My mom's computer had the worm, so we went through this process. The problem was, every time the computer reconnected to the internet, the worm came back with the MSBLAST files. We were able to 'deworm' by downloading and installing the patch as the first step, instead of last.
Dear MY ISP Members, We are writing to inform all of our customers running Microsoft Windows 2000 or XP operating systems of a recent viral threat to the Internet. If you do not have any computers running either of these operating systems, you may disregard this alert. The most recent virus threat to the Internet, "W32.Blaster.Worm", also known as, W32/Lovsan.worm [McAfee], Win32.Poza [CA], Lovsan [F-Secure], WORM_MSBLAST.A [Trend], W32/Blaster-A [Sophos], W32/Blaster [Panda] has been upgraded by Symantec to a Category 4 (of 5) threat. This worm exploits the DCOM RPC vulnerability using TCP port 135. It then attempts to download and run the Msblast.exe file. Although the main activity of this worm is set to trigger on 8/16/03, the worm's impact is already being felt as the traffic generated by the propagation decreases the overall throughput of everyone accessing the Internet. Due to the widespread propagation of this worm and serious nature of the threat, we are alerting all of our customers and request that you take immediate steps to ensure all of your machines are secured against this worm. For further detail regarding this worm, please visit: Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html McAffee: http://us.mcafee.com/virusInfo/default.asp?id=lovsan To remove this worm from your system, please visit: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html Once you have removed the worm from your system, please download the patch detailed in Microsoft Security Bulletin MS03-026: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp This bulletin's FAQ details other options for securing your machine against this threat. Additionally, we ask that you run a full 'Microsoft Update' to ensure your machine is fully protected from this worm and any other security concerns. It will be necessary to reboot all machines that are patched and updated, otherwise the updates will not take affect. A final, advanced, step to fully secure your network is to close port 135/tcp (and, if possible, 135-139, 445 and 593), and monitor TCP Port 444 and UDP Port 69 (tftp), which are also utilized by this worm. It is vital for the security of your personal network and the MY ISP network as a whole that you take these actions. If we receive complaints about your circuit that we determine are the result of this worm, we will contact you again to assist you with securing your machine. Further complaints may result in the temporary suspension of your broadband service until you have had time to remove the infection from your network. Please know that we consider an interruption in your service only when it is absolutely required to ensure both your security and the overall security of our entire network. We thank you for taking the time to address these Internet security concerns, Your ISPCrew Hope it helps you.
I hear ya knockin butcha can't come in !!! *BlackIce* I couldn't say whether BlackIce is as good or better than anything else but this is what it's been stopping from entering my pc for the last coupla days. Time, Event, Intruder, Count 08/13/03 01:30:26 AM, MSRPC TCP port probe, MAIN, 3 08/13/03 01:23:01 AM, MSRPC TCP port probe, CHRISS, 3 08/13/03 01:19:39 AM, MSRPC TCP port probe, PRAVONGFAMILY, 1 08/13/03 01:18:29 AM, MSRPC TCP port probe, QUALITYDETAIL, 2 08/13/03 01:13:53 AM, MSRPC TCP port probe, ACC015F1.ipt.aol.com, 3 08/12/03 07:10:36 PM, MSRPC TCP port probe, host-216-78-25-138.clt.bellsouth.net, 2 08/12/03 07:10:18 PM, MSRPC TCP port probe, host-216-78-21-20.cae.bellsouth.net, 1 08/12/03 07:09:57 PM, MSRPC TCP port probe, host-216-78-9-183.lft.bellsouth.net, 1 08/12/03 07:08:58 PM, MSRPC TCP port probe, host-216-78-27-30.clt.bellsouth.net, 1 08/12/03 07:02:51 PM, MSRPC TCP port probe, host-216-78-40-151.ath.bellsouth.net, 2 08/12/03 07:02:42 PM, MSRPC TCP port probe, c-67-166-119-202.client.comcast.net, 1 08/12/03 07:02:39 PM, MSRPC TCP port probe, host-216-78-14-129.lft.bellsouth.net, 1 08/12/03 06:57:43 PM, MSRPC TCP port probe, host-216-78-19-70.clt.bellsouth.net, 1 08/12/03 06:57:25 PM, MSRPC TCP port probe, host-216-78-31-199.tys.bellsouth.net, 1 08/12/03 06:53:41 PM, MSRPC TCP port probe, host-216-78-30-170.tys.bellsouth.net, 1 08/12/03 06:50:04 PM, MSRPC TCP port probe, MEIER-MAIL-SRV, 2 08/12/03 06:50:01 PM, MSRPC TCP port probe, TSP2003-S, 2 08/12/03 06:49:32 PM, MSRPC TCP port probe, host-216-78-37-61.ath.bellsouth.net, 1 08/12/03 01:52:26 PM, UDP port probe, 65.54.240.61, 1 08/12/03 04:08:04 AM, MSRPC TCP port probe, host-66-81-223-97.rev.o1.com, 2 08/12/03 04:07:52 AM, MSRPC TCP port probe, host-66-81-131-203.rev.o1.com, 2 08/12/03 04:07:37 AM, MSRPC TCP port probe, host-66-81-189-212.rev.o1.com, 1 08/12/03 04:05:21 AM, MSRPC TCP port probe, YOUR-6JNHHU0520, 1 08/12/03 04:05:20 AM, MSRPC TCP port probe, host-66-81-246-123.rev.o1.com, 1 08/12/03 04:04:50 AM, MSRPC TCP port probe, host-66-81-212-135.rev.o1.com, 1 08/12/03 04:03:37 AM, MSRPC TCP port probe, host-66-81-255-56.rev.o1.com, 2 08/12/03 04:00:12 AM, MSRPC TCP port probe, host-66-81-61-16.rev.o1.com, 1 08/12/03 03:59:25 AM, MSRPC TCP port probe, host-66-81-180-79.rev.o1.com, 1 08/12/03 03:52:46 AM, MSRPC TCP port probe, host-66-81-73-50.rev.o1.com, 1 08/12/03 03:52:38 AM, MSRPC TCP port probe, host-66-81-211-195.rev.o1.com, 2 08/12/03 03:52:16 AM, MSRPC TCP port probe, host-66-81-255-187.rev.o1.com, 1 08/12/03 03:51:41 AM, MSRPC TCP port probe, host-66-81-203-212.rev.o1.com, 1 08/12/03 03:51:13 AM, MSRPC TCP port probe, host-66-81-246-130.rev.o1.com, 3 08/12/03 03:46:45 AM, MSRPC TCP port probe, host-66-81-133-200.rev.o1.com, 1 08/12/03 03:46:39 AM, MSRPC TCP port probe, 12-220-79-231.client.insightBB.com, 2 08/12/03 03:46:27 AM, MSRPC TCP port probe, cdm-66-194-149-hbsp.cox-internet.com, 2 08/12/03 03:46:16 AM, MSRPC TCP port probe, host-66-81-148-139.rev.o1.com, 1 08/12/03 03:41:22 AM, MSRPC TCP port probe, host-66-81-255-152.rev.o1.com, 1 08/12/03 03:38:48 AM, MSRPC TCP port probe, host-66-81-198-215.rev.o1.com, 3 08/12/03 03:38:22 AM, MSRPC TCP port probe, host-66-81-255-11.rev.o1.com, 1 08/12/03 03:38:15 AM, MSRPC TCP port probe, host-66-81-158-186.rev.o1.com, 1 08/12/03 03:37:52 AM, MSRPC TCP port probe, host-69-19-140-136.rev.o1.com, 3 08/12/03 03:37:35 AM, MSRPC TCP port probe, host-66-81-192-131.rev.o1.com, 1 08/12/03 03:34:23 AM, MSRPC TCP port probe, cdm-66-3-207.mnol.cox-internet.com, 1 08/12/03 03:34:08 AM, NetBIOS port probe, ip-64-139-0-68.dsl.sca.megapath.net, 2 08/12/03 03:32:04 AM, MSRPC TCP port probe, host-66-81-207-149.rev.o1.com, 1 08/12/03 03:28:29 AM, MSRPC TCP port probe, host-66-81-184-187.rev.o1.com, 1 08/12/03 03:28:03 AM, MSRPC TCP port probe, host-66-81-197-168.rev.o1.com, 2 08/12/03 03:27:42 AM, MSRPC TCP port probe, host-66-81-218-153.rev.o1.com, 1 08/12/03 03:26:54 AM, MSRPC TCP port probe, 69.19.171.118, 1 08/12/03 03:26:36 AM, MSRPC TCP port probe, host-66-81-190-85.rev.o1.com, 2 08/12/03 03:26:28 AM, MSRPC TCP port probe, host-66-81-187-157.rev.o1.com, 1 08/12/03 03:25:33 AM, HTTP port probe, SABOOR8, 9 08/12/03 03:24:55 AM, MSRPC TCP port probe, host-66-81-23-203.rev.o1.com, 19 08/12/03 03:21:42 AM, MSRPC TCP port probe, cdm-66-252-236-tyrd.cox-internet.com, 2 08/12/03 03:21:29 AM, MSRPC TCP port probe, SCHWARZ, 2 08/12/03 03:21:12 AM, MSRPC TCP port probe, 218.18.78.182, 1 08/12/03 03:19:40 AM, MSRPC TCP port probe, host-66-81-57-109.rev.o1.com, 1 08/12/03 03:18:28 AM, MSRPC TCP port probe, host-66-81-218-6.rev.o1.com, 1 08/12/03 03:15:36 AM, MSRPC TCP port probe, host-66-81-180-164.rev.o1.com, 2 08/12/03 03:15:20 AM, MSRPC TCP port probe, host-66-81-175-213.rev.o1.com, 2 08/12/03 03:13:13 AM, MSRPC TCP port probe, host-66-81-133-141.rev.o1.com, 1 08/12/03 03:11:03 AM, MSRPC TCP port probe, host-66-81-32-86.rev.o1.com, 1 08/12/03 03:10:23 AM, MSRPC TCP port probe, host-66-81-176-244.rev.o1.com, 1 08/12/03 03:09:34 AM, MSRPC TCP port probe, host-66-81-184-161.rev.o1.com, 1 08/12/03 03:08:41 AM, MSRPC TCP port probe, host-66-81-212-189.rev.o1.com, 1 08/12/03 02:40:22 AM, MSRPC TCP port probe, host-66-81-211-76.rev.o1.com, 1 08/12/03 02:38:10 AM, MSRPC TCP port probe, host-66-81-29-23.rev.o1.com, 1 08/12/03 02:37:42 AM, MSRPC TCP port probe, host-66-81-190-238.rev.o1.com, 2 08/12/03 02:36:22 AM, MSRPC TCP port probe, host-66-81-130-73.rev.o1.com, 1 08/12/03 02:14:27 AM, MSRPC TCP port probe, host-66-81-254-154.rev.o1.com, 2 08/12/03 02:14:24 AM, MSRPC TCP port probe, host-66-81-137-251.rev.o1.com, 1 08/12/03 02:14:00 AM, MSRPC TCP port probe, WSD, 1 08/12/03 02:13:57 AM, MSRPC TCP port probe, host-66-81-255-44.rev.o1.com, 1 08/12/03 02:13:53 AM, MSRPC TCP port probe, host-66-81-63-128.rev.o1.com, 1 08/12/03 02:13:34 AM, MSRPC TCP port probe, dup-148-221-112-1.prodigy.net.mx, 2 08/12/03 12:05:57 AM, MSRPC TCP port probe, host-66-81-202-31.rev.o1.com, 1 08/12/03 12:05:33 AM, MSRPC TCP port probe, host-66-81-152-208.rev.o1.com, 2 08/12/03 12:03:34 AM, MSRPC TCP port probe, host-66-81-243-43.rev.o1.com, 1 08/12/03 12:00:21 AM, MSRPC TCP port probe, host-66-81-175-137.rev.o1.com, 1 08/11/03 11:58:47 PM, MSRPC TCP port probe, host-66-81-255-198.rev.o1.com, 1 08/11/03 11:58:25 PM, MSRPC TCP port probe, host-66-81-75-113.rev.o1.com, 1 08/11/03 11:57:55 PM, MSRPC TCP port probe, host-66-81-173-249.rev.o1.com, 1 08/11/03 11:55:56 PM, MSRPC TCP port probe, host-66-81-252-23.rev.o1.com, 3 08/11/03 11:49:27 PM, MSRPC TCP port probe, host-66-81-240-126.rev.o1.com, 1 08/11/03 11:49:24 PM, MSRPC TCP port probe, host-66-81-251-102.rev.o1.com, 1 08/11/03 11:48:26 PM, SubSeven port probe, ZWERCH, 1 08/11/03 11:48:07 PM, MSRPC TCP port probe, host-66-81-27-80.rev.o1.com, 2 08/11/03 11:47:37 PM, MSRPC TCP port probe, host-66-81-242-208.rev.o1.com, 1 08/11/03 11:46:42 PM, MSRPC TCP port probe, host-66-81-158-15.rev.o1.com, 1 08/11/03 11:38:00 PM, MSRPC TCP port probe, host-66-81-196-132.rev.o1.com, 1 08/11/03 11:37:43 PM, MSRPC TCP port probe, host-66-81-68-206.rev.o1.com, 1 08/11/03 11:27:16 PM, MSRPC TCP port probe, host-66-81-51-42.rev.o1.com, 1 08/11/03 11:25:10 PM, MSRPC TCP port probe, SERVER, 1 08/11/03 11:24:58 PM, MSRPC TCP port probe, host-66-81-46-99.rev.o1.com, 1 08/11/03 11:23:29 PM, MSRPC TCP port probe, roc-66-66-65-61.rochester.rr.com, 1 08/11/03 11:21:30 PM, MSRPC TCP port probe, 69.19.170.172, 1 08/11/03 11:21:14 PM, MSRPC TCP port probe, host-66-81-255-94.rev.o1.com, 2 08/11/03 10:52:14 PM, MSRPC TCP port probe, host-66-81-38-67.rev.o1.com, 2
I love BlackIce. I heard that there is version which performs a "ping of death" on intruding IPs. Do you know, or ever hear of such a thing?
I haven't heard of it, but my version is about a yr old. However, this question comes to mind. Why would you ping an intruder and even let him no that you exist, when basically B-Ice has made it look as if you don't exist? What I'm trying to say is, if he doesn't know that you're there, why tell him. (could he not trace your ping and establish that your ip address does indeed exist?) I'm not sure, I'm no techie, I have a pretty simple mind...so I don't know all of the ins and outs of this stuff, but if my firewall told him I wasn't even there, I don't think I'd ping him. I'd leave well enough alone.