-
From Mess.be:
Updated: D'z warned me about this earlier on and now Symantec released a security report regarding the W32.Blaster.Worm.
This worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
To find out whether you're infected, press Ctrl+Alt+Del and verify if the process 'MsBlast.exe' is running. If it is, kill the process MsBlast.exe from the task manager. Next, execute regedit.exe and search for the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Delete "windows auto update"="msblast.exe" from the right pane.
Final step: delete msblast.exe from either the Windows System and/or System32 folders.
Update #2: Do these instructions stupefy you? D'z was one of the very first to create an auto-cleaner for this worm, and now Symantec released a removal tool.
[Detailed removal instructions: Symantec.com]
-
-
08-12-2003, 09:05 PM
Software & Hardware -
#2
Poster
nice tip
-
-
08-12-2003, 10:22 PM
Software & Hardware -
#3
Poster
-
-
08-13-2003, 12:03 AM
Software & Hardware -
#4
which specifically targets computers running Windows XP and Windows 2000
Well i guess im safe.
-
-
08-13-2003, 01:09 AM
Software & Hardware -
#5
-
-
08-13-2003, 01:20 AM
Software & Hardware -
#6
Retired
Originally posted by [-Crono-]@12 August 2003 - 16:03
which specifically targets computers running Windows XP and Windows 2000
Well i guess im safe.
I have Win2000. Everything is working great here, no probs.
-
-
08-13-2003, 01:23 AM
Software & Hardware -
#7
what do I put here?
BT Rep: +10
year seems to effect XP users more
-
-
08-13-2003, 04:33 PM
Software & Hardware -
#8
Poster
it effects all windows systems, not linux or MAC
-
-
08-13-2003, 05:02 PM
Software & Hardware -
#9
SWEDISH
BT Rep: +1
-
-
08-13-2003, 05:06 PM
Software & Hardware -
#10
Poster
k i have 2 Questions how did everyone get it and i dloaded the porgram from microsoft is that enough to keep me safe i'm running on xp pro
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks