Article

Experts recommend Blaster fix

Shawna McAlearney, Online Editor, Information Security magazine

A surge in Blaster worm infections prompted the Computer Emergency Response Team and other experts to recommend the following remediation steps for infected machines:


--Physically disconnect from the network.

--If you can't stop your system from rebooting, use the shutdown timer: click Start, Run and Shutdown-a.

--Kill the "msblast.exe" process in the Task Manager by pressing "CTRL-ALT-DELETE," click "Task Manager" button, select the "Processes" tab, highlight "msblast.exe," and click the "End Process" button (CERT notes that this will bring up a Warning dialog box which a user needs to answer "Yes").

--Delete "HKey_Local_Machinesoftwaremicrosoftwindowscurrentversionrunwindowsautoupdate."

--Search the machine for any files named msblast.exe, p-e-n-i-s32.exe (without hyphens), teekids.exe and root32.exe." For each match, right-click and select delete.

--Disable DCOM on all affected machines, but not until all effects have been fully tested. (

    Requires Free Membership to View

http://microsoft.com/technet/security/bulletin/MS03-026.asp).

--Reboot the machine and reconnect to the network.

--Install the patch from Windows Update or MS03-026 (http://microsoft.com/technet/security/bulletin/MS03-026.asp).

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Computers not out of Blaster woods"

SearchSecurity.com news exclusive: "Blaster variants shouldn't be major headache"

Featured Topic on Blaster-A

Microsoft security bulletin MS03-026


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: