Experts recommend Blaster fix

Think you have the Blaster worm? This article walks you through the removal steps.

A surge in Blaster worm infections prompted the Computer Emergency Response Team and other experts to recommend the following remediation steps for infected machines:


--Physically disconnect from the network.

--If you can't stop your system from rebooting, use the shutdown timer: click Start, Run and Shutdown-a.

--Kill the "msblast.exe" process in the Task Manager by pressing "CTRL-ALT-DELETE," click "Task Manager" button, select the "Processes" tab, highlight "msblast.exe," and click the "End Process" button (CERT notes that this will bring up a Warning dialog box which a user needs to answer "Yes").

--Delete "HKey_Local_Machinesoftwaremicrosoftwindowscurrentversionrunwindowsautoupdate."

--Search the machine for any files named msblast.exe, p-e-n-i-s32.exe (without hyphens), teekids.exe and root32.exe." For each match, right-click and select delete.

--Disable DCOM on all affected machines, but not until all effects have been fully tested. ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).

--Reboot the machine and reconnect to the network.

--Install the patch from Windows Update or MS03-026 ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Computers not out of Blaster woods"

SearchSecurity.com news exclusive: "Blaster variants shouldn't be major headache"

Featured Topic on Blaster-A

Microsoft security bulletin MS03-026

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close