RE: Worm
From: Curtis Koenig [MSFT] (ckoenig_at_online.microsoft.com)
Date: 08/13/03
- Next message: Nicholas: "Re: Blaster worm!!!!!....."
- Previous message: Nicholas: "Re: MS-03026 Patch"
- In reply to: Robert: "Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 16:35:50 GMT
Hi Robert,
You can also try these steps yourself if you are comfortable working in
your registry:
1. Remove the infected computer from the network and reboot into Safe Mode.
2. Locate the files below, plus the Value "windows auto update" under the
Run registry key and deleted them all:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSBLAST.EXE under the "C:\Windows\system32" folder
MSBLAST.EXE-1c3a3376.PIF under the "C:\Windows\prefetch" folder
2a. If you are running Windows XP (any version) it is also recommended that
the Internet Connection Firewall be enabled to prevent re-infection when
connecting to the internet.
3.Contact your Antivirus provider for assistance in using any removal tools
they are providing or you can use one that Symantec is providing.
Symantec's Removal tool
<http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.re
moval.tool.html>.
4. If the OS continues to shut down when trying to connect to
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp, with the
dialog box stating the OS will be shutting down in 30 seconds.
Set the RPC Service to "Take No Action" and reboot, this should allow you
to download the patch and install it.
If you think this is too much then you can call our Product Support
numbers, assistance with Virus/Worm removal should be free.
-- Curtis Koenig Support Professional Microsoft Clustering Technologies Support MCSA, MCSAS,MCSE, MCSES This posting is provided "AS IS" with no warranties and confers no rights. Please reply to the newsgroup so that others may benefit. Thanks! -------------------- >Content-Class: urn:content-classes:message >From: "Robert" <boab363@hotmail.com> >Sender: "Robert" <boab363@hotmail.com> >Subject: Worm >Date: Wed, 13 Aug 2003 07:40:09 -0700 >Lines: 4 >Message-ID: <00c201c361a8$cb75c980$a101280a@phx.gbl> >MIME-Version: 1.0 >Content-Type: text/plain; > charset="iso-8859-1" >Content-Transfer-Encoding: 7bit >X-Newsreader: Microsoft CDO for Windows 2000 >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 >Thread-Index: AcNhqMt1PovZvwdBROqGbXCKAov+Qg== >Newsgroups: microsoft.public.windowsxp.security_admin >Path: cpmsftngxa06.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.security_admin:73797 >NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161 >X-Tomcat-NG: microsoft.public.windowsxp.security_admin > >I Have the Blaster Worm On my home computer. Can someone >please tell me how to get rid of this thing. As you can >tell computing wasnt my best subject at school so all >answers in lehmans terms please. >
- Next message: Nicholas: "Re: Blaster worm!!!!!....."
- Previous message: Nicholas: "Re: MS-03026 Patch"
- In reply to: Robert: "Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
