according to techtv here is the way to stop your computer from shutiing down if it gets infected with the blaster/lovesan worm:

Stop the countdown

TSS associate producer David Prager found a way to stop the countdown Blaster launches.


Go to the command line interface by clicking on the Start button and selecting Run. Type "command" (without quotes) and click OK.

At the command prompt, type "shutdown -a" (without quotes). This effectively orders the computer to abort shutdown.

Run your antivirus tools and download patches to remove the worm


full story can be read here:techtv link (http://www.techtv.com/screensavers/windowstips/story/0,24330,3498721,00.html)

LOL

This is like telling people not to bother wearing seatbelts in their car, but giving them helpfull tips on how to treat the injuries you may receive in a car crash afterwards.

The thing is not to get the worm in the first place. You should be blocking ports like 135, 137, 539, 445 etc on your firewall. Also, Microsoft had a patch for the vulnerability available a couple of weeks before the worm existed.

People need to be proactive about computer security, then there would be no panic over worms like this.

Originally posted by DaveW

People need to be proactive about computer security, then there would be no panic over worms like this.

word.

Originally posted by 2fast4u
word.

More like, "worm". :p

heheh yeah u always jus hit ctrl+alt+del and jus close msblast.exe file.

after work rightaway to delete the file and one should be fine.

I think some people are hesitant to apply patches right away without more info (sorry, Microsoft's desired "security through obscurity" doesn't necessarily work), as people don't always trust the patches. It is not unheard of to get a patch that fixes one or 2 things, and have it break several other things in the process. Microsoft also had to pull a patch in recent months because those who applied it got rather severe probs to their comps. I seem to remember a few IE patches that were also not effective to the actual problem, and so had to be re-released also. That said, this was a nastier vulnerability then most.

Then throw in a corporate environment, where one patch can mean 5 other things need to be done, more then a few computers, and everything must be tested and rolled out before it's to be found on production machines... Again back to the (anyone here remember Windows NT 4.0 Service Pack 2)? Lets just say that Windows NT 4.0 Service Pack 3 had several fixes along the lines of

- Service Pack 2 can cause RAS to randomly hang up one's modem

- Service Pack 2 can cause a machine to lockup and hang if a program with NT priority level 15 or higher is run

- Service Pack 2 was able to cause a STOP 0x0000000A BSOD with the use of antivirus software

The first 2 of those I got hit with back in NT 4 days, and the first one ironically when I was trying to download SP3. I also got my first STOP 0x0000000A crash in NT 4 SP2 days, though I don't think it was AV software that time, so can't say.

In any case applying something with little information (M$'s push for security through obscurity) really becomes a matter of trust...and how many people really trust Microsoft?

This patch I had incidently applied prior to this week, though the Windows Media Player patch I have not. Main reason to question is they have a possibility to slip more DRM in there, and when I applied the pre-SP1 WMP patch, it did break my DVD decoder card's DVD playback software, along with a change in the liscence agreement to say essentially "we reserve the right to break software on your computer for purposes of DRM, blah, blah, blah" It's also the same reason I decided against downloading WMP 9 and have not upgraded it.

3 things a person needs to make sure they dont get the worm are:
1) the hot fix patch #KB823980..from windows update site.
2) A good Anti virus program..like norton with all the updates for virus definition's.
3) A good Firewall...like a linksys router or zone alarm software firewall protection.

You know what's funny?

I've made $30 in the past 24 hours fixing Blaster-infected machines. Got my CDRW with SP1, the KB fix, and Symantec's FixBlast (not like I need it--delete it from system32 and remove it in msconfig along with stopping the process, and life is peachy). Very easy money :D

Your secret is safe with us, Baron. haha:D