A surge in Blaster worm infections prompted the Computer Emergency Response Team and other experts to recommend the following remediation steps for infected machines:
--Physically disconnect from the network.
--If you can't stop your system from rebooting, use the shutdown timer: click Start, Run and Shutdown-a.
--Kill the "msblast.exe" process in the Task Manager by pressing "CTRL-ALT-DELETE," click "Task Manager" button, select the "Processes" tab, highlight "msblast.exe," and click the "End Process" button (CERT notes that this will bring up a Warning dialog box which a user needs to answer "Yes").
--Search the machine for any files named msblast.exe, p-e-n-i-s32.exe (without hyphens), teekids.exe and root32.exe." For each match, right-click and select delete.
--Disable DCOM on all affected machines, but not until all effects have been fully tested. (
--Reboot the machine and reconnect to the network.
--Install the patch from Windows Update or MS03-026 (http://microsoft.com/technet/security/bulletin/MS03-026.asp).
FOR MORE INFORMATION: