"Anthony Edwards" wrote in message
On Wed, 13 Aug 2003 13:36:11 +0100, Julian Fowler
wrote:
Yep, this one's genuine. You're more likely to be vulnerable if you
are on broadband (or otherwise have a 24/7 connection to the 'net).
You *should* be OK if you've kept your OS and anti-virus s/w up to
date, and/or run behind a firewall. If not, consider doing so ASAP
(the 'Blaster' worm is, as Keith says, *nasty*). Symantec have a
worm removal tool (free) on their website.
However, the Symantec removal tool is only likely to be effective if
the machine is patched first, using the downloadable patch available
at:
http://www.microsoft.com/technet/sec...n/MS03-026.asp
I have a report of someone's machine getting infected 3 times while trying
to download the MS patch.
The Symantec security response document including a link to the
downloadable detection and removal tool is available at:
http://securityresponse.symantec.com...aster.worm.htm
l
This is somewhat unusual (needing to patch the infected machine
concerned before detection and removal of the worm) and owners of
infected Windows XP machines should pay particular attention to the
instructions in the Symantec security response document, specifically
the section "1. Disabling System Restore (Windows XP)".
A short answer for disabling this virus a
(0) remove any network or modem cables attached to the machine.
(1) Bring your machine up in "Safe Mode" by pressing F5 while re-booting.
The virus will give you ample opportunities to do this!
(2) Go to My Computer
(3) Open up your "C" drive
(4) Open up the "Windows" folder
(5) Open up the "System32" folder in the "Windows" folder
(6) Delete the MSBLAST.EXE file.
You can avoid reinfection the next time you go online by downloading and
applying the (now) well-known fix from MS. The obvious challenge is getting
the fix before you get re-infected.
'Blaster' Virus Alert - Genuine AFAIK
Linear Mode
