2003-11-10 – MSBlaster problems

(Posted 4-12-03 due to date cock-up) Realised last night that the intermittent problems we were having with the network was actually due to Blaster being on this machine! (the XP laptop) Whenever it was plugged in, the internet connection died for the other machine. Much fiddling later with the network switch and the ADSL router, and I suddenly realised that the lights were flashing away like mad on the WRONG network connection! So I pulled it, and suddenly the other machine worked. I knew this wasn’t down to the problem we thought we had had before, where the two machines seemed to be getting the same IP address, as I had sorted it, so it at least worked a bit.

Now, I took a look at the traffic logging on the router. I enabled it, waited ten seconds, and looked. Oh dammit, the laptop is scanning random IP addresses, at a hell of a rate. The joys of broadband! So I pulled the connection again, and it worked fine again. I searched the drive again, like I had been doing around the time Blaster came out, and, again, found nothing. Yet the task list had a process I didn’t recognise, called teekids, so I killed it, and refreshed the log. Sure enough, that was the rogue. Google confirmed it was blaster, and Symantec told me to search for Penis32, MSBlaster and teekids. But I already had, and they weren’t in the Windows search!

One download of the removal tool later, and I checked the logs again. There is a new one, called dllchecker, all upcase, and the logs are going wild. So I kill that, and unplug the LAN again. Run the tool overnight, and it gets two copies of it. Then I install the update patch from M$, and then I post here…

So, if you got a probe from Blaster yesterday evening from my IP, sorry about that! It shouldn’t happen again!

No comments yet.

Leave a Reply