Endpoint Protection

 View Only

  • 1.  Intractable Blaster Worm

    Posted Jun 10, 2014 02:39 PM

    I am running XP Pro with Service Pack 3. I seem to have the Blaster Worm. I ran FixBlast but it didn't find anything. I have Symantec Enpoint Protection and it is up to date. I also ran a virus scan. I believe I have the Blaster worm because there is a sudden write to disk for about 5 minutes every once in a while. When I see what is running in the task manager, it is the system that is taking all of the bandwidth. When I close the system, the classic NT Authority window pops up saying to close everything because the entire system will shut down in 1 minute appears. And it does shut down.



  • 2.  RE: Intractable Blaster Worm

    Posted Jun 10, 2014 02:40 PM

    Blaster was first found back in 2003. I would be shocked if SEP didn't catch this. Do you also have SONAR, IPS, and firewall installed?

    You can try a threat analysis scan as well:

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519



  • 3.  RE: Intractable Blaster Worm

    Posted Jun 11, 2014 12:59 AM

    Did you see any suspicious process in the task manager if your not able to try process explorer you will definitely be able to find it there. Find the location of the process zip it and submit it to symantec

    How to Use the Web Submission Process to Submit Suspicious Files

    http://www.symantec.com/docs/TECH102419

     

    Since it a worm we are dealing with i would recommed a full scan on your network with risk tracer enabled. If you do not have it enabled please follow the document below

     

    What is Risk Tracer? How to enable it

    http://www.symantec.com/docs/TECH102539

    How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection

    http://www.symantec.com/docs/TECH94526

     

     

     



  • 4.  RE: Intractable Blaster Worm

    Posted Jun 11, 2014 06:06 AM

    Hi edw98765,

    "Thumbs up" to the comments above.  Though scientists do occassionally find a "living fossil" of a fish or fern that they knew only from eons past, I doubt this is Blaster. &: )

    When I close the system, the classic NT Authority window pops up saying to close everything because the entire system will shut down in 1 minute appears. And it does shut down.

    I understand that this is an expected behavior for Windows when that is killed - not tied to any sort of infection.

    I recommend running the Threat Analysis Scan and seeing if anything suspicious is found.

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)
    http://www.symantec.com/docs/TECH215519

     

    If not, the write to dsk can potentially be from something legitimate that is installed on the computer.

    Hope this helps!

    Mick