yeah, a box popped up saying something like '45 seconds until your computer shuts down'. only happened like twice, and that was it, didn't keep doing it enough to mess anything up, but still damn annoying.



yeah, trouble is it was someone i know from college sending a picture to me along with about 10 others, so you tend to get lazy and just open it.

thankfully nortons update sorted it out straight away.

Blaster's a worm, not an email virus. It propogates itself by doing port scans and exploiting a buffer overflow vulnerability in DCOM RPC. Nothing to do with email. Unless there's a new variety, but it would have to be a complete re-write of the code.

then thats a bit worrying. the firewall really should have kept it out. any ideas why it didn't?

I haven't followed the whole topic, what firewall are you using?
I'm using Sygate Personal Firewall, it's free and I'm very content with it, except for the fact that sometimes it stops working and I have to reinstall it, but that is said to hapen only at a limited amount of users.

Cos it's a sophisticated worm. I repeat, firewalls are the biggest load of crap ever.

lol, i'll take your word for it.

arathorn: zonealarm pro.

Id suggest also scanning your computer for w32Sobig.F@mm virus, we had a major trouble with that here in estonia, hell it even made it into the local newspaper

If you get any email containing .pif files or .scr then delete it immediatly. theres a 85% chance its the virus. Also the key text inside the email is: Please see the file attached or See the file attached.

If your firewall is worth a crap, it should block it. If not, well....that's your problem. You need to be blocking TCP ports 135 and 4444. And supposedly also UDP port 69.

TCP port 135 is one of the file and printer sharing ports... 4444 is RPC DOM (which is the biggest problem) and UDP port 69 if TFTP, which is how the virus transfers itself to a new computer. The reason to kill TCP 135 is because it also attacks open shares, I believe. But if you don't have a network, you shouldn't have any shares anyway... and if you do, you'd be a moron not to kill access to those ports with a router or something.

yeah, that was one of the things i've done since, blocked those ports, hopefully it won't happen again.

don't feel bad, my girlfriend brought home a friend's laptop that was spontaneously rebooting itself. I had no clue what was going on until I checked mconfig... msblast.exe. heheh. I thought that was pretty funny. So I manually cleaned it, removed a bunch of startup crap (starts in like 30 seconds now instead of 5 minutes) and even patched it for her. Patched my own machine too, just for the hell of it.

nice, i'm gunna have to go in to that config and see what i can get rid off, but i'll do it using ur help me thinks, check the site and all. This comuter takes .. well last time I timed it, 2 mins 40 to start up, So gotta fix that.

Satis, the ports you mentioned, wich ones are local and wich ones are remote?

eh? Those are the incoming ports you need to close. Actually, you can close those ports inbound and outbound, I doubt you're using any of the services.

Yea, Mole, check my walkthroughs. I forget which O/S you're running. oh, btw, it's mSconfig, not mconfig... typo on my part.

Sygate Personal Firewall makes a difference between local and remote ports, dunno what that is, but I've blocked everything remote and local.

ok, it's talking about inbound and outbound. Local would be inbound, I'm sure, while remote it outbound. Kind of a wierd way to write it, but whatever. That's fine. Inbound is actually all you need to worry about, but having both doesn't matter either.