Blaster worm woes.

by Eric M. Burke

Yesteday was a bad day. I wasted several hours cleaning up after W32.Blaster.Worm. Now I vent...


I always install all of the Windows XP patches available on the Microsoft Windows Update site. A few weeks back, however, my computer started behaving strangely. Every other time I booted, it would show the Windows XP splash screen and then ... zap ... the screen went black and the PC shut down. Whenever I would restart, Windows XP gave me some menu saying the PC did not start correctly and I had the option of rolling back to the last known good configuration.


Not being a Windows expert, I did the following:


  • uninstalled a whole bunch of programs that I no longer use

  • ran Norton Utilities to check for registry problems

  • scanned the hard drive for errors

  • verified that all available patches have been installed

  • make sure the startup folder was empty



Blah, blah, blah...I could not eliminate the problem. So I eventually chose the option that let Windows revert back to the last known good configuration.


After choosing this option, my system came up in this horrible VGA mode and I had to re-install the device driver for my video card. After that, the bootup problem went away.


So my computer has worked perfectly for a few weeks, until I got this Worm/Virus thing.

My Theory


My theory is that when I told Windows to startup using the last known good configuration, it backed out my display drivers along with some or all of the Windows Updates. This is why my system was vulnerable to the virus.


The problem is, I don't know WHICH patches are or are not installed now. When I view the installation history on the Windows Update site, it shows that I have installed every available patch. But that cannot be true, because the Worm only infects systems that do not have the appropriate patch.


Oh well. I'm not really looking for advice at this point. This is just one more little nudge pushing me closer to Macintosh for the next big computer purchase a year or two from now.


8 Comments

gbshuler
2003-08-13 11:13:46
"The Fog of XP" by John Dvorak
You are not alone. A week before the Blaster attacked, acclaimed Wintel PC pundit John Dvorak wrote about the very kind of issue you bring up:


From Dvorak:


"The other night, the fog of XP settled over my house. It rolled in slowly. My Windows XP Home system began returning "page not found" errors on every other access attempt under Internet Explorer 6, then surfing stopped altogether. I checked my cable modem and my router. Both appeared okay. I tried my wireless notebook in the kitchen and could surf just fine. The worst was yet to come.."


For full article:
http://www.pcmag.com/article2/0,4149,1212558,00.asp

gbshuler
2003-08-13 11:17:34
"The Fog of XP" by John Dvorak
Whoops.. Not by John Dvorak. Its by a guy named Lance Ulanoff of PC Magazine. Still a good read.. Sorry..
hondo77
2003-08-13 16:05:10
My Simple Life
I buy a Mac. I buy a Linksys firewall/router. I plug them in. They work. Life is good.
anonymous2
2003-08-13 23:26:20
This must be a largely common phenomanon.
Phostakidd@yahoo.com
Phostakidd1@comcast.net
-----------------------


I could have written these articles myself. I think there may possibly be something at hand here. The coincidence of multiple computers expressing the same exact behavior, happening in, what sounds like, a week period, is suspicious. The "restore to last working config", the having to restart computer seconds after power-up, a major headache. At first I figured I had the virus, though no searchs confirmed it's exsistance on my computer. My computer would continue, as your's has, to say "Page cannot be display" in IE 6, along with net slowdown, which I too reset and played with my modem and router multiple times. The only diffrence I experience is that my resolution had lower when I had gone into safe mode, though, I figured it was mostly likely reduced either within safe mode, or this was my "last working config"...at any rate, my video card was unaffected. I just want to confirm and support your theory and experiences with this. I suppose it could be simple coincidence, but it certainly seems bizarre. I have downloaded the patch during these problems, which may have no affect on my system, but my computer is, seemingly, back to normal.


James

anonymous2
2003-08-13 23:36:59
v------Just wanted to add------v
Phostakidd@yahoo.com
phostakidd1@comcast.net


At one point, while I was just chugging away at my comp activities, not doing anything abnormal, my Windows XP Pro, just flashed. The screen flashed and lit up and windows ceased to be running, and my computer was frozen on a white screen. This actually might have started the whole thing, either on Monday or Tuesday of this week or Thursday - Friday of last. Anyways, I figured I'd get that out there as well.


James

burke_e
2003-08-14 06:03:09
My Simple Life
I should know better, but I'll respond. I was at work, so I could not just plug in my own router and use a Mac. The software my employer uses won't run on Mac. A different OS is not an option in this scenario.
gbshuler
2003-08-14 09:47:24
How Sad Is It That I Don't Trust Microsoft?
Leslie Walker (a tech columnist for the Washington Post) writes:



Sure, Microsoft has been urging people running Windows to give their machines a regular security tuneup, either by activating Windows XP's auto-update feature so Microsoft can do it for them or by downloading every free security "patch" that Microsoft publishes online to fix Window's vulnerabilities.


I confess I had done neither. I didn't trust Microsoft enough to have its computers automatically communicating with mine, so I had never switched on auto-updating.


And as for getting patches myself, Microsoft releases dozens of them a year, almost all without consumer-friendly instructions as to what they do or in what order they should be downloaded and installed.


[...]


How sad that I don't trust the world's largest software company enough to allow it to fix my own computer for me. And how pathetic that the creator of the operating system running more than 90 percent of the world's computers can't figure out how to protect its customers, 18 months after vowing to do so in its "Trustworthy Computing" initiative.


In the full article (registration required) Microsoft anwers some questions about their
efforts to improve security in windows..
http://www.washingtonpost.com/wp-dyn/articles/A54937-2003Aug13.html


philli-boi
2006-03-29 07:10:48
The W32 hmm.... I got sum info on that!
Yeah I wouldn't trust any security updates right now at all. Not from windows or any thing. And if your computer has a e-mail client i would be regularly checking my sent folder for odd e-mails! And the way main way the W32 is getting into computers is through a very official looking but still very dangerous web site. It looks like the newest update. It just pops up when you go to certain sites owned by the company. And some FYI dont trust any comuter companies. they make the viruses so that there programs will have a use and will make them money.