Discussion:
Blaster.worm has f*ck*d up some machines - what can I do?
(too old to reply)
Devast8or, work
2003-08-22 13:03:34 UTC
Permalink
Hi all,

Looks like w32.blaster.worm has paid some of our computers a little visit.
Then worm is gone, but the machines are still pretty weird.

Moving icons on the desktop is impossible.
If you rightclick the LAN-connection icon and press properties you get an
error. If you doubleclick the icon nothing happens.
If you open up add/remove programs it looks really weird. In the top there's
some text (don't remember what it says), and there's no program list. The
background of this window is blue and white IIRC.
And you can't send e-mail.

Anyone know what I can do about it? Reinstalling everything means sending
the computers back and forth via courier service, so that's something we
would really like to avoid.

TIA for any help

Devast8or
Tim H.
2003-08-22 18:31:08 UTC
Permalink
Post by Devast8or, work
Hi all,
Looks like w32.blaster.worm has paid some of our computers a little visit.
Then worm is gone, but the machines are still pretty weird.
Do you have any kind of A/V protection? Blaster isn't known to be
destructive. So whatever else is going on could be attributed to another
virus or general Windows flubs.
Post by Devast8or, work
Moving icons on the desktop is impossible.
If you rightclick the LAN-connection icon and press properties you get an
error. If you doubleclick the icon nothing happens.
If you open up add/remove programs it looks really weird. In the top there's
some text (don't remember what it says), and there's no program list. The
background of this window is blue and white IIRC.
And you can't send e-mail.
If you can open Internet Explorer, go into Help....About and see if you have
anything for Version, Cipher strength, etc. If not, then the windows
scripting host has gone kaput. You can restore it like so:

Start -> Run -> regsvr32 jscript.dll

If you're still having problems, do a virus scan with the most up to date
definitions.

-Tim
Post by Devast8or, work
Anyone know what I can do about it? Reinstalling everything means sending
the computers back and forth via courier service, so that's something we
would really like to avoid.
TIA for any help
Devast8or
Devast8or
2003-08-22 20:59:50 UTC
Permalink
Post by Tim H.
Post by Devast8or, work
Hi all,
Looks like w32.blaster.worm has paid some of our computers a little
visit. Then worm is gone, but the machines are still pretty weird.
Do you have any kind of A/V protection? Blaster isn't known to be
destructive. So whatever else is going on could be attributed to
another virus or general Windows flubs.
All machines are running Norton AV corporate edition, updated daily at noon.

It could be something other than Blaster (that's just what one of the other
guys at work told me did it - and all machines I have seen this on did,
indeed, have blaster). I don't think it's just Windows that shit itself,
beacuse we've seen this on several machines in the past 2 days, but never
before.
Post by Tim H.
Post by Devast8or, work
Moving icons on the desktop is impossible.
If you rightclick the LAN-connection icon and press properties you
get an error. If you doubleclick the icon nothing happens.
If you open up add/remove programs it looks really weird. In the top
there's some text (don't remember what it says), and there's no
program list. The background of this window is blue and white IIRC.
And you can't send e-mail.
If you can open Internet Explorer, go into Help....About and see if
you have anything for Version, Cipher strength, etc. If not, then the
Start -> Run -> regsvr32 jscript.dll
Great, I'll try that the next time I see it.
Post by Tim H.
If you're still having problems, do a virus scan with the most up to
date definitions.
Been there, done that.

(first thing we do if we think something's there - actually it's the second.
The first thing is checking in registry what it's running at startup :)

Thanks for the advice.

Devast8or
JMBCV
2003-08-23 08:16:21 UTC
Permalink
Post by Devast8or, work
Hi all,
Looks like w32.blaster.worm has paid some of our computers a little visit.
Then worm is gone, but the machines are still pretty weird.
Reinstalling everything means sending the computers back and forth via
courier service, so that's something we would really like to avoid.
another expert
why you no have image you HDDs
Devast8or
2003-08-23 08:27:11 UTC
Permalink
Post by JMBCV
Post by Devast8or, work
Hi all,
Looks like w32.blaster.worm has paid some of our computers a little
visit. Then worm is gone, but the machines are still pretty weird.
Reinstalling everything means sending the computers back and forth
via courier service, so that's something we would really like to
avoid.
another expert
why you no have image you HDDs
We have, but the computers are spread all over the country (they're used in
a chain of flowershops for an ordering system). Reinstalling everything
isn't a problem when we have the computer, but that involves shipping it
back and forth with downtime as a result - something we would really like to
avoid.

Devast8or

Loading...