1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Seems like MSBLAST, but....

Discussion in 'Windows XP' started by e_buddha, Apr 27, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. e_buddha

    e_buddha Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    15
    We have 1 workstation(Windows 2000 PRO with all patches) that I see on our Firewall sending outbound traffic on port 135. I have searched the registry for any MSBLAST keys and found none. I have run Symantec's MSBLAST removal tool, and it has found none. We run CA Anti-Virus, and it is up to date, and a full system scan also reveals nothing. I even ran AdAware and "quarantined" everything it found, rebooted, but yet the problem exists.

    My Firewall logs point to it being MSBLAST as the address it tries to connect to is a variant of our internal IP scheme. Any ideas?

    Thanks!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Check for MS03-026 could be W32/Lovsan.worm which uses the same port.
     
  3. e_buddha

    e_buddha Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    15
    Lovesan is just a different name (F-Secure) for MSBLAST (Symantec). Symantecs fix scans for all the variants anyway.
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Do you have the patch MS03-026?
     
  5. e_buddha

    e_buddha Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    15
    PC is fully patched. Ran MS's utility to check for the patch and it verifies that it is there.
     
  6. shaelesand

    shaelesand

    Joined:
    Sep 27, 2002
    Messages:
    104
    We have run into a few incidences of Welchia being on a patched computer.
     
  7. e_buddha

    e_buddha Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    15
    We have checked for Welchia, and that is not it. Welchia/Nimda sends pings out, this is not sending icmp.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224391

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice