A surge in Blaster worm infections prompted the Computer Emergency Response Team and other experts to recommend...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the following remediation steps for infected machines:
--Physically disconnect from the network.
--If you can't stop your system from rebooting, use the shutdown timer: click Start, Run and Shutdown-a.
--Kill the "msblast.exe" process in the Task Manager by pressing "CTRL-ALT-DELETE," click "Task Manager" button, select the "Processes" tab, highlight "msblast.exe," and click the "End Process" button (CERT notes that this will bring up a Warning dialog box which a user needs to answer "Yes").
--Search the machine for any files named msblast.exe, p-e-n-i-s32.exe (without hyphens), teekids.exe and root32.exe." For each match, right-click and select delete.
--Disable DCOM on all affected machines, but not until all effects have been fully tested. ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).
--Reboot the machine and reconnect to the network.
--Install the patch from Windows Update or MS03-026 ( http://microsoft.com/technet/security/bulletin/MS03-026.asp).
FOR MORE INFORMATION: