 | | 
08-12-2003, 12:47 AM
|
#1 (permalink)
| | Registered User
Join Date: Oct 2001 Location: Near Chi-town
Posts: 734
|  » 
Have I just been hacked?
Sheez, i used to be king of locking down my computer when I had cable modem, but now with dialup I have been lazy, and I think I just got pinched. I thought possibly that downloading and installing yahoo messenger may have been causing the problems because it's made my comp flakey in the past, but i get the feeling that's not it. (uninstalled it to be sure though).
So what's happened has happened twice now... damn, happening again i think. Ok, this his on a win2k SP3 setup. What happens is that svchost.exe keeps getting errors and shuts down. But one time it didn't and doing things such as copying and pasting ceased functioning. IE started acting up, wouldn't let me open pages in a new window, and sometimes clicking at all did nothing. It did once say i didn't have permission. I noticed this process called msblast.exe running and I locked it down because it didn't seem right. There was no microsoft identification to go with it, but in that startup option in control panel (acts like msconfig), it said it was Microsoft Auto Update. But that's not what microsoft calls the feature, it's windows updated. And i do have that the automatic update feature downloaded (yes it was accidental), but i disabled it long time ago in the services editor in my administrative tools. (Noticed that ran through svchost.exe anyway.) So what gives? Did I get nailed?
I used to run blackice, but my license expired. I'm downloading zonealarm right now to see if i can register any hits.
| 
|  | |
08-12-2003, 12:55 AM
|
#2 (permalink)
| | Banned
Join Date: Feb 2003 Location: Houston, TX
Posts: 1,595
|
Hmmm, not sure that I would jump to you getting hacked. Could just be something got borked. Not sure tho.
A quick google on msblast.exe turned up no hits. So, whatever it is, it isnt very common.
| |
| | |
08-12-2003, 01:00 AM
|
#3 (permalink)
| | Registered User
Join Date: Apr 2003 Location: CANADA, Eh!
Posts: 72
|
Yeah, mblast.exe, is apparently this LOVELY worm virus. I had it myself and have helped 4 other people now rid their machines of it.
Here is a post to help you rid yourself of these nasty lil errors and BS ya keep getting. HTH!!!  http://www.techimo.com/forum/t75890.html | |
| | |
08-12-2003, 01:10 AM
|
#5 (permalink)
| | Banned
Join Date: Feb 2003 Location: Houston, TX
Posts: 1,595
|
Hmm, no google hits on msblast.exe, mblast.exe or blast.exe . The symptoms he describes don't agree with the other thread either. If the RPC service dies it will try to restart the computer. svchost.exe is a pretty generic process.
Are you running an anti-virus? Is it up to date? Any unusual processes in task manager?
I'm still leaning towards something corrupt in Windows.
edit: Good find Rob! Odd that Google wouldnt hit on it at all. May be too new. But, it was only a matter of time before someone hit the RPC vulnerability. http://www.techimo.com/forum/t75868.html
Last edited by Siliconjunkie; 08-12-2003 at 02:02 AM.
| |
| | |
08-12-2003, 11:41 AM
|
#6 (permalink)
| | Registered User
Join Date: Oct 2001 Location: Near Chi-town
Posts: 734
|
No, my norton isn't up to date. My friend has the my CD and i have to reinstall it so I don't have to purchase a new 1 year license. She gets back in a week or so. I can only think that yahoo did it. God I hate that program. From now on, anyone who says that they only use yahoo messenger can go talk to a wall for all I care.
| |
| | |
08-12-2003, 11:57 AM
|
#7 (permalink)
| | Registered User
Join Date: Jun 2003 Location: NJ
Posts: 1,096
|
Not to make any freak out more than they need to, but it appears the worm still stops the RPC Service EVEN if you have uptodate antivirus and the patch from MS. But it does not get into the registry keys. So if your pc starts shuting down and you are patched, now you know why.
| |
| | |
08-13-2003, 12:05 AM
|
#8 (permalink)
| | Registered User
Join Date: Apr 2003 Location: CANADA, Eh!
Posts: 72
|
Ok, I am still getting a virus message also, and I did EVERYTHING the post told me to do, updated, and everything. My Virus scanning software didnt detect it in a run but does pop up a message telling me I do have a virus. How do I get rid of this???? This is the message:
You have a virus - Worm/Lovsan
C:\System Volume Information \restore{09CCCFB9-A31A-9497-9677-8D4C7AC8D48D}RP40\A0023302.exe
| |
| | |
08-13-2003, 12:49 AM
|
#9 (permalink)
| | Registered User
Join Date: Oct 2001 Location: Uh, Oregon . . . . y
Posts: 1,441
| Quote: Originally posted by BabyGirl2013
Ok, I am still getting a virus message also, and I did EVERYTHING the post told me to do, updated, and everything. My Virus scanning software didnt detect it in a run but does pop up a message telling me I do have a virus. How do I get rid of this???? This is the message:
You have a virus - Worm/Lovsan
C:\System Volume Information \restore{09CCCFB9-A31A-9497-9677-8D4C7AC8D48D}RP40\A0023302.exe | Okay BabyGirl2013, that means you still have remnants of Blaster in your system. Try running the System Cleaner under "Automatic Removal Instructions", and following the instructions.
Harder
Last edited by sharder8; 08-13-2003 at 12:54 AM.
| |
| | |
08-13-2003, 12:51 AM
|
#10 (permalink)
| | Registered User
Join Date: Oct 2001 Location: Uh, Oregon . . . . y
Posts: 1,441
|
On second thought, that may mean that you have the "worm" in your archives. Are you running "Go Back" or something similar?
You may have to delete this archive in order to entirely remove the "worm", but without further info, I'm not sure how smart that would be.
Harder
| |
| | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | | | Most Active Discussions  | | | | |
Recent Discussions | | | | | |
