I was watching the news the other night … amused a bit by technically-impaired broadcasters who were suggesting that to fix your infected machine, you had to find a friend with the patch, or hire some geek gurus to come fix it for you … because you can’t get online nor keep your machine from rebooting.
I think Mike Wendland summed up the paradoxical problem with this virus best when he wrote: “The thing with MSBlaster that drives users nuts is the computer keeps restarting. How can you fix it if it keeps shutting down?” As always, Mike has some other good technical advice on how to solve the problem manually.
To me, the solution is simple. Make sure you have a copy of Knoppix handy. Of course, if you can’t get to the Internet, this advice won’t help … but for those of you who read and then heeded my July 18th advice entitled “Knoppix – Delightfully Distracting” … by downloading and then burninating a CD … you’re all set.
In other words, when I tell you about a Linux solution that can boot from the CD, it means you should keep a copy nearby so when your Windows machine crashes or locks you out, you have a means of circumventing the problem and affecting a solution. Or in plain English, you should keep a copy of Knoppix duct-taped to the side of your PC as an emergency boot disk.
This is because Knoppix contains all sorts of applications, including several useful Internet applications for dialing-up an ISP, connecting via PPPoE, connecting via your router, sniffing your network, and a few other gems. In other words, you have on this CD the tools you need to:
- boot-up your machine from the Knoppix CD
- right click on icon for Floppy Disk
- select properties
- select permissions tab
- enable write permission for group
- connect to the Internet
- download the Symantec fix (preferably to a floppy … e.g. “/mnt/floppy/FixBlast.exe”)
- download the Microsoft Patch – to a non-NTFS disk (floppy, zip, FAT partition)
- reboot machine in Windows safe mode
- run Symantec fix (please read all documentation FIRST)
- reboot machine
- install Windows patch
- reboot machine
- pray it doesn’t happen again …
Of course, again, this advice is useless if you don’t have a Knoppix CD handy. Nor is it going to help if you haven’t practiced and documented this contingency at least once before you needed to. In other words, regardless of whether you boot from Knoppix and use Mozilla, or boot from safe mode and use WGet … you need written documentation on how to connect to your ISP, and need to know how to use it via your alternative methods so you’re not fumbling around during an actual emergency.
Sorta like having and then PRACTICING how you’re going to get out of your house during a fire.
UPDATE – btw, here is a most excellent article I found after writing this post entitled “Computer First Aid Using Knoppix,’ … or what I like to call, “everything you wanted to know about fixing your Windows System using Knoppix, but were afraid to try …” It includes among other good things, tutorials on how-to dial-up and connect to the Internet and how-to get around your Windows file systems. I would suggest printing it out somehow affixing the 11 pages along side your Knoppix CD you should already have duct-taped to the side of your CD. I might also write on the back of the printout any ISP information (other than passwords) you need to get connected.
UPDATE 2 – I’m flattered to see my site linked-up at NewsForge! I’m also glad to see that someone brought up the subject of NTFS, both there and here. Here is the bottom line. The systems affected by the MSBlaster worm are generally NTFS. While I did find documentation on how to mount an NTFS partition for a regular user … I also found stern warnings NOT TO WRITE TO AN NTFS partition in a discussion on fixing one’s boot record. A post that starts with the sage advice of backing-up your data. Which can be done if you merely mount an NTFS partition for read-only access … though on my system, my NTFS hard drive is read-only accessible merely by double-clicking on the drive icon … your mileage may vary.
UPDATE 3 – One more quick note in response to some comments and emails:
- The Windows NT, Windows 2000 and Windows XP patches from Microsoft are indeed small enough to copy to a floppy (807kb, 898kb and 1,261kb respectively).
- For Windows 2003, you’re going to have to use some other medium as the patch file is 1,454kb in size.
- The Symantec fix is a mere 140kb in size so you only need one floppy, though I always prefer a suspenders/belt combo.
- As for why not just run Linux all the time? Or why not have a dual boot system? Well, because some of us have situations at work where we are not allowed to install a second O/S.
- Why not use a Windows Emergency Boot disk? You can, but I prefer to have a complete operating system with all the trimmings and software I need available when the need arises
- Complicated? A bit, but again, its good to have a complete operating system available when the need arises
- How can I install Windows patch under Linux? You can’t, but you can download the fixes and patches Mozilla, then reboot in Window safe mode.
As always, understand that your mileage may vary … which is why earlier I stated, you should always plan, practice and document contingencies before needing them.