|
W32.Blaster.Worm |
|
12
August 2003 - 3:50pm The W32.Blaster.Worm has caused
problems across the world since it was first discovered at 5:00am today.
It affects mainly Windows 2000 and XP computers and servers by exploiting
a security flaw in the operating systems. It makes most infected PCs
reboot themselves when they are connected to the network. It also
stops users from accessing the Windows Update site to download the
required security patch. Removing the worm involves a number of
steps at this stage - these instructions are intended for Computer
Coordinators!: 1.
Shutdown all Win 2000 and XP
computers and servers 2.
Access the internet on a Windows 98
PC (these are not affected) 3.
Download from this site the
appropriate MS patch, For Windows
XP click HERE.
For Windows
2000, click HERE - save the downloaded files each to a blank
floppy disk (one for each patch). 4.
Take the appropriate floppy disk to
an affected Windows PC, disconnect the network cable and logon LOCALLY
(workstation only) to the PC. 5.
When Windows has started, place the
floppy disk in the drive and open My Computer and the Floppy Drive and run
the patch you downloaded. When complete, your PC will reboot.
Reconnect the network cable. 6.
Once the PC has restarted you can
logon to the network again as normal - but you can't use it as normal yet!
7.
Press Ctrl-Alt-Delete, choose the
Processes tab and see if msblast.exe is in memory. If it is,
you need to highlight it and click End Task - click yes to terminate.
8.
Next, you must run a Live Update
from the Symantec (Norton) Antivirus program by right-clicking the gold
shield in the system tray and choosing Open AntiVirus then clicking Live
Update. You need the signature file of 11/8/03. 9.
Download this FixBlast.exe
utility and run it on the affected computers 10.
Complete instructions are detailed
at the bottom of this
link
Hope
that helps. Stu
Hasic |