I spent a whole another day talking to people about their blaster worm issues and helping them to get their computers working again. I will do it all over again today. I'm so relieved and happy to know that people are starting to relax and be patient. Everyone seems to understand they're not the only one with this problem, and therefore hold times aren't getting them too stressed. I've been refunding anyone who calls and has the virus. Mostly just for customer satisfaction purposes. But most of them are just grateful to get a human being on the other end to help them.
Did you know that there are now two (at least two, anyway) variants of the worm?
Here's what I found. If you want this worm off of your machine and you don't want it back, it's pretty freakin' simple. These steps are not any big surprise, and they're also not rocket science.
1. Run the fixblast.exe utility found at Symantec's website. If you have MORE than one virus at present, run the Stinger utility at McAfee's site. It should get rid of Blaster (although they call it lovsan) plus a bunch of other virii.
2. Install a firewall (the free version of ZoneAlarm works just fine.)
3. Patch your machine (get all the critical updates available to you at the Windows Update site that are related to security after making sure you have the most recent service pack installed. Make ABSOLUTELY SURE to disable your antivirus software AFTER downloading the service packs & security updates, and before installing them. Upon rebooting your AV will start again).
4. Make sure you're not running IIS unless you NEED to be. (that has nothing to do with THIS particular worm, just good practice. Lots of people install everything with 'custom settings' and install every last thing they can. That's dangerous when you don't know what all those 'optional networking components' actually do.)
5. Keep your antivirus .dat files up-to-date. If you don't renew your 'live update' subscription, then you may as well not be running antivirus at all, because antivirus software is only as good as its most recent .dat file.
6. Run Ad-Aware (or SpybotS&D or whatever) at least once a week. With Ad-Aware, make SURE you've got the 6.181 engine installed. If you don't remove it from your machine, go to lavasoftusa.com and download it from MajorGeeks. EVERY time you run it, before you start, click on 'check for updates' and install them. Because just like AV software, your spyware-fighting software is ALSO only as good as it's latest updates.
I've been reading people blaming Microsoft and Antivirus companies for this debacle. Well here's me telling you this: The person to blame is the asshole who wrote the worm's code. Microsoft and Antivirus companies are not to blame. You're not to blame. The person out there who released this malicious code is. The sooner we all wrap our (sometimes closed) minds around that, the sooner we'll start focusing on legislation to try to stop these people. If you waste time putting the blame in the wrong place, the one guilty party sits back and laughs while he SHOULD be sweating in fear.
I would add that there is no way to know what might have been done to your system while it was vulnerable. Our security officer thinks more has been done by these worms than is being reported. He's seen certain anomalies about how some computers were exploited. He suspects, and others in the IT world agree, that other ports have been used, but not documented in existing reports on the exploit.
Good Luck!!
Did you know that there are now two (at least two, anyway) variants of the worm?
Here's what I found. If you want this worm off of your machine and you don't want it back, it's pretty freakin' simple. These steps are not any big surprise, and they're also not rocket science.
1. Run the fixblast.exe utility found at Symantec's website. If you have MORE than one virus at present, run the Stinger utility at McAfee's site. It should get rid of Blaster (although they call it lovsan) plus a bunch of other virii.
2. Install a firewall (the free version of ZoneAlarm works just fine.)
3. Patch your machine (get all the critical updates available to you at the Windows Update site that are related to security after making sure you have the most recent service pack installed. Make ABSOLUTELY SURE to disable your antivirus software AFTER downloading the service packs & security updates, and before installing them. Upon rebooting your AV will start again).
4. Make sure you're not running IIS unless you NEED to be. (that has nothing to do with THIS particular worm, just good practice. Lots of people install everything with 'custom settings' and install every last thing they can. That's dangerous when you don't know what all those 'optional networking components' actually do.)
5. Keep your antivirus .dat files up-to-date. If you don't renew your 'live update' subscription, then you may as well not be running antivirus at all, because antivirus software is only as good as its most recent .dat file.
6. Run Ad-Aware (or SpybotS&D or whatever) at least once a week. With Ad-Aware, make SURE you've got the 6.181 engine installed. If you don't remove it from your machine, go to lavasoftusa.com and download it from MajorGeeks. EVERY time you run it, before you start, click on 'check for updates' and install them. Because just like AV software, your spyware-fighting software is ALSO only as good as it's latest updates.
I've been reading people blaming Microsoft and Antivirus companies for this debacle. Well here's me telling you this: The person to blame is the asshole who wrote the worm's code. Microsoft and Antivirus companies are not to blame. You're not to blame. The person out there who released this malicious code is. The sooner we all wrap our (sometimes closed) minds around that, the sooner we'll start focusing on legislation to try to stop these people. If you waste time putting the blame in the wrong place, the one guilty party sits back and laughs while he SHOULD be sweating in fear.
I would add that there is no way to know what might have been done to your system while it was vulnerable. Our security officer thinks more has been done by these worms than is being reported. He's seen certain anomalies about how some computers were exploited. He suspects, and others in the IT world agree, that other ports have been used, but not documented in existing reports on the exploit.
Good Luck!!
