Administrative Tools then Computer management then sub under adminstrative tools click local users and groups in the left hand side on the right hand side it will show a list of diffrent logins to your computer any you did not make delete the 2 that it will not allow deletion ones Administrator the other a guest account password protect them then goto c:\winnt\system32 look for msblast.exe delete it then goto registry delete the reg key for it there then go back to the system32 directorie and look for any folders with out of place nameslike (inetserv comserv saved uploads dloads) you should also check for files and folders in the c:\winnt\system32\drivers\etc folder
OR/And
Worm will exploit the DCOM RPC vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user.
At times like these, when millions can't access the NET; even some companies grinding to a complete halt, It's good to have a TOP Router, with onboard NAT & Anti-Viral. I like paying more for my ISP, because this problem is simply a 'Ghost' for me...
Resolution if you have Norton and the subscription is current.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select “Turn off system restore” or “Turn off system restore on all drives”
e. Click Apply
f. A system restore box will come up, “Do you want to turn off system restore?” Click YES
g. Click OK
2. Update virus definitions. Run LiveUpdate. NOTE: If you are unable to download the update follow step 2 in the resolution below “Resolution if you don’t have a current Norton subscription.” then attempt it again.
3. Scanning for and deleting the infected files.
a. Run a full system scan.
b. If any files are detected as infected with W32.Blaster.Worm, click Delete.
4. Deleting the registry value.
a. Delete the registry value.
b. Click Start, and then click Run
c. Type regedit
d. Click OK
e. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
f. Delete the value “windows auto update” “msblast.exe” in the right panel.
g. Exit the registry editor.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the “Turn off System Restore” or “Turn off system restore on all drives.
e. Click Apply and then OK.
6. Do a Windows update and download all critical updates.
No Norton?
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select “Turn off system restore” or “Turn off system restore on all drives”
e. Click Apply
f. A system restore box will come up, “Do you want to turn off system restore?” Click YES
g. Click OK
2. Enable the Microsoft Firewall. (This should allow you to download without losing the connection.)
a. Click Start, settings control panel
b. Windows XP classic control panel double click network connections or in Windows XP category view click Network and Internet connections, then click Network connections.
c. Right click on the local area connection and select properties.
d. Click on the advanced Tab.
e. Click Protect my computer.
f. Click OK
g. Close the control panel.
3. Download update.
Download and install the MS03-026 patch
MICROSOFT PATCH: www.microsoft.com – go to [resources] in left-frame and downloads. Under [Most Popular Downloads]: Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution
4. Deleting the registry value, and files.
Delete the registry value.
a. Click Start, and then click Run
b. Type regedit
c. Click OK
d. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
e. Delete the value “windows auto update” “msblast.exe” in the right panel.
f. Exit the registry editor.
End task on msblast.exe
g. Hit
h. Select Task Manager
i. Choose the Processes tab.
j. Select msblast.exe then click the end process button.
Delete msblast.exe.
k. Click start then Search
l. Select all files and folders.
m. In all or part of the file name type msblast
n. Verify, look in your local hard drives.
o. Click search.
p. After it searches delete the files msblast.exe
q. Empty the recycle bin.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the “Turn off System Restore” or “Turn off system restore on all drives.
e. Click Apply and then OK.
OR/And
Worm will exploit the DCOM RPC vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user.
At times like these, when millions can't access the NET; even some companies grinding to a complete halt, It's good to have a TOP Router, with onboard NAT & Anti-Viral. I like paying more for my ISP, because this problem is simply a 'Ghost' for me...
Resolution if you have Norton and the subscription is current.
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select “Turn off system restore” or “Turn off system restore on all drives”
e. Click Apply
f. A system restore box will come up, “Do you want to turn off system restore?” Click YES
g. Click OK
2. Update virus definitions. Run LiveUpdate. NOTE: If you are unable to download the update follow step 2 in the resolution below “Resolution if you don’t have a current Norton subscription.” then attempt it again.
3. Scanning for and deleting the infected files.
a. Run a full system scan.
b. If any files are detected as infected with W32.Blaster.Worm, click Delete.
4. Deleting the registry value.
a. Delete the registry value.
b. Click Start, and then click Run
c. Type regedit
d. Click OK
e. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
f. Delete the value “windows auto update” “msblast.exe” in the right panel.
g. Exit the registry editor.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the “Turn off System Restore” or “Turn off system restore on all drives.
e. Click Apply and then OK.
6. Do a Windows update and download all critical updates.
No Norton?
1. Disable system Restore.
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Select “Turn off system restore” or “Turn off system restore on all drives”
e. Click Apply
f. A system restore box will come up, “Do you want to turn off system restore?” Click YES
g. Click OK
2. Enable the Microsoft Firewall. (This should allow you to download without losing the connection.)
a. Click Start, settings control panel
b. Windows XP classic control panel double click network connections or in Windows XP category view click Network and Internet connections, then click Network connections.
c. Right click on the local area connection and select properties.
d. Click on the advanced Tab.
e. Click Protect my computer.
f. Click OK
g. Close the control panel.
3. Download update.
Download and install the MS03-026 patch
MICROSOFT PATCH: www.microsoft.com – go to [resources] in left-frame and downloads. Under [Most Popular Downloads]: Windows XP Security Patch: Buffer Overrun In RPC Interface Could Allow Code Execution
4. Deleting the registry value, and files.
Delete the registry value.
a. Click Start, and then click Run
b. Type regedit
c. Click OK
d. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
e. Delete the value “windows auto update” “msblast.exe” in the right panel.
f. Exit the registry editor.
End task on msblast.exe
g. Hit
h. Select Task Manager
i. Choose the Processes tab.
j. Select msblast.exe then click the end process button.
Delete msblast.exe.
k. Click start then Search
l. Select all files and folders.
m. In all or part of the file name type msblast
n. Verify, look in your local hard drives.
o. Click search.
p. After it searches delete the files msblast.exe
q. Empty the recycle bin.
5. Enable system Restore
a. Click Start, settings control panel
b. Windows XP classic control panel double click system or in Windows XP category view click Performance and Maintenance, then click system.
c. Click the System Restore tab in the system properties box.
d. Clear the “Turn off System Restore” or “Turn off system restore on all drives.
e. Click Apply and then OK.