Re: Following the Blaster Worm

From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: 08/13/03 

Date: Wed, 13 Aug 2003 15:16:26 -0600

The patch from Microsoft is NOT the repair, it is the prevention.
You also need to repair following ALL steps.
DISCONNECT the subject computer from any network IMMEDIATELY.

Install or enable a firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

VERY IMPORTANT to follow ALL steps, closing ports or installing the
patch is NOT enough.
Download the patch and regedit referenced in the article below.
You may need to do this at an uninfected computer and burn to CD or
save on floppies.
Each file is small enough to fit on a floppy.

Follow this to clean and protect your computer:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall. 

-- 
Jupiter Jones  [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html
"pointer" <pointer@tesco.net> wrote in message
news:035601c361d6$e188cb40$a501280a@phx.gbl...
> I have Norton Anti Virus Cover for which I pay annually.
> After immediately picking up the Blaster worm yesterday,
> I eventually managed to download the patch.    Problem is
> the patch tells me it's isolated the virus, then I get a
> message telling me there is a System Shutdown (usually 1
> minute's warning) caused by NT Authority System Remote
> Procedure Call has necessitated the closure.     I am on
> XP, not NT, and I have tried various things from pages
> and pages of hints suggested on the Microsoft "help"
> pages.  I have tried emailing but believe it or not the
> Microsoft email system - whilst it says mail us - has no
> address automatically in the drop down email blank.  All
> this from a huge & computer geared company!! (not
> impressed as you can tell)   Everything I have had to do
> on email or internet has been within the 1 minute closure
> warning - I am just about going round the bend!!!    If
> anyone out there can save my sanity - I would appreciate
> your help as to how to turn off the NT authority system
> RPC closure!

Relevant Pages

  • Re: Critical Alert Update - W32.Slammer
    ... The .net SDK 1.0 sp1 comes with a very basic SQL Server engine for testing ... >> Microsoft SQL Desktop ... >>>cumulative SQL security patch, is completely safe from ... >> may install SQL ...
    (microsoft.public.security)
  • Critical Alert Update - W32.Slammer
    ... It's not clear if SQL Server 2000 SP1/SP2 includes the ... Microsoft SQL Desktop ... and all applications that install ... >most recent cumulative SQL Server security patch, ...
    (microsoft.public.security)
  • Re: Problems installing critical update
    ... this patch (Security Update for Microsoft XML Core Services 4.0 for Service ... the message is still there when I reboot. ... Microsoft Update to require me to install both KB936181 and KB933579. ...
    (microsoft.public.windowsupdate)
  • Re: Microsoft notice on W32.Slammer
    ... >PSS Security Response Team Alert - New Worm: ... >1434 utilizing a vulnerability that was patched in Microsoft Security ... > Microsoft, however, recommends that customers install the most recent ... >cumulative security patch for Microsoft SQL Server 2000 which is Microsoft ...
    (microsoft.public.sqlserver.security)
  • Re: Shame on Microsoft
    ... Download the patch and remind the user to install. ... every Start Menu since, when, Windows 98? ... Microsoft can't be blamed for ...
    (microsoft.public.security)
Quantcast