SecurityFocus

RE: What the heck is this msblast.exe Aug 12 2003 06:19PM
Rich Logan (ral stokeslaw com) (1 replies)

Re: What the heck is this msblast.exe Aug 12 2003 09:42PM
Charley Hamilton (chamilto uci edu) (1 replies)

Re: What the heck is this msblast.exe Aug 14 2003 01:07AM
Shalla (shalla667 comcast net)

One thing that I've done when shutdown -a fails to stop the shutdown (3
machines with that problem) ... boot to Safe Mode with Command Prompt and
manually delete msblast.exe.

----- Original Message -----
From: "Charley Hamilton" <chamilto (at) uci (dot) edu [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, August 12, 2003 5:42 PM
Subject: Re: What the heck is this msblast.exe

> Rich -
>
> Killing the process from the task manager does not seem to give
> extra time, as I have fixed machines this AM on which I:
>
> (1) Killed msblast.exe
> (2) These were winXP boxes, so we turned off system restore.
> (3) Started the symantec fixblast executable
> (4) Hurriedly started a command prompt to issue "shutdown -a"
> to abort the shutdown.
> (5) Installed the appropriate patches from MS after the symantec
> cleaner was complete.
>
> On the first machine I didn't get the commmand prompt open
> in time, and it shut down. After that, my _zeroth_ step was
> opening a command prompt, then I executed on steps 1-3 and 5.
>
>
> Disclaimer: I'm not the sysadmin on the machines I was fixing,
> just part of the recovery team. Mine are patched and firewalled.
> (Of course, they also have a much smaller user base, so the
> firewall can be more restrictive and I adminster the only machines
> with trans-firewall access.) I think the sysadmin for this cluster
> got tired of my grumbling that proper patching prevents piss-poor
> performance, so hopefully he'll mend his ways.
>
> Good luck with avoiding the recovery teams!
>
> Charley
>
> --
> Charles Hamilton, PhD EIT Faculty Fellow
> Department of Civil and Phone: 949.824.3752
> Environmental Engineering FAX: 949.824.2117
> University of California, Irvine Email: chamilto (at) uci (dot) edu [email concealed]
>
>
>
> ------------------------------------------------------------------------
--
-
> Your network firewall and IDS products do not prevent Web application
> attacks - the most common form of online exploitation- resulting in Web
> defacement, data theft, sabotage and fraud.
> KaVaDo is the only company that provides a complete suite of Web
> application security products.
> Download a FREE whitepaper on "Security Policy Automation for Web
> Applications":http://www.securityfocus.com/Kavado-focus-ms
> ------------------------------------------------------------------------
--
-
>

------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---

[ reply ]