A surge in Blaster worm infections prompted the Computer Emergency Response Team and other experts to recommend...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the following remediation steps for infected machines:
--Physically disconnect from the network.
--If you can't stop your system from rebooting, use the shutdown timer: click Start, Run and Shutdown-a.
--Kill the "msblast.exe" process in the Task Manager by pressing "CTRL-ALT-DELETE," click "Task Manager" button, select the "Processes" tab, highlight "msblast.exe," and click the "End Process" button (CERT notes that this will bring up a Warning dialog box which a user needs to answer "Yes").
--Search the machine for any files named msblast.exe, p-e-n-i-s32.exe (without hyphens), teekids.exe and root32.exe." For each match, right-click and select delete.
--Disable DCOM on all affected machines, but not until all effects have been fully tested. ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).
--Reboot the machine and reconnect to the network.
--Install the patch from Windows Update or MS03-026 ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).
FOR MORE INFORMATION: