Dear Members,

Being slightly remiss in sending Tico Bytes this month, I am jogged brusquely by the appearance of the mblaster worm that is infecting many people's machines (including my own). Therefore, this "special".





TICO BYTE


Aug 13, 2003

1.
What's new in computing
2. Information you can use
3. Just for fun
4. Social we are
5. The Linux world
6.
Classifieds
7.
Official items


1. What's new in computing

>From Roy we get this:

Rapid prototyping is a concept straight out of Star Trek. Feed an RP machine a 3-D blueprint of an object and it will carve a model of that object out of metal, paper, plastic or starch, just like the replicator aboard the USS Enterprise.

Now, these RP devices, also known as 3-D printers, are about to get even better. Engineers are giving the machines the ability to build moving parts, not just block models.

Read the full article at:  http://www.wired.com/news/technology/0,1282,59648,00.html


2. Information you can use

The what's new section will be about the new virus worm that is affecting lots of computers. You may have read about it in La Nacion or Al Dia as their computer were affected. So have nearly 100,000 others around the world.

Here's some information from other sources:


Item 1:

August 12, 2003
Blaster Worm on the Move
By Dennis Fisher

The Blaster worm continued to tear through the Internet Tuesday morning as security experts struggled to find and fix infected systems. The worm is presenting a unique problem for security specialists because it is infecting a large number of PCs owned by home users, many of whom may be unaware that their machines are compromised

Read the whole article here: http://www.eweek.com/article2/0,3959,1217020,00.asp


Item 2:

And from our friends at CBS: (CBS) Once again thousands - perhaps hundreds of thousands - of computers around the world have been infected with a "virus." As usual, the victims are Microsoft customers.

In this case, the culprit is a worm (technically not a virus, but close enough) called "LovSan" or "Mblaster." The "M" that it blasts stands for Microsoft.

The whole article is here:  http://www.cbsnews.com/stories/2003/08/12/scitech/pcanswer/main567948.shtml


Item 3:

My encounter with this problem came from one of our members whose computer was running Windows 2000. He, apparently, downloaded two things at about the same time while trying to do a patch for his system. His situation was complicated by the fact that he acquired the Win32/valla.2054 worm, which went in and corrupted all files with an extension of .exe. That made his computer unbootable. After installing a new hard drive and a new Windows XP, so that we could access all the data on the old drive, he acquired the Mblaster worm as he was connected via a broadband connection. Now we will proceed with the cleanup of the worm.

Here are two versions of how to do it:

Version 1:

HOWTO: Remove MSBLAST / MS03-026 Worm From Your Computer

Posted by Mikey on 8/11/2003 8:11:11 PM
>From the Ugh,-Get-It-Out,-Get-It-Out! Dept.

Courtesy of Ron Martell, MS-MVP
Edited by Mike Kolitz, MS-MVP

Note: This article is a work in progress and is subject to change at any time. The advice given here is provided "as-is" and carries no warranties. Follow at your own risk. BigBlackGlasses.com is not affiliated with Microsoft Corporation.

UPDATE: Download a script to clean your system here. Thanks to Kelly,MS-MVP!.

What's the best way to dis-infect my system?
Well, the best and most sure-fire way to disinfect your computer is to isolate it from any other computers, and rebuild it. Format your hard drives and reinstall the operating system.

But, that's not an option! I've got too much stuff... I can't just get rid of all of it!
I figured that was the case. Here are some steps to help you disinfect your computer. These steps work to the best of our knowledge, but may be mistaken. If you have additional comments, please post a comment below, or contact Mikey here.

Step One â€" Getting the Patch
The first thing you need to do is isolate the system from the Internet

(read the rest of it here: http://www.bigblackglasses.com/Article.aspx?Article=342 )


Version 2:


What's the best way to dis-infect my system?

Well, the best and most sure-fire way to disinfect your computer is to isolate it from any other computers, and rebuild it. Format your hard drives and reinstall the operating system.


But, that's not an option! I've got too much stuff... I can't just get rid of all of it!

I figured that was the case. Here are some steps to help you disinfect your computer. These steps work to the best of our knowledge, but may be mistaken. If you have additional comments, please post a comment below, or contact Mikey here.


Step One - Getting the Patch

The first thing you need to do is isolate the system from the Internet and from other computers!!! If you can, take the darned thing off of any network that it's on. Isolation is always the best thing to do...


Having said that, you'll need to download the patch from Microsoft (from a separate, non-infected computer, if possible). The patch to download differs depending on your version of Windows. Here's a shortcut list to help you get the patch quicker. The patch files are generally about 1.2 MB, so they should be able to fit on a 1.44 MB Floppy Disk with no problems.


Note: If you're confused about whether you should download the 32-bit patch or the 64-bit patch, you need the 32-bit. The 64-bit patch is for ultra-expensive Intel Itanium-based computers, and you would have noticed plunking down about $20,000 or more for your PC if you happened to have purchased one of these.


Windows NT 4.0 Server

Windows NT 4.0 Terminal Server Edition

Windows 2000

Windows XP 32-bit (Home and Professional)

Windows XP 64-bit (Professional 64-bit only)

Windows Server 2003 32-bit

Windows Server 2003 64-bit


Step Two - Applying the Patch

To apply the patch on an infected machine, you should first boot into Safe Mode. To boot into Safe Mode, restart your computer. After the computer POSTs (after it does its memory check or shows you the fancy Dell, Gateway, Intel, or whatever logo), but before the OS starts to load, press the F8 key rapidly. You'll come up to a menu with multiple startup options. Choose Safe Mode, and press Enter. Log in as an Administrator. Windows will load with a smaller set of drivers than normal, and won't start the programs in its startup group. This will allow you to remove the worm.

Once Windows is up and running, run the patch that you just downloaded. If you're prompted to reboot, choose No. We've still got some cleaning up to do.

Step Three - Taking out the trash

Now that your system is patched, we need to remove the worm from your computer.


For Windows NT/2000

Click Start / Run. Type RegEdit. Click OK.

Navigate to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Locate any keys called "windows auto update". Delete them.

Close RegEdit.

For Windows XP/2003

Click Start / Run. Type MSCONFIG. Click OK

Under the Startup Tab, find an entry for "windows auto update". Remove the Checkmark from next to it. Click Apply. Click Close. Click Close without Restart.


For All Windows NT/2000/XP/2003

Click Start / Search. Search All Files and Folders for a file called MSBLAST.EXE.

When the search is done, click Tools / Options. Click the View tab. Remove the checkmark from Hide extensions for known file types. Click Apply / OK. Back in the search list, right-click ONCE on each MSBLAST.EXE file that was found. Click Rename from the list. Change the name of each file from MSBLAST.EXE to MSBLAST.JNK.


Once you've done that, you can go back to Tool / Options / View tab, and put the checkmark back in the Hide extensions box if you want to.


Otherwise, restart your computer. When Windows restarts, make sure you update your Anti-virus definitions and do a full virus scan. For operating systems that support it (2000/XP/2003), you may also want to run the System File Checker. Have your Windows CDs ready, if you do. (Thanks to Jim Eshelman, MS-MVP for the reminder - Mikey)


How could I have prevented my computer from becoming infected?

There are a couple of ways. First, use Windows Update more often. I know that downloading all the patches can be time consuming, especially if you're not on a cable modem or DSL, but they really are necessary - especially those marked Critical (that's why they're called critical...). Secondly, it never hurts to have a firewall. Just one computer, use a firewall. 3 computers? Use a firewall. A whole corporate network? If you don't have a firewall already, fire your IT staff.

What I'm trying to say is: GET A FIREWALL!!!. ZoneAlarm is a pretty good one, or so I've heard. Windows XP's Firewall works great, too, except for outbound traffic. To prevent this particular worm, you'll need to block ports TCP 135, 137-139, and 445, and UDP 135, as well as TCP 593 and 69 outbound. (I think these are pretty much blocked by default on most firewalls...)



Is there anything else about this worm that I should be aware of?

Maybe - it's been suggested that this worm may launch a Denial of Service (DoS) attack against WindowsUpdate on August 16th. It's still up in the air as to whether it actually will or not, but it's something to be aware of.


Item 4:

They say that this worm infects computers connected to broadband. Well, my little test computer that connects through a modem has got it, too. I don't have any big problem reinstalling the OS, but that's not the point. I got it from somewhere through a modem. I will do all the tests as they suggest in the above articles, and will report on anything of any relevance.

I thought it was funny the other day, when I turned off my computer and went to bed, I found it turned on again. I made some changes and turned it off. The next time I went into the room, there it was turned on again. So I unplugged it. That worked. But anytime, I have it connected, it will turn on by itself (one of the features of this worm).

Microsoft recommends that everyone have a firewall. On their site, they give some links to free firewalls. I think that will be my next learning experience.

Oh yeah, this is why people switch to Linux.


3. Just for fun

>From Lee Cary we get this:

A liberal is someone who feels a great debt to his
fellow man, which debt he proposes to pay off with
your money.
       -- G. Gordon Liddy

A government which robs Peter to pay Paul can
always depend on the support of Paul.
      ---George Bernard Shaw

Foreign aid might be defined as a transfer from poor
people in rich countries to rich people in poor countries.
      -- Douglas Casey (1992)


Giving money and power to government is like
giving whiskey and car keys to teenage boys.
      -- P.J. O'Rourke

Government is the great fiction, through which
everybody endeavors to give at the expense of
everybody else.
      -- Frederic Bastiat

Government's view of the economy could be summed
up in a few short phrases: If it moves, tax it. If it keeps
moving, regulate it. And if it stops moving, subsidize it.
      -- Ronald Reagan (1986)

I don't make jokes. I just watch the government and
report the acts.
      -- Will Rogers

If you think health care is expensive now, wait until
you see what it costs when it's free.
      -- P.J. O'Rourke

Just because you do not take an interest in politics
doesn't mean politics won't take an interest in you.
      -- Pericles (430 B.C.)

No man's life, liberty, or property is safe while the
legislature is in session.
      -- Mark Twain (1866)

Suppose you were an idiot. And suppose you were
a member of Congress. But I repeat myself.
      -- Mark Twain

Talk is cheap-except when Congress does it. The
government is like a baby's alimentary canal, with
a happy appetite at one end and no responsibility
at the other.
      -- Ronald Reagan

The inherent vice of capitalism is the unequal sharing
of the blessings. The inherent blessing of socialism
is the equal sharing of misery.
      --Winston Churchill

The only difference between a tax man and a
taxidermist is that the taxidermist leaves the skin.
      -- Mark Twain

We contend that for a nation to try to tax itself into
prosperity is like a man standing in a bucket and
trying to lift himself up by the handle.
      --Winston Churchill

What this country needs are more unemployed
politicians.
      -- Edward Langley


4. Social we are

The next meeting will be this Saturday at 9AM at the Pan American school. It should be fun. (Read the official items below)


5. The Linux world

Item 1:

"Merrill Lynch today introduced a company-wide ban on access to
third-party email services from corporate PCs.

"In a memo to staff, the investment banker said it was prohibiting
workers from picking up or sending email through Hotmail, Yahoo, AOL
and the like because of "regulatory requirements" and as a means to
cut off a possible route by which viruses might enter its network.
Access to external message boards, chat rooms or forums have all
become proscribed activities for Merrill Lynch workers. Using home
email accounts at work have also been outlawed.

http://www.theregister.co.uk/content/7/32253.html



Item 2:

Oracle is now fully LInux:

"The company says it's running its internal business on
Linux-based systems..."

http://www.informationweek.com/story/showArticle.jhtml?articleID=13000344



6. Classifieds

WANTED:
Donation of two computers for people who cannot afford them.
One writer, and one researcher.
Contact Robyn at 228-1578


7. Official items

This Saturday we will meet and discuss spam, viruses and how to make your own website.

Roy Lent sends this:

News Release - PC Club of Costa Rica

The PC Club of Costa Rica is offering a new antispam e-mail system free to its members. This system does not use complex filtering systems as these often can reject important messages by mistake. Developed specifically and exclusively by the PC Club of Costa Rica to be used by its members, it is not presently offered elsewhere.

The PC Club has been active for over 10 years and holds monthly meetings in English. Said meetings present their justly famous computer question and answer sessions, plus lessons and talks on numerous computer subjects. It also publishes an online newsletter, TicoByte. Oh yes, in case you feel intimidated by the idea of participating in a computer club, the PC Club is very beginner friendly, has many older members, has weekly chat meetings and often holds happy social events! It’s web page is at www.pcclub.net and it can be contacted at pcclub@pcclub.net

Also, we will discuss the mblaster worm virus and what you can do to not get infected; or ... how to get rid of it.

And Roy will give classes on making web sites - simple and easy.

That's it for this "special". Come visit with friends and computer-like people this Saturday, 9AM, Pan American School.

--
Chuck Jennings <chuck@dearbetty.com>