-=PCTechTalk=- Re: Blaster-virus.
- From: "~OoO~" <SirTroth@xxxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Mon, 25 Aug 2003 09:36:08 -0400
Ok... if you notice in my post, I didn't say if the DLLHOST.EXE file existed on
your computer that you're infected. What I said was another variation would
have the DLLHOST.EXE running as a process. DLLHOST.EXE is a legitimate file.
That in itself is NOT a virus. However, if you see it running as a process,
that's just something that you want to investigate to make sure its a
legitimate process.
The worm that would cause this is called w32.Welchia.worm. That's one name.
Other names exist for this. Go here for details on how to remove it.
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
As a note... many viruses will use existing and legitimate apps that are on
your system, sometimes even apps that must run.
---Troth
----- Original Message -----
From: Glo
To: pctechtalk@xxxxxxxxxxxxx
Sent: Sunday, August 24, 2003 8:52 PM
Subject: -=PCTechTalk=- Re: Blaster-virus.
Whoa--I have DLLHOST.EXE found under C:\Windows\System. Its an application
and consists of 24 kb. I have w-me OS and am not supposed to get this
virus. Is there a real file with this name also? I mean, something that's
supposed to be in the system folder? I'm afraid to do anything with it,
since it says changing it could make your system not work properly.--Glo
----- Original Message -----
From: "~OoO~" <SirTroth@xxxxxxxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Sunday, August 24, 2003 3:12 PM
Subject: -=PCTechTalk=- Re: Blaster-virus.
> As already mentioned, you can have the patch emailed to you.
> Here's what you should do. Get the patch, and update the antivirus
program. AFTER you have the patch (nevermind installing the patch yet), and
AFTER you have the virus scanner up-to-date, THEN completely disconnect your
internet connection. If you're on dial-up, hang-up. If you're on broadband,
disable the ethernet connection in your NETWORK PLACES. Or, if that all
sounds too difficult, just power-down or unplug the cable or DSL modem.
>
> After you've disconnected, apply the MS patch. Then run the removal tool.
If you get errors, start-up in SAFE MODE and run the removal tool.
>
> For the removal tool, I would use McAfee's Stinger app. You can get it
from here:
> http://download.nai.com/products/mcafee-avert/stinger.exe
>
> After running this one, you can also run the Symantec removal tool, which
is the FixBlast. That one can be obtained from here:
> http://securityresponse.symantec.com/avcenter/FixBlast.exe
>
> After all that, restart your computer, and do a full virus scan with your
AV scanner.
>
> IMPORTANT: If you have a virus app running on your system, and it
quarantines a virus, as opposed to completely deleting it, the virus will be
completely safe from doing harm but will still be on your system. So, if you
go to an online scanner, such as Trend Micro's online virus scan, it might
tell you that you have the virus still, when in fact all its doing is
finding the quarantined virus that Nortons is safeguarding. In other words,
if ANY scanner tells you you're infected, see where the location of the
infected file is.
>
> With the blaster virus, doing a CTRL-ALT-DEL will show only the running
process, meaning the virus is active if its listed. For the blaster virus,
it would be MSBLAST.EXE. Another variation might show DLLHOST.EXE. If you
see that one, you're also infected.
>
> Although someone else offered their assistance, I'm going to go ahead and
email you the Microsoft Patch, so you won't need to download it from the
net. Will send it off-list privately to you.
>
> ---Troth
>
>
> ----- Original Message -----
> From: Sylviavandewall
> To: pctechtalk@xxxxxxxxxxxxx
> Sent: Sunday, August 24, 2003 5:01 PM
> Subject: -=PCTechTalk=- Re: Blaster-virus.
>
>
>
> Yes Kat, that is what I did but the page of Microsoft stays blanc, I
cant
> get it.
> Sylvia.
>
>
> > Well, you're going to continue to get it if you don't do the updates
to
> > Windows that will prevent getting reinfected every five minutes. A
> > virus app is only going to find it every time and tell you about it
not
> > prevent it from getting there in the first place. A removal tool only
> > removes it. It does not block it's reoccurrence. If the hole still
> > exists in your operating system, then like Ahhnold, it "will be back".
> >
> > First remove the virus using the removal tool you have. The virus
> > needs to be gone before you may be able to reach Windows Update. Then
> > immediately go to Windows Update and apply the patch, in fact ALL
> > critical and security updates, before it gets infected again. Then
make
> > sure your virus software is set to update new definitions *daily* and
to
> > delete if it cannot fix an infected file. Kat
> >
> > -----Original Message-----
> > From: pctechtalk-bounce@xxxxxxxxxxxxx
> > [mailto:pctechtalk-bounce@xxxxxxxxxxxxx] On Behalf Of Sylviavandewall
> > Sent: Sunday, August 24, 2003 12:13 PM
> > To: pctechtalk@xxxxxxxxxxxxx
> > Subject: -=PCTechTalk=- Re: Blaster-virus.
> >
> >
> > Hi Troth,
> > It's called "Lovesan.A" and we downloaded a antivirusprogram now.
> > Everytime we went on-line the
> > antirvirusprogram said she had that virus. Also she can't go into
a
> > lot
> > of sites when she goes on-line
> > and the site from microsoft with the update for the patch stays
> > blanc.
> > She has Windows-XP.
> > Sylvia.
> >
> >
> > > How do you know the virus is still there? What's finding it, and
> > what's
> > the exact name they're showing for the virus. There are a few
variations
> > that work differently.
> > > ---Troth
> > >
> > >
> > > Hello all,
> > > Already for two days I'm working on my daughters computer to get
> > rid
> > of the "Blaster-virus". I used the tool from Symantec in safe mode
with
> > System Restore disabled and than when I do a virusscan it says the
virus
> > is
> > gone but than it's back on her computer. I just don't know what to do
> > anymore, I'm not a technical person on the computer and me daughter is
> > worse
> > than I am. She didn't even have a antivirusprogram because, as she
said:
> > I'm
> > almost never on-line. Great, not very smart but the damage is done and
I
> > would love to help her but more than the tool for it from Symantic I
> > don't
> > know. Does anyone have some advice for me what to do.
> > > Thanks in advance.
> > > Sylvia.......Holland.
> >
> >
> > To unsub or change your email settings:
> > //www.freelists.org/webpage/pctechtalk
> >
> > To access our Archives:
> > http://groups.yahoo.com/group/PCTechTalk/messages/
> > //www.freelists.org/archives/pctechtalk/
> >
> > For more info:
> > //www.freelists.org/cgi-bin/list?list_id=pctechtalk
> >
> >
> > To unsub or change your email settings:
> > //www.freelists.org/webpage/pctechtalk
> >
> > To access our Archives:
> > http://groups.yahoo.com/group/PCTechTalk/messages/
> > //www.freelists.org/archives/pctechtalk/
> >
> > For more info:
> > //www.freelists.org/cgi-bin/list?list_id=pctechtalk
> >
> >
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
> //www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
> //www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
