Heh, i got on my pc today and everytime i logged on neocron my computer would reboot.

After making it 40 degrees in my house lol. Thinking it was overheating issues. And it still kept instantly rebooting i ran a virus scan and poof WORM_SPYBOT.GEN shows up. So the virus program says its been removed. so i reboot and guess what it shows up again. I am in the process atm of using Trend micros system cleaner lol.

Anyone else had issues with this virus_trojan_worm?

I am having one hell of a time trying to remove it by hand lol



Moral to the story never let anyone other than you use your computer.

SOMEONE PLZ HELP MONKEH

btw: u americans suxxor with ur fahrenheit or something

celcius powar!

lol Celsius powar!1111ononeoneoeonONOZ

had a worm a few weeks back, but it kep wiping my autoexec.bat wich was a pain in the arse.

I killed it heh, NORTON I WUBB WOOOO.

heh....ive still got a worm on my comp, norton wont remove it and it aint doing anything afaik so fuck it!!!......let it stay there and be bored :D

The worm you have is known as MSBLAST.EXE and has been reported on this forum, oh, about 12 times? It requires a patch from Microsoft as it exploits a hole in the security of Windows.

To stop your comp from rebooting every time, you need to go into Administrative Tools -> Services and find the system that causes the reboot, the RPC or Remote Procedure Call. There's two versions of it, you need to change both, by clicking the Recovery tab and changing all the boxes that say 'Restart computer' to 'Do nothing.' Then your comp won't reboot and you can go to the Microsoft website and download the updates you need.

The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xbfa79f2f, 0xb2596950, 0x00000000). A dump was saved in: C:\WINDOWS2\Minidump\Mini083103-11.dmp.


this is the event log

I tried what u said scikar but it did nothing

And i just found out it has infected my whole companies intranet lol

weeeee

with a windows dir of C:\WINDOWS2, are you on a duel boot system?

IronMonkey I had that problem too remember?? Only thing that helped me was format of the partition that had Windows on it :(

omni actually its a triple boot atm because of this

I'm trying to find a way to get rid of the problem without the good old format because well to trust our backups are not infected is not an option and loosing all data since the virus's internet debut / creation in june is not an option either. I would be throwing away a serious amount of working hours doing so. Enough that could possibly put my whole company in the hole big time.

Originally posted by Knar
SOMEONE PLZ HELP MONKEH

btw: u americans suxxor with ur fahrenheit or something

celcius powar!


it's all about the Kelven ;)

Originally posted by Owain
it's all about the Kelven ;)

Kelvin. ;)

scikar btw, its not msblast.exe its actually dc66.exe msblast's older brother lol

man to think one rediculous worm could do so much damage.

Originally posted by IronMonkey
scikar btw, its not msblast.exe its actually dc66.exe msblast's older brother lol

man to think one rediculous worm could do so much damage.

Actually it only seems to reset computers. I read somewhere that it was programmed to spam a certain 20 comps or something. But at least it didn't wipe your hard disk and then send porn to you mum or something. :p

yueah that wouldnt have been as bad as totally shutting down all systems on my business network whenever they try to open any 3d application

Thats atm 32 systems

Considering our work is all 3d

I would have rathered its sent porn to my mum

i have a family of little worms and errors. *pats them on head*

i also have one saved in my outbox becuase it activates when u delete it, anyone want it?

hey can someone do me a favor since all our computers here are infected can u check this in your regedit if your using windows xp

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

and see if you have this value in there
KernelFaultCheck as valuename
%systemroot%\system32\dumprep 0 -k as value data

yea well i aint getting the reboot stuff anymore and when i run a virus scanner it finds nothing, but theres always messege coming up on my screen saying i have the lovsan virus, wtf

can anyone check that registry setting for me please?

hey iron - i just checked and i didn't have it...

looks like it's a list of the autorun stuff

thank u sira always aving my ass lol

iron try going to www.windowsupdate.com and update ur windows and stuff i had msblast.exe and i updated some stuff and it fixed it, norton wont get rid of worms

been there done that hehe

but thank you =-)

this one is a bit different than ms blast which was just a reboot security issue. This one does a bit more. MSBLAST is like the younger brother of worm_spybot.gen which had the feature that msblast was built around which was the reboot your computer issue.

Where as this one does a bit more heh as for scikar saying it only effected 20 people, i wonder how it made it on trend micros #10 top virus's in the world list hehe

i'm currently in safe mode runnign a scan editing all the infected files out. Meh on dual 80 gig drives this takes forever in safe mode lol

I didn't say it only affected 20 people. I meant the worm is programmed to send something to each of those 20 comps, well a version of MSBLAST was anyway. It wasn't e-mail though, it was actual net packets, so the effect was if it infected every machine on a corporate intranet, every single machine on the intranet would try to send packets to these 20 comps. As long as the comps were switched on and connected, the worm would keep sending packets, so if you imagine every machine on a corporate intranet sending out info to 20 computers each, that's a massive chunk of bandwidth gone = big slowdowns everywhere.

ahh ok i totally misunderstood you, i apologise

sorry just a bit frustrated no XSI no maya no 3dsm no neocron = no happy camper

Originally posted by IronMonkey
ahh ok i totally misunderstood you, i apologise

It's no problem. Apology accepted, though one wasn't necessary. :)

I already miss u sweety

if anyone has that worm on his computer, can he please e-mail it to me i want to study it :) i lub new virri

Why on earth would u want ppl to email u virusses

Yea study....but as u can see other ppl are already wasting their time on it D:

i would email it to you if i could actually get access to the friggen folder it is contained in

lol

woot finally got it deleted

only took 18 hours lol

now if i could just figure out what it did to the registry and remove the key's.

reformat your hard drive(better yet buy a new one and burn old one) then reinstall windows and install a good firewall and virus scanner before you hook up to the internet, then update windows

/edit you just think you got rid of it =P

Yeah it WANTS you to think it's gone, so now it can do the real nasty stuff. :p

oh its gone alright lol the damage its done is still there though lol

Holy shit...

I dont believe it, ive had this on my computer for nearly a year now... shortly after I bought it.

It restarts from time to time, usually once or twice daily unexpectedly, but its not a huge problem... but it is very annoying.

I always figured it for over heating, or some kind of weird error, and it wasnt really seriously hampering my computer, it just made startup a little strange and restarting/standby is a little bugged.

Ill look into a fix immediately, thanks man.

Oh and I also get a message saying Windows cant find System32 exe when I start up, and Norton never ever finished a scan past the WINDOWS folder... I suppose my computer is a timebomb of sorts

:D

IronMonkey, could you please send me a few tips? Im relieved to know that this wasnt just my E-MACHINE's fault like all my friends told me :p

Its identical to your problem entirely, so the same method would surely work.

Try going to www.nai.com or www.symantec.com you will find the virus details on the site replete with removal instructions. If you can't then PM me and I'll send them to you, the're a little long. You need to know which variant you have tho as the payloads and infection method are a little different.

DjSKum

Already went to Nortons website and found a fix.

Ill try it out in the morning, wish me luck :D

Originally posted by Andy French
wish me luck :D

Good luck ;-)

Dj

There was someone on before going on how l33t they were not having any patches and never once being infected. -_-

Neighbours machine had 3 worms on it fighting for modem access as well various spyware crap.

Mothers friend (I appear to have become a free IT repairman) gave me thier laptop to fix which had MSBLAST and 8 serious Spyware/Trojans on the machine (3 allowed full access to install/control the machine, one piggybacked Messenger to read the conversations, one hijacked and rewrote the webpages with adverts+increased pop-ups, the rest just reported all webpages and information typed in).

Not to mention when I updated thier outlook and tested it, not reading thier mail the first one that popped up in preview said "Hi, we need to verify your credit card number. Please send all the details in an email to us" (and it looked like they replied to it too o_O).

The mothers machine wasn't too bad (just had spyware crap) but the number of totally clueless people using machines is worrying.

Originally posted by Archeus
There was someone on before going on how l33t they were not having any patches and never once being infected. -_-


They will mate. It's inevitable. Usually when your pissed, reason and caution go out of the window. I've only ever infected myself once in years and I was drunk at the time...



Mothers friend (I appear to have become a free IT repairman)


Easy... fuck there machines up more, they won't ask you back ;-) Had the same problem myself at one point.



the number of totally clueless people using machines is worrying.

Tell me about it! I'm bieng bombarded by sobig.f viri in my mail. Some fucktard that has my addy in there address book (prolly a dip-shit ludite friend) and is too stupid to know they have it, then there's the dilivery failer messages... Grrrrrr does it ever stop? Maybe we should implement a driving licence so unless you have it you cant get online with anything faster than a 9,600bps connection....

DjSkum "in full rant mode"