Fucking LovSan virus has boned us

[teela brown]

Piss! We done got hosed by this goddam LovSan virus. We're very cautious about opening e-mail at home, but it still got us. This virus shuts your computer down a minute or so after booting up. I hear that Microsoft has a patch, but you can't download it if your computer keeps shutting down!

Crapcrapcrapcrapcrap. It's probably going to involve a trip to the friendly computer repair guys, but we're stretched economically. We don't need this.

Crapcrapcrapcrapcrapcrap!

[World Eater]

Wasn't there a thread about this before, and the guy ran the path between crashes?

Can patches be run from safe mode?

[Sylkyn]

Yes, there's a thread on this and a fix available. Note: Read past where everyone says to re-format. It's not necessary.

http://boards.straightdope.com/sdmb/...hreadid=203867

[photopat]

Bummer. Sorry to hear it.


Still, I just can't help but do the "happy happy Mac user" dance at times like this.

[wolfman]

I took down my Firewall to debug some Oracle server stuff and got hit with the fucking thing. But of course I had to get some strange version of it that is not fixed with any of the virus software or currently published methods. I had to do a manual search through the windows directory and and go through the registry deleting based on the "that doesn't look quite right" algorythm(which I really really hate doing) in between shutdown every two minutes. I think I finally got everything as my computer has now been running for 20 minutes now, but now I get to worry for the next few months to see if I deleted anything wrongly.

[fruitbat]

I got hit by this. I am waiting for my company's tech support people to instruct us on how to purge it from my laptop. I was a virus virgin before this and it is a bitch.

It has some odd effects. I can't follow any link that opens a new window. My ability to connect to other web pages is sporadic at best. Some of my menu screens have gone blank.

Who thinks it is a good idea to create these things? Aaaargghhhh!

[pencilpusher]

Nothing like getting screwed by your first virus huh fruitbat?

[Lute Skywatcher]

Quote:

Originally posted by photopat
Still, I just can't help but do the "happy happy Mac user" dance at times like this.

That anything like the "happy Win98SE user" dance?

[Mehitabel]

My company is based in Europe and has branches all over the place. It's getting whammed. I haven't gotten it yet at home--does it hit WinXP?

[Ferret Herder]

It does affect WinXP, but if you have the proper updates installed you should be fine. (In another thread, someone mentions that some computers were considered by Windows Update to have the patch installed when they actually didn't, and they got infected.)

[Astroboy14]

Quote:

Originally posted by Mehitabel
My company is based in Europe and has branches all over the place. It's getting whammed. I haven't gotten it yet at home--does it hit WinXP?

Yes, it targets WinXP. See here, please.

[Ogre]

Question: yesterday, my PC at work started doing backflips. Wouldn't C&P. Wouldn't follow links. Kept coming up with the error message "SVCHOST.exe has generated problems, and is shutting down." Crap like that.

At first I thought Windows was hosed and I'd need to do a repair install, but now I'm not so sure. Does this behavior sound symptomatic of Blaster?

Incidentally, Symantec has released a free executable removal tool to get rid of Blaster.

[photopat]

Quote:

Originally posted by Jeff Olsen
That anything like the "happy Win98SE user" dance?

Similar, but you only need one foot and it's easier to learn.

[Super Gnat]

Quote:

Originally posted by Ogre
Question: yesterday, my PC at work started doing backflips. Wouldn't C&P. Wouldn't follow links. Kept coming up with the error message "SVCHOST.exe has generated problems, and is shutting down." Crap like that.

At first I thought Windows was hosed and I'd need to do a repair install, but now I'm not so sure. Does this behavior sound symptomatic of Blaster?

Incidentally, Symantec has released a free executable removal tool to get rid of Blaster.

That was exactly what it did to my computer. I grabbed the patch and Stinger, recommended by Evil Captor, which targets a few different viruses and trojans. Ran Stinger, got the patch, then ran Stinger again to make sure I wasn't reinfected, and I seem to be fine.

[Eve]

Goddamit. I got hit by this at home, anf none of the instructions on that GQ thread make the slightest bit of sense to us non-techies (I don't even kmow what the fuck a firewall IS).

Guess I will have to schedule a service call . . . Fuck.

[Mr. Blue Sky]

One of the rare instances when having WinME is a good thing.

[Lsura]

Well, I'd love to download the patch. But I've had problems with accessing secured sites/sites running ActiveX since January. I've changed the security setting, and I still can't access the microsoft update site. I guess this means I really need to head to the on campus help center tomorrow so that maybe I can actually update Windows for a change.


Luckily, the desktop has ME, just the laptop is running XP.

[Tars Tarkas]

anyone know a girl named San with a computer nerd boyfriend or stalker?

[D.E.S.K.Top668]

Quote:

Originally posted by photopat
Similar, but you only need one foot and it's easier to learn.

Yeah, but it's pretty hard to find the music to do the dance. Most stores don't carry it

[Read_Neck]

Here,the music's free.

[spinky]

In case it helps, if you get the shutdown timer on XP, I am told you can go to "Run..." in the start menu and run "shutdown /a" (without the quotes) to abort the shutdown and keep downloading the files you need.

Alternately, you can go to the Services management console and change the "Remote Procedure Call (RPC)" service's properties so that on failures, it is set to "take no action" instead of "reboot the computer". (This should probably be set back once the patch is installed)

[spinky]

also, just to be clear, a pretty fool-proof procedure for getting rid of this thing is:

1) download the microsoft patch and save the .exe on your hard drive. This may require avoiding the shutdown using the methods I mentioned in my last post. The easiest way to directly download the patch is to go to www.microsoft.com and put "823980" in the search box. The first resulting link is "Blaster Worm: Critical Security Patch", which contains the download link.
2) download a removal tool (such as the one linked to in the lower left corner of www.symantec.com) and save it on your hard drive
3) physically disconnect the cable that hooks you to the internet
4) disable system restore (instructions on how to do that are on the symantec download page -- it's easy)
5) run the removal tool
6) reboot
7) run the removal tool again
8) run the microsoft patch
9) reboot and hook up your internet connection again


see? easy.

[Ogre]

Quote:

Originally posted by Super Gnat
That was exactly what it did to my computer. I grabbed the patch and Stinger, recommended by Evil Captor, which targets a few different viruses and trojans. Ran Stinger, got the patch, then ran Stinger again to make sure I wasn't reinfected, and I seem to be fine.

Many thanks, Super Gnat.

[wolfman]

Anybody who is interested can use my method for removing the worm. As I mentioned I had a scewed up copy of it (The freaking worm didn't install itself correctly if you can believe that.)

Prestep one. Download and run every possible fix program and watch them not find anything. 2 hours, at two minutes log in at a time
1. Search directories for related files and delete them. 30 Min

2. Search registry for related files and delete them. 30 min

3. Download microsoft and install microsoft patch 15 minutes.

4. Decide to do a full update on windows XP. 10 seconds.

5. Begin update of XP. 60 minutes.

6. Watch upgrade process blow up(might be my registry playing but I doubt it). 30 minutes

7. Attempt to log into computer to fix it. 45 minutes.

8. Finally get into windows and let it start a scandisk. 1 minute.

9. Watch scan disk attempt to fix broken FAT links. 2 hours.

10. Watch scandisk run out of room to copy and fix stuff in the middle of the system file. 20 minutes.

11. Attempt anyway possible to log into system. in vain . 2 hours.

12 Phyisically remove system hard drive. 1 second.

13. Try every possible jumper setting to get second hard drive recognized as primary, in vain. 1 hour.

14 Realize that system can be installed on secondary hard drive if bios is changed to boot from it, and changing bios. 1 minute.

15 Installing XP on second drive. 90 minutes

16 Reconnecting first hard drive. 2 minutes

17 Booting off second drive to access first drive to manually restructure first hard drive so it's usable. 1 hour

18 Running XP system repair on first hard drive, watching it try to do a complete install again. 90 minutes.

19 Change bios back to first hard drive and reboot. 5 minutes.

20 Wonder why there are no users anymore (no administrator even) in XP system on first hard drive. 15 minutes

21. Change bios to second hard drive reboot, and examine first hard drive, in an attempt to create a administrator profile on first hard drive manually , in vain. 2 hours (as part of step repeat 19-21 several times)

22. Give up and start configuring second drive operating system to be main OS. 1 hour

23 Realize with much humor that the only thing all this work has managed is to fix worm so it is now working correctly as programmed and causing computer restart again ,and start banging head into wall. 5 minutes

24. Run worm remover from Norton with several restarts to get everything checked before restart. 30 minutes.

25 Notice with much happiness that worm is finally gone for good.

26 Download patch from microsoft to fix hole on brand new shiny XP OS on second drive.


By following this simple 26 step process you too can waste a day to remove some dickless rectal wart's worm and end up with a system that has none of the carefully configured and crafted functionality that you spent the last two years creating.

[Eve]

Well, I got it at home, and I can't get anyone to explain to me in fucking English how to get rid of it!!!

Is there a CD I can jam into a techie's mouth to get them to stop spouting computerese gibberish and speak like a normal goddam person?!

[Jonathan Chance]

Whoa, calm down.

There are user friendly tech supp people. But it's doubtful you'll find one on the internet.

Any pals you can go to?

[teela brown]

Well, thanks to the folks over at the thread in General Questions, I think we've got it under control. I downloaded both the patch and the worm-remover, and Mr. Pug tried all the recommended combinations of running them. It seems to be working this morning.

::crossing fingers::

But still, fuck it. What a pain. Good luck, Eve, in getting yours fixed, and in translating techie talk into English.

[E-Sabbath]

I'm here, Eve, and just check in your thread, and I'll walk you through everything. Kay?

[CrankyAsAnOldMan]

My husband's motherboard got fried, and he had a hard time getting through to Dell...their message reported that they were being slammed with calls about the virus.

[Jurhael]

You could also try this LJ post for help:

http://www.livejournal.com/users/elk...er/222545.html

I have Windows 98, so this doesn't really affect me. But, I feel for those that are.

[Beryl_Mooncalf]

A dumb. dumb, dumb question, doesn’t anybody have virus protection, with live or auto update? I’ve seen my computer update twice in the last 24 hours. It is about $30.00 per year.
Here is what Norton recommends for removal (scroll about half way down)

Symantec Security Response

Let expect Saturday to be a very slow day.

[StarvingButStrong]

I think this latest virus is all my fault.

You see, my subscription to Norton AV expired in July -- and I didn't want to spend $30 on renewing it just then. So I just kept hitting 'renew later' each time NAV nagged at me about being expired.

Well, obviously they realized they were going to get their money from me unless they scared me into submission....and a new virus is unleashed.

Sorry everyone!