50 fucking worms! :BangBang:

Me too! Well, it didn't fuck up my harddrive, but so many things stopped working that worked the day before.

-Media Player would open a file, and crash
-Some hyperlinks wouldn't open in some pages (none on GFY)
-My mouse software was buggering up (buttons wouldn't work)
-Windows update wouldn't launch
-fonts were screwed up in Hotmail etc.
-Add/remove programs wouldn't start
-control panel/administrative tools/services - I couldn't right click on anything to change settings, no menu would pop up
-computer would hang on start up
-computer would hang once I got past the password login page
-couldn't start up in safe mode...

And on, and on!

So, I reinstalled Windows 2k, put the machine behind a linksys, and everything works 1005 now!

Ugh! Unfortunately we were among the very first people hit, and when I went looking to find out wtf was wrong with my computer, nobody even acknowledged that there was a problem yet. Everyone now knows what to do because there are sites on it etc, but if you let it go too long, it kills your harddrive. My system wouldn't even see that there was a drive c there. We had to take the hardrive out of the computer, put it into another system as a slave and run recovery software on it. It was a very tedious process :(

Oh I should also mention that it has a keystroke logger, and if you have an ftp program installed it will log into a remote system for further instructions, as well as installing new and wonderful things on your system.

Thats the only thing I cant fix. Everything is gone, rebooted countless times, cleaned and recleaned. I am pretty damn sure there is nothing left.

Everything else is fine except I cant get links to open in explorer.

Right now am using Opera, I think I like it. Im gonne stick with it for awhile.

I gave up trying to fix things last night, and just reinstalled Windows 2k. Everything works good now, although I am not patched. So I will sit behind a linksys instead. (the patches fucked up my computer even more)

That one scares me. I am behing a Linksys now, so I am not worried about intrusions. But I am worried about things going out.
Do you know the name of the keystroke logger?
Nothing is unusual in Active Ports, maybe I caught msblast.exe in time.

Or Mozilla.. Mozilla is nice and fast.

\



I'm behind a Linksys too.. fortunately I was lucky because I didn't have an FTP program installed, but I changed all my bank info just in case. I shouldn't even have gotten infected, but my router power cycled and reset to default and that is what allowed the worm to get in :( It sucked!!

I deleted the registry entry and the msblast file but still got the shutdown error. A few minutes ago I have installed the MS patch. Will see if it works.

LadyMischief..... I running ws_ftp, do u suggest I reinstall? i had the worm but was able to kill it yesterday and download the patch successfully.

do you know the names of the new files being installed?

thanks

I just went through the joy of downloading all of Microsoft's patches after doing a fresh install of XP.

Over 100 MB's for service pack 1, and I'm on dialup. And then there's still another 30 MB or so of patches after that.

It'll be another day before I get all my programs installed again.

Fuck you Microsoft.

I think TFTP is what you have to worry about, not ws_ftp.
I am still trying to figure out how to disable TFTP. That is one of the culprits.....:BangBang:

My computer shuts down every 2min. This worm sucks!

PATCH FOR WINDOWS XP

CLICK HERE FOR MORE INFO

I haven't read all the responses, but I can tell you this...It is self replicating and requires no user interaction. You don't have to open an email. If you don't have the patch it will get you no matter what you do or don't do.

It's proven to me because the only thing I have done in the last 4 days is surf. No e-mail, no nothing. Still was infected.

normal thing, it transfers itself by a corrupted udp packet on port 135 and directly affects the RPC, but hey, even if you have the patch, you're still infected, gotta remove it :thumbsup

I posted how to completely remove it on the first page of the thread