Wednesday, August 13, 2003

There's a Worm in my Wormhole!

Well, I hadn't planned to spend large chunks of today downloading files, running virus scans, and rebooting Windows repeatedly, but unfortunately some asshole hacker apparently had other ideas. Yes, that's right, my beloved PC, Wormhole[*], came down with a bad case of the W32.Blaster.Worm. This is the first virus I've encountered that wasn't immediately detected and dealt with by the anti-virus software, and I suppose, all things considered, it could have been a lot worse. This thing is deeply, deeply annoying -- its main symptom is that it causes Windows to repeatedly crash and restart itself -- but at least it doesn't seem to trash any of your files or anything. Still, it was a bitch and a half to deal with, I don't mind telling you. First I downloaded and ran the program that's supposed to get rid of the worm, which it claimed to have done successfully. Then I ran an anti-virus scan, which told me, yep, it couldn't find the worm on my system. Great! So I log back on to the net to download the Windows patch that's supposed to keep it from happening again... And suddenly Norton starts yelling at me that I'm infected. I run the worm-removal program again, and it tells me there's no worm. But it's obvious I am still infected, because I'm still getting the tell-tale error message and Windows crash. Deep sigh. Eventually, I ended up having to hunt down the virus program file and delete it my own damn self, but between that and the worm-removal program, I think we did manage to root out all the nastiness from my system. Or at least I bloody well hope so. I stayed online for an hour or so after that and didn't get the error message again, so I'm hoping that's that. (And, yes, I did download the Windows patch. Immediately.)

In case you're wondering whether you might be infected, if you're getting an error message that says "Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly ," congratulations, you are. I found instructions for dealing with the worm at Gateway's support site, and, of course, there's a lot of info on it at Symantec's website. Good luck.

[*] Which I'm now beginning to think may have been a poor choice of names.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.