im learnin, and love it. Does everything Windows does, just different. It has Office, Web Editing, Games, etc..

Its not everyones cuppa T, but even as a firewall on an old P300 would be a good thing, I have it on an AMD900 384 meg Ram, just a spare machine really.

DELL for a while brought out PC's standard with Linux as an option, as have HP and I think Compaq. But they didnt sell, people were scared of change.

FollowupID: 19226

Reply By: Dennis (Brisbane) - Thursday, Aug 14, 2003 at 13:04

Thursday, Aug 14, 2003 at 13:04
Can't see how the link to Microsoft was a bad one..............I thought it was a no brainer to keep software updated?

For anyone who bothered to actually use the update site regularly the security issue that let this particular worm get in to your computer was addresses ages ago.

Hence with the Microsoft supplied (in XP) firewall turned on and the computer kept updated I didn't get hit with it.

A friend running Nortons systemworks (updated regularly) got the virus despite it's inbuilt protection, simply because she didn't use MS update.

And yes I do also run 3rd party AV & firewall protection as well.
AnswerID: 27871

Follow Up By: UB.1 - Thursday, Aug 14, 2003 at 14:55

Thursday, Aug 14, 2003 at 14:55
As usual T'stir is trying to put words in someone else's mouth. What's up, like your own voice too much? Read what I actually said not what you want me to say.

I objected to the MS is" the smartest of the lot" for protection when its not. Running decent protection and taking responsibility for your system is the smartest way. Stop trying to put people down all the time and try being nice it might help.

Of course updates are useful but be wary: SP1 for XP for example, did little for most people except make it more vulnerable. The XP firewall is just better than nothing but the original version left the system more vlunerable than not running it.

Just to put things in perspective; I haven't had a virus in 5 years and I've got students who regularly try to infect a test system.

And not one of you has commented on the post about the usefulness of the grc website et al. I pointed out that the sites I provided are useful for the things I suggested. It was never meant to be a complete listing but T'stir gets stuck in over the omission of the MS site that everyone knows about anyway. Why is that? Does he own MS shares or something? Or is he just being obnoxious?

So I get attacked because I have a slightly different opinion. What a pack mentality!!
FollowupID: 19236

Follow Up By: KG - Thursday, Aug 14, 2003 at 19:46

Thursday, Aug 14, 2003 at 19:46
oh for crying out loud... I see this crap on every other forum I'm on.. this is a FOUR WHEELED BLOODY DRIVE FORUM!!!

now see... you've p*ssed me off enough to perpetuate this thread...
to quote UB.1 "SP1 for XP for example, did little for most people except make it more vulnerable" and what piece of enlightened linux / open source zealotry are you basing that on?

good on truckster for at least informing joe public about the bloody worm, the more people find out about it, the more people patch, the less hosts for the worm to propagate from. it's not rocket science.


FollowupID: 19283

Reply By: UB.1 - Thursday, Aug 14, 2003 at 21:37

Thursday, Aug 14, 2003 at 21:37
Agree KG
But 2 things -
1 T'stir mentioned Linux not me - so have a go at him
2 Don't believe me about windows SP1 check with the experts Gibson Research at the address I gave you.

So like I told T'stir read what I actually said and don't p*ss me off

AnswerID: 27954

Follow Up By: Truckster (Vic) - Thursday, Aug 14, 2003 at 23:38

Thursday, Aug 14, 2003 at 23:38
Gibson research Experts? LMAO..

Expert.. Drip under Pressure.
FollowupID: 19323

Follow Up By: UB.1 - Saturday, Aug 16, 2003 at 15:52

Saturday, Aug 16, 2003 at 15:52
Wow you are accomplished! Both ends issuing at the same time.
FollowupID: 19459

Follow Up By: Truckster (Vic) - Sunday, Aug 17, 2003 at 20:05

Sunday, Aug 17, 2003 at 20:05
You would know? LMAO
FollowupID: 19537

Sponsored Links

Popular Products (11)