my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Do I have a Virus? (Help Win XP) (Page 1)

This topic comprises 2 pages: 1  2

Author Topic: Do I have a Virus? (Help Win XP) Nate Lehrke Master Film Handler Posts: 396 From: Denver, CO Registered: Oct 2002 posted 11-15-2003 04:25 AM                     My question is simple: Do I have a virus and how do I get rid of it!? I have a: Dell Windows Laptop with XP Had this problem with a pop-up occuring randomly when connected to the Internet. (The ISP doesn't matter, still happens whether I use MSN or Peoples PC) The pop-up (below) starts a countdown from 60 seconds before my system is going to be shut down. So once this pops up, I tryed Control-Alt-Delete, got this screen like normal: Now, at this point it wont let me end the task or anything, it's hell bent on shutting me down. Here's the weirdest part. I knew I had this 'issue' so I re-installed Windows XP after deleting the old OS from the drive, so in theory, starting fresh. But neverless, I connect to the internet and it comes right back! This is a virus, RIGHT? Should I try re-installing XP again? I havent installed ANYTHING besides the OS so I'm not re-installing the virus. Any help would be appreciated. ----------EDIT -------------- I should have waited a couple more minutes to post. Found it, of course, it's just the MSBLASTER from a while back. Thanks to anyone that read this and was preparing a response! FEEL FREE TO DELETE THIS POST  |  IP: Logged Joe Redifer You need a beating today Posts: 12859 From: Denver, Colorado Registered: May 99 posted 11-15-2003 04:50 AM                        Hmmmm.... this just may be the work of the recent "mblast.exe" worm. Maybe a few more people could help me out here. Are you sure that says "mblast.exe" in your photo or did the picture get screwed up since it is digital? I can't be sure. Perhaps you are trying to deceive us? Or maybe you are the devil? Actually you might want to just follow whatever instructions there are to get rid of the virus (I have no clue) and get a free firewall like Sygate Personal Firewall (free) and an Anti-virus program like Antivir Personal Edition(also free). I have them both and I assure you that they both work great. I do not trust Norton Utilities at all. They used to be great, but they do more harm than good now, but I hear Anti Virus is still OK. Not free though. Steer far away.  |  IP: Logged Daryl C. W. O'Shea Film God Posts: 3977 From: Midland Ontario Canada (where Panavision & IMAX lenses come from) Registered: Jun 2002 posted 11-15-2003 04:54 AM                        Yes you have the blaster virus. Download a removal tool from Symantec here: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html  |  IP: Logged Michael Schaffer "Where is the Boardwalk Hotel?" Posts: 4143 From: Boston, MA Registered: Apr 2002 posted 11-15-2003 05:57 AM                        How come the virus is still there after a new installation?  |  IP: Logged Leo Enticknap Film God Posts: 7474 From: Loma Linda, CA Registered: Jul 2000 posted 11-15-2003 06:57 AM                        I guess the reinstall, however you did it, didn't totally 'nuke' what was there on the hard disc to start. Suggestion: back up all data files you want to save first. Then boot the computer direct from a Windows installation CD (use the 'Boot from CD-ROM' option in the BIOS). Delete all the partitions on your hard disc(s), then create a new one and reinstall Windows, using the installation CD setup routine (the one which runs against a blue screen). I can't see any way you won't have totally nuked the virus by doing that.  |  IP: Logged Daryl C. W. O'Shea Film God Posts: 3977 From: Midland Ontario Canada (where Panavision & IMAX lenses come from) Registered: Jun 2002 posted 11-15-2003 01:37 PM                        Nate probably just got the virus again since he probably hasn't patched his newly installed operating system, or installed a firewall. The virus won't survive a complete re-install of the OS.  |  IP: Logged Jason Burroughs Jedi Master Film Handler Posts: 654 From: Allen, TX Registered: Jun 99 posted 11-15-2003 03:04 PM                     The MSBlast virus and its variants spread EXTREEMLY quickly. In a test case on an unprotected internet connection the virus infected a newly installed comptuer in under 15 mintues. Make sure you install ALL the Microsoft Critial updates as they address many security issues that these viruses exploit. However installing just the critial updates will not solve your problem, you also need to get that virus off your comptuer. Symantec makes a handy free tool that removes this virus and its variants. Trend and Macaffee also make free tools to remove these viruses as well.  |  IP: Logged Bobby Henderson "Ask me about Trajan." Posts: 10973 From: Lawton, OK, USA Registered: Apr 2001 posted 11-15-2003 07:30 PM                     Viruses will easily survive if one simply reinstalls WindowsXP over an existing installation. Lots of Windows users do this all the time. They figure they'll "clean up" whatever was wrong with their system without having to go through the hassle of reinstalling all their software. My opinion on such procedures: why bother? The ONLY way to reinstall Windows, IMHO, is to reformat the hard disk and totally nuke whatever data was there and start over truly clean. Any PC built in the last few years can boot directly from the CD-ROM so restoring the OS and software is not anywhere near as difficult as it was 10 years ago. Any high speed Internet connection will be a big liability when it comes to getting hit with viruses. My guess is some spam-bot out there had Nate's computer info (IP addresses, port numbers, etc.) and automatically put the Blaster worm right back in place.  |  IP: Logged Michael Schaffer "Where is the Boardwalk Hotel?" Posts: 4143 From: Boston, MA Registered: Apr 2002 posted 11-16-2003 04:37 AM                        When you erase an installation and format the drive, does that also include the boot sector? Can such a virus survive in that area?  |  IP: Logged Gordon McLeod Film God Posts: 9532 From: Toronto Ontario Canada Registered: Jun 99 posted 11-16-2003 01:10 PM                     It is best to cut down all the trees fdisk the drive from a clean bootable floppy  |  IP: Logged Bobby Henderson "Ask me about Trajan." Posts: 10973 From: Lawton, OK, USA Registered: Apr 2001 posted 11-16-2003 09:58 PM                     Some newer PCs feature FDISK on the boot CD-ROM.  |  IP: Logged Aldo Baez Master Film Handler Posts: 266 From: USA Registered: Mar 2001 posted 11-17-2003 12:04 AM                    The nasty thing about this type of virus is that even if you don't have the physical file on your hard drive, it will STILL shutdown your computer because of the windows RPC exploit. My friend called me up about his computer shutting down, I though uhh how you have tons of antivirus protection on there which I installed. Turns out his comp was totally clean but the virus was propagating the shutdown command at the isp level. It was easy to fix but I thought it was amazing that the virus was able to do something like this.  |  IP: Logged Joshua Lott Expert Film Handler Posts: 246 From: Fairbanks, AK, USA Registered: Nov 1999 posted 11-18-2003 12:08 AM                        A friend of mine is having a problem with what he says is the Msblaster. I need help on how to fix it. The computer will start up and go to the windows screen then reboot. It will do that in safe mode as well. He does not have any boot disc's or window's disc's... any suggestions? He is running XP home edition, HP Pavilion Xt948.  |  IP: Logged Daryl C. W. O'Shea Film God Posts: 3977 From: Midland Ontario Canada (where Panavision & IMAX lenses come from) Registered: Jun 2002 posted 11-18-2003 04:38 AM                        The page that I linked to above that tells you how to remove it would probably tell you how to remove it, but that's just a guess.  |  IP: Logged Don Bruechert Mmmmmmmmm, bird! Posts: 340 From: Manitowoc, WI, USA Registered: Jan 2003 posted 11-18-2003 10:35 AM                        A virus is always a possibility, but there is another possibility that has not been brought up here, so I will take the opportunity. There is a function in all versions of windows called windows messenger. This has ABSOLUTELY nothing to do with instant messaging in any way shape or form (this is not about whether you are running windows instant messenger, or any other IM program), it has to do with windows being able to receive broadcast network messages from the system administrator on your network. It is there whether you have a network or not. For folks that have Windows 95 or 98, you're screwed. For XP, 2000, NT and the rest of the bunch you can shut it off (unless you are in a corporate environment, then check with your local God before doing so). This is one of the flaws in windows that Blaster exploits to do its business. Have a look at the Microsoft Technet bulletin on how to disable windows messaging and see if it helps you with your problem. As the others stated, you may have the virus too. It never hurts to always make sure your antivirus program is up to date. Here is the site: Disabling Windows Messaging ----------- Edit to Add.... I subscribe to this newsletter, which I find to be very informative: WinXPnews  |  IP: Logged

All times are Central (GMT -6:00)

This topic comprises 2 pages: 1  2

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.