Blaster Worms Question.

[Dave_07]

Hey All,

1) I Was just wondering the net, and then this samll warning box called "Microsoft" pops up saying something like "Warning, your computer may be infected. Click ok to start scan registry, to determine if you are infected." I didn't click ok. I just clicked the "X" button in the top right hand corner to clear it.

2) If a blaster worm virus gets into your pc, does it show up in the startup list ? This one > (Start/Run/Msconfig/Startup tab.)
Because there are a number of strange names in my startup list.
Some of the names:
Intf32S (C:\Windows\System\Intf32S.exe)
(Above name only appeared after that "Mircosoft" warning box appeared.)
ScanRegistry (C:\Windows\scanregw.exe /autorun)
BlstApp (C:\Windows\System\Blstapp.exe)
Essdc (essdc.exe)

Cheers, Dave.

[joshwa]

you need to
a) have antivirus software (up to date) to make sure you're not infected
b) update windows (windowsupdate.microsoft.com) to make sure windows can't be infected by blaster / welchia
c) have a firewall so that you are protected from being attacked by this kind of virus.

i think that if you had up to date anti-virus software, a full scan would tell you whether you're infected or not. (www.grisoft.com do free stuff if you don't have any).

[Anders]

I could not find any references to Intf32S.exe, nor find the file in any of my Windows XP, 2000 or 98 SE installations. Just want to check, is the name correct?
The scanregw.exe entry is required by windows. It scans the registry and backs it up.
blstapp.exe puts access to Creative's BlasterControl in the System Tray.
essdc.exe is to do with an ESS Solo soundcard, apparently.

It could just be something as simple as a crappy pop-up message. I have a feeling that this message popping up is not a symptom of the Blaster Worm. Some specific info from symantec and microsoft. Have you turned off the messenger service? Control Panel -> Administrative Tools -> Services -> Messenger, Disabled it.

You should do as Josh said regardless because it is good practice. Also get Spybot Search and Destroy and LavaSoft AdAware.

[Dave_07]

I checked the System Startup tray again to be sure, and I have just noticed that not all the startup item names start with a capital letter, which I thought they did.
So the capital "I" at the start of "Intf32S.exe" could very well be a lower case "L".
This is how it appears in the list > lntf32S.exe
I have also tracked down "lntf32S.exe" and where it is on my comp.
This is all the info i could get on the item:

lntf32S.exe Properties:
Type: Application
Location: C:\Windows\System
Size: 64.0KB
MS-DOS Name : lNTF32S.EXE (< The first letter may be a "L" or an "I" i can't tell)
Created: 23 January 2004
Modified: 16 December 2003
Accessed: 26 January 2004
Attributes: Read-Only: NO, Archive: YES, Hidden: NO

Also I should add, this is all on an older computer (that dosen't like av/fw progs) Not the system in the sig.
This older comp is running Win98 (none SE) and dose have a Creative Blaster 3D graphics card and onboard ESS sound device. So that explains the blstapp.exe and essdc.exe itmes on the list, the scanregw.exe is also ok.

Also whilst I was gathering the above info on the lntf32S.exe item.
I clicked on the application icon by accident, and it started the prog.
However nothing happed (yet) so i don't know if that means anything.
I have searched for the lntf32S.exe file again since I clicked on it,
but it now seems to have gone from comp.

Oh, aswell, I think you may be right Anders about the "Microsoft" box just being a small popup. Like when you get those "Tune your computer up" or "Your system clock is wrong, download such and such a thing to set it wright" popup adds.

Cheers for you help and replys Anders & Josh, Thankx.

Dave.

[Lord Kordir]

I'd download this if I were you