Removal of blaster worm - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 08-12-2003, 04:25 PM   #1 (permalink)
Newb Techie
 
Join Date: Aug 2003
Posts: 3
Default Removal of blaster worm

Blaster, also known as LovSan, began spreading early Monday afternoon Eastern time and quickly gained momentum. The worm exploits the RPC DCOM (Distributed Component Object Model) vulnerability in all of the current versions of Windows, except ME. The worm scans the Internet and attempts to connect to TCP port 135. After establishing a connection, Blaster spawns a remote shell on port 4444 and then uses TFTP (Trivial File Transfer Protocol) to download the actual binary containing the worm. The worm is self-extracting and immediately begins scanning for other machines to infect.

For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch.
__________________

taliesin is offline  
Old 08-12-2003, 06:07 PM   #2 (permalink)
Newb Techie
 
Join Date: Aug 2003
Posts: 1
Default

I have removed the worm from my system ...but now my system fails to respond to shutdown or retstart..Does anyone else have this problem and how can I fix it without using the system recovery????
__________________

leo_G is offline  
Old 08-12-2003, 06:37 PM   #3 (permalink)
Super Techie
 
Join Date: Aug 2003
Posts: 268
Default

Does this help?

Disable System Restore (just turn it off) in System Properties (Windows key & Pause/Break together) .

Then go:

Start> Run> type"services.msc" into the Run box and enter >Double-click on "Remote Procedure Call (RPC)" > right click/ Properties/ Recovery/Choose "Take no action" from all the combo boxes>OK>close the window

hth
roho is offline  
Old 08-13-2003, 08:10 AM   #4 (permalink)
Techie Beyond Description
 
Apokalipse's Avatar
 
Join Date: Jun 2003
Location: Melbourne, Australia
Posts: 14,559
Default

go to http://securityresponse.symantec.com...r/FixBlast.exe for a removal tool for the worm
__________________
Apokalipse is offline  
Old 08-13-2003, 08:51 AM   #5 (permalink)
Techie Beyond Description
 
Apokalipse's Avatar
 
Join Date: Jun 2003
Location: Melbourne, Australia
Posts: 14,559
Default

and http://www.microsoft.com/technet/tre...n/MS03-026.asp to prevent your system from catching the virus
__________________
Apokalipse is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:08 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.