ahh.... thanx guys - don't feel so lonely now!

will windows users never learn?

buy a macintosh

no system freezes, no crashes, no viruses

will windows users never learn?

switch to a proper O/S

no system freezes, no crashes, no viruses

[Registered Linux User #302442]

Geez! Haven't you guys ever heard of the fun of living dangerously?

It did not take long:

There is a new variant of the Worm that is destructive.

The new variant also copies the file TFTPD.EXE to the %System%\Wins folder as SVCHOST.EXE and then creates a service for it with the display name "Network Connections Sharing".

TFTPD.EXE or SVCHOST.EXE is a TFTP (Trivial File Transfer Protocol) server that is used by this worm to set the affected system as a download site for its copy. This worm is then able to propagate by instructing remote systems into downloading it using TFTP.


Looks like this one will be around for a long while,

Richard

That might explain alot...
SVCHOST.EXE



I enclose an image of my task manager..seems to be more than one SVCHOST.EXE running,one of them pretty phat too?.I got rid of the blaster,using Sophos with all the upto date definitions...yet my computer continually crashes out,cannot use flight sim,paint shop pro, etc as they will not load up or crash when loading...EXCEPT..on my mums login..and thats pretty unstable too!

Is this a knackered hard drive or likley to be the worm?

Thanks,
ETOPS773

ETOPS773,

I cannot access the page you linked so I cannot see your Task Manager. It is normal t have two svchost.exe's. You will see one for Local Service and the second for Network Service.

If you can link your picture again, I will give it another shot at opening it.

Which Operating System are you running and do you know the specs on your hardware? (It would help if you could list it.)

Take Care,

Richard

hmm..try

http://uk.f1.pg.briefcase.yahoo.com/...?.dir=/Friends

then goto the only pic there..should work

K,using windows XP home (all updated etc) ,2.4 ghz P4,60GB HDD,512MB RAM, 512KPS ADSL connection.

What alarmed me is that I had 4 SVCHOST.EXEs running..2 listed as system,1 under network service,and 1 under local service.With only me logged on...

Cheers.

ETOPS773,

Here are a couple of things you can check for:

Known variants create the following entries under the described registry key:

”windows auto update" = MSBLAST.EXE (variant A)

”windows auto update" = PENIS32.EXE (variant B)

”Microsoft Inet xp.." = TEEKIDS.EXE (variant C)

In C:\Windows\System32, known variants use the the following file names for their copy:

MSBLAST.EXE (variant A)
PENIS32.EXE (variant B)
TEEKIDS.EXE (variant C)

Take Care,

Richard

Hi Naples, I was infected with the new variant (nachi), within about 60 secs of logging on the internet with a new computer (it has somewhat soured the experience ) anyway...

I've spent all day putting things right, downloaded patch, symantec fix etc. and all now seems to be in order. However the task manager still shows four SVCHOST running.

Local service 3,316k
Network service 1,928k

both of which I assume are ok, it also has

System 17,872k
System 3,004k

What I'd like to know is should I delete these via windows\system32\wins file, or are they best left alone?

Any help much appreciated.

Super Stall,

If you removed the virus with the patches while running your affected Operating System, you are fine. (If you had pulled the hard drive out of the computer and used it as a slave on another computer, it would not have removed the virus properly.)

I am currently running 4 instances svchost.exe, two system, one local service, and one network service. The size of the memory usage will change. That is normal.

If you see any other problems with your computer, please report back. Otherwise, just monitor it.

Take Care,

Richard

Crikey, that was quick, question to answer in 22 mins !!

Thanks for your help.

ss.

The BBC reports that the FBI has identified one of the people who developed a variant of MSBlast.

You can't dig yourself a much bigger hole than he has for himself. me thinks.

This may be a little late for most but if you go here and download the Stinger it will check your machines for various viruses and trojans including the ones mentioned in this thread. I am still getting machines with blaster/lovsan and this tool has cleaned it off the systems.

However YMMV.

amanoffewwords: Just read that BBC article, complete with mugshot of person involved.
Hey look! It's a big fat b'stard!!! Who'd have thought!!!
I bet he has no real friends, too...

LOL dop!

Anyway, I was thinking it's about time they brought back medieval stoning practices for these guys, one stone for each person that was affected by the virus. Then we can bury the crums. That should put them off.

amofw