Source: MSN.com (http://.msn.com.com)

Lovsan is an Internet worm that exploits a known vulnerability in Windows 2000, NT, and XP. The worm takes advantage of the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface, which was patched in MS03-026 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp), on July 17, 2003. Because many people have yet to patch their systems, the worm is very active. Lovsan spreads quickly via the Internet and could damage infected system files, therefore, this worm rates a 7 on the ZDNet Virus Meter.

How it works
Lovsan does not spread via e-mail. Instead, it scans the Internet on port 135 looking for vulnerable computers. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer. At this time, antivirus vendors are still analyzing what msblast.exe does.

Read The Full Story Here (http://msn.com.com/4520-6600_16-5062407.html?part=msn&subj=ns&tag=msn_home)

A lot of people have been hit with this today so make sure to get the patch if you have not already. I think like 7,000 computers where effected in the first few hours. They are saying this will be bigger then codered was.

Yeah, the guys on "The Screen Savers" (www.techtv.com/thescreensavers) said it was a real nasty one. I have my M$ Updates set to notify me as soon as one becomes available, and I then check them out to see what they are, and if I need them I download them right then and there. Thanks for the reminder JiM. ;)

I love The ScreenSavers, and Call for Help

Yep. Especially Kat, Sarah, and :loveyou: JESSIE! :loveyou:

****sigh*** I woke up today to find my comp infected with the lovsan worm.Thank god my avg was up to date because it recognized it and removed it right away.Guess maybe I need to stay more on top of my windows updates.

setup could not verify the integrity of the file update.inf. make sure the cryptographic service is running on this computer

ook?

thanks to the dialup boy, im set :)

i had the same problem how do you fix it ?>

I patched asap; scanned with avg (updated defs).

I'm clean.

Originally posted by william155229
i had the same problem how do you fix it ?>

info : http://www.pctechtalk.com/forums/showthread.php?s=&threadid=13393

Actual link on how to fix: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

this is a nasty one...I spent the whole evening yesterday trying to delete it,but to day i have to reinstall Sygate as it doesn't start anymore,IE doesn't work as well.funny thing this is the only patch i hadn't appplied.

guess i should make a habit of checking for microsoft updates daily:rolleyes:

RPC splotin' hit me, although I never got the actual worm. The RPC sploit kicked the crap outta winsocks for me and i couldn't connect until I use MSCONFIG to stop a few services, if this happens to anyone else and the Sygate fix doesn't work... the following worked for me, might help.

Disabled services in MSCONFIG:

a) Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
b) Visual Studio Analyzer RPC Bridge
c) Telephony
d) IPSEC Services

In fact, I got this...

Fixtool for W32.Blaster.Worm has encountered a problem and needs to close. We are sorry for the inconvenience.

Heh... ah well.

Originally posted by william155229
i had the same problem how do you fix it ?>

as me?

well then- i went start run services.msc

then i enabled the cryptography service !

worked like a charm

anybody knows where to get info on how to configure sygate firewall pro?I want to make sure that it is properly configured .


I've done port scan tests and my configuration seems right(all my ports are stealthed).But i got this worm anyways.so i want to recheck it

cryptography service Is runnin g but it says it isnt what do i do ?

My friend was hit hard by this! His computer sometimes won't even stay running for 1 minute. And other times he can get a max of about 12 minutes. I delete the msblase.exe manually, and stopped it from starting up. However, he still has the problem. The patch also won't install. It's really bad...

I on the other hand got the patch at the beginning of this month. So no worries on my side...hehe :thumbsup:

My mother in law just called us tonight to say that their PC (Dell, 1.6 Intel Pentium, 128 MB sd ram, XP home) reboots everytime she tries to connect to the internet. MSN Dialup is their ISP. Could it be this worm that is causing her problem?

:lamer: sounds like a possibillty. betanews has a link for the patch. see what happens......

Never mind, I just found out that is exactly what is wrong. Looks like I got to make a trip to the inlaws for a little PC repair. Fortunately, we are both running Grisoft's AVG6 Free Edition, so all I need to do is to copy my updates from my C:/Program Files/Grisoft/AVG6/Update folder, and then paste them into hers, and run AVG to get rid of it.;)

sorry- that's www.betas.intercom.net.

does having zone alarm help?

The anti virus I use Bit Defender Free version avg Free version
And Stop Sign.

I Also Have The Cleaner To watch registery.

is that enough?

If you installed the patch from Miscrosoft back in July, and if you keep your avg updated, then that should be enough. If you find out you are infected with it, (and you would know, because of the way it keeps rebooting your pc) then you need to update your avg. You can download the particular update file from www.grisoft.com from another pc, then copy it, and paste it into your update folder in your Grisoft/avg6 folder, it will recognize the virus files, and delete, clean or quarrantine them. The update file from grisoft, is 3.56MB in size and the file name for it (for the AVG6 Free version update file that recognizes the Lovsan worm) is d60313h3.bin. ;)