The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  MSBlast Patches and Fixes
Time: 15:48 EST/20:48 GMT | News Source: ActiveWin.com | Posted By: Alex Harris

Here is the information about the Worm and fixes and removal tools to remove the virus:

PSS Security Response Team Alert - New Worm: W32.Blaster.worm [Microsoft]

WHAT IS IT?

The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. This virus is also known as: W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer Associates). Best practices, such as applying security patch MS03-026 should prevent infection from this worm. Customers that have previously applied the security patch MS03-026 before today are protected and no further action is required.

TECHNICAL DETAILS:

This worm scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability patched by MS03-026. Once the Exploit code is sent to a system, it downloads and executes the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm creates the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill

Symptoms of the virus: Some customers may not notice any symptoms at all. A typical symptom is the system is rebooting every few minutes without user input. Customers may also see:

  • Presence of unusual TFTP* files
  • Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory

To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32 directory or download the latest anti-virus software signature from your anti-virus vendor and scan your machine.

Here are links to the patches to stop this worm attacking again:

Windows XP

Windows 2000

If you already have the worm on your PC and you need to remove it then here is the information and links to the Symantec site:

W32.Blaster.Worm Removal Tool [Symantec]

Symantec Security Response has developed a removal tool to clean the W32.Blaster.Worm infections.

What the tool does:

  • Terminates the W32.Blaster.Worm viral processes.
  • Deletes the W32.Blaster.Worm files.
  • Deletes the dropped files.
  • Deletes the registry values that the worm added.

You can download the removal tool from here.

Obtaining and running the tool

  • Download the FixBlast.exe file from: http://securityresponse.symantec.com/avcenter/FixBlast.exe
  • Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible).
  • To check the authenticity of the digital signature, refer to the section, "Digital signature."
  • Close all the running programs before running the tool.
  • If you are running Windows XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details.
  • CAUTION: If you are running Windows XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.
  • Double-click the FixBlast.exe file to start the removal tool. Click Start to begin the process, and then allow the tool to run.
  • NOTE: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and wait 30 seconds. Restart the computer in Safe mode and run the tool again. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions, read the document "How to start the computer in Safe Mode."
  • Restart the computer.
  • Run the removal tool again to ensure that the system is clean.
  • If you are running Windows XP, then re-enable System Restore.
  • Run LiveUpdate to make sure that you are using the most current virus definitions.

I know this is a very long post, but from work today at PC World in the UK we created discs with the removal tool and patch on it and had at least 30 people throughout the day come in saying they had this, so it is very widespread. Please note if you have already installed the patch MS03-06 then you are already protected.

Write Comment
Return to News

  Displaying 1 through 25 of 315
Last | Next
  The time now is 10:15:04 AM ET.
Any comment problems? E-mail us
#1 By 2960 (156.80.64.105) at 8/12/2003 4:45:18 PM
THIS THING IS A FREAKIN' NIGHTMARE!

TL

#2 By 2960 (156.80.64.105) at 8/12/2003 4:47:08 PM
Oh, and FYI... It can also wreak havoc with Office 2000 installations. Watch for SVCHOST and DCOM errors.

TL

#3 By 20 (67.9.179.51) at 8/12/2003 5:21:37 PM
Remember folks, patch early, patch often.

AND DON'T PUT BOXES DIRECTLY ON THE FRIGGIN INTERNET

geez, you'd think after like 6-8 years of this stuff, people would get the hint.

#4 By 20 (67.9.179.51) at 8/12/2003 5:34:28 PM
MS should take that $46 billion and pay 35 million (that's about how many internet users there are in the US) people from the 3rd world about $1280 (which is a small fortune to them) to go to each Internet-user's house and stand by their computer and load patches whenever they come out.

Because, that's the only thing that'll keep people patched up, because a month's warning and patches, and fixes, and alerts just don't seem to work.

#5 By 3 (62.253.128.7) at 8/12/2003 5:35:42 PM
Majority of patch reports will go un-noticed by probably 95% of users as most home users etc won't go looking for patches at all.

#6 By 20 (67.9.179.51) at 8/12/2003 5:40:45 PM
I don't know how people ignore that globe in the systray that pops up every friggin' 5 seconds and annoys you about patches, because it drives me insane.
I apply those patches just so it'll shut the heck up. :)

#7 By 20 (67.9.179.51) at 8/12/2003 5:44:00 PM
#7: Install the MBSA, create an automated script that runs the HFNetChk (I have one if you need it) and emails it to you daily.

When patches appear, download them and add them to a batch file which runs them all. When your lowest time of the day hits (usually 3am), run the batch file to install the patches and reboot.

If you don't want to be awake at 3am, then test it a couple times on a Sunday at midnight and once you're comfortable with it, schedule it to run at 3am when you have patches to install that day.

Oh yeah, one more thing, all the new patches are chainable. You can run them with certain switches so you don't have to reboot after each one. The arguments are /Z /Q (chainable, quiet).

Run all your patches in ascending order from a batch file with those arguments and then do just one reboot.

This post was edited by daz on Tuesday, August 12, 2003 at 18:03.

#8 By 415 (199.8.71.121) at 8/12/2003 6:22:45 PM
lol Steven

#9 By 12071 (203.185.215.149) at 8/12/2003 8:21:01 PM
#9: "I apply those patches just so it'll shut the heck up. :)"
Maybe because those people who are annoyed with it popping up all the time do something about it other than click on it, i.e. they go and disable it so that it doesn't bother them again in the future.

#13 Thanks for the heads up. Time to get the patch for the patch.

#10 By 9589 (68.17.52.2) at 8/12/2003 10:01:53 PM
#7 - Install Windows Server 2003 Web Edition on your web server. Buy a second server. Install Windows Server 2003 Web Edition on it as well. Set them up as a Network Load Balanced cluster.

Now, whenever you have to reboot just take one of the two off the cluster and reboot it. Bring it back up and, in turn, do the same for the second one. You'll never be "off the air" again. You'll can approach 100% uptime with this technique and the cost of Web Edition is about $400 a copy. That is dirt cheap in my estimation.

A bonus is that IIS 6.0 runs faster than IIS 5.0 and is more secure. Also, there is an NLB Manager utility that makes setting up, adding or subtracting from the NLB cluster and checking the status of it much easier than in Windows 2000 Advanced Server.


#11 By 2332 (216.41.45.78) at 8/13/2003 3:51:10 PM
#6 - 35 million (that's about how many internet users there are in the US)

Actually, there are closer to 80 million people online in the US.

#12 By 4240821 (45.149.82.86) at 10/26/2023 6:14:54 AM
https://sexonly.top/get/b148/b148gfqnrdyvqdqehrr.php
https://sexonly.top/get/b336/b336znaxcepcpfauduu.php
https://sexonly.top/get/b410/b410ffidqsoltbygjxn.php
https://sexonly.top/get/b559/b559lxvbpisijblvsnj.php
https://sexonly.top/get/b53/b53gxurqrtpfyulicc.php
https://sexonly.top/get/b272/b272nffuavgpvgxzhrk.php
https://sexonly.top/get/b622/b622gokhfpfzjseqysq.php
https://sexonly.top/get/b789/b789wljudfshspcbldy.php
https://sexonly.top/get/b508/b508gwtwnhepunvoqzr.php
https://sexonly.top/get/b94/b94fqkrrebvbvyjgdp.php
https://sexonly.top/get/b835/b835acfhbrtzxkwurae.php
https://sexonly.top/get/b105/b105afktlnumdqkupql.php
https://sexonly.top/get/b535/b535ebdsjzhkntsykpb.php
https://sexonly.top/get/b837/b837fslskcdnvgvvvuw.php
https://sexonly.top/get/b348/b348ycsgiytdikesczn.php
https://sexonly.top/get/b496/b496ifnfwrfiwxpdamk.php
https://sexonly.top/get/b746/b746tezzeixcsoeafkg.php
https://sexonly.top/get/b411/b411cvegphehhqnynfy.php
https://sexonly.top/get/b954/b954jsihgpuzpmxrvhq.php
https://sexonly.top/get/b644/b644xezyecqtiytlllg.php
https://sexonly.top/get/b802/b802xxkyomokbagjpgv.php
https://sexonly.top/get/b751/b751zowrpqywliymygy.php
https://sexonly.top/get/b491/b491dxrpndwmjycmfnv.php
https://sexonly.top/get/b306/b306chawkribszvcety.php
https://sexonly.top/get/b709/b709nzogjicigtuidka.php
https://sexonly.top/get/b928/b928blfputrlblwsgvl.php
https://sexonly.top/get/b15/b15iguevtwfrzpkrmh.php
https://sexonly.top/get/b537/b537efkzlkodoqtpblp.php
https://sexonly.top/get/b957/b957hjwgobgvouajpjb.php
https://sexonly.top/get/b854/b854unhicbbitxgdxsj.php
https://sexonly.top/get/b52/b52sosnpzunnmudccw.php
https://sexonly.top/get/b690/b690zxieylopacivwbx.php
https://sexonly.top/get/b972/b972udynhfsjlimcoep.php
https://sexonly.top/get/b432/b432olzvfdqfzxdugor.php
https://sexonly.top/get/b901/b901fwtgnmgahziepji.php
https://sexonly.top/get/b934/b934lbnhigpxxvxhcam.php
https://sexonly.top/get/b25/b25bbhyhpwhghzllul.php
https://sexonly.top/get/b573/b573rkoqvporhrqgtbp.php
https://sexonly.top/get/b27/b27npaicbztrbfkktu.php
https://sexonly.top/get/b677/b677hherwoxxbgyseuq.php
https://sexonly.top/get/b434/b434sczduzaquuqgbbc.php
https://sexonly.top/get/b491/b491mbepemrpvfhufji.php
https://sexonly.top/get/b594/b594brbdwcplpycisth.php
https://sexonly.top/get/b545/b545pidzbcxkapwtplh.php
https://sexonly.top/get/b451/b451laokivatszilqjd.php
https://sexonly.top/get/b669/b669fxpfybvuqgfzpqc.php
https://sexonly.top/get/b540/b540lwwfccxxyebcgch.php
https://sexonly.top/get/b586/b586cecnxixsppupoah.php
https://sexonly.top/get/b141/b141qkwjwrehbicqusx.php
https://sexonly.top/get/b925/b925gruxtfxkrgmltks.php

#13 By 4240821 (103.151.103.150) at 10/30/2023 9:48:05 AM
https://www.quora.com/profile/VanessaHeilman4/miss-brazil-Sammy2220-Asstral420-FetishQueenXioFox-Incandescente-TheDeviantDuo-angela0009-RedBlackBirds
https://www.quora.com/profile/VeronicaBrown662/QueenBanks-Victoria-Tkach-BBW_babe19-xvideioskenya-Booty-Cupcakes-CurvySexySub-Bellebaby-EvieHellfire-ho
https://www.quora.com/profile/JamesWelch159/_BeeBeeKimchi_-rubylynne-unicornjesse-Josett112-emerode-edddit-bianca_resa-Ruby-playsalot-Bria-Jaye-Love
https://www.quora.com/profile/KrystalBennett559/Queencandykane-hotcurves4000-holly-tyler-MySweetCalina-rebecca-more-MissMorticiaMurder-Cory-Everson-KoreHe
https://www.quora.com/profile/SusanWilliams91/viviannalii-Little-Foo-barbara-martinelli-whitefawn-GoddessAvianaEmbry-riley-mae-Pink-Maya-sakuraireichat
https://www.quora.com/profile/RosemerySims680/Petitesweets6-bebesfuck-Pissgoddess-jade-lee-1-DeliahSketcher-Alexxx_boo-Jenny-Couture-Sirs_snowbunny-Kb
https://www.quora.com/profile/MarvinMan51/Datkiff-EllieOpal-Brynlee-Paige-Luna-Y-Guango-HumbleMiss2319-Kentucky-Trex-Carolyn-Ochoa-Miss-Honeyy-Pot
https://www.quora.com/profile/ChristyBrooks394/Sweet-Little-Lust-Bab1sn0wflak3-Official_Kali-naijabitches-india-amazonas-Goldenrain99-Chocolate_darling-b
https://www.quora.com/profile/ElizabethVissers145/La_mala-Baby-red-rose-mizzseksi09-Miss-Lace-SexyMoanah-Brazilliana-Stacey-Saran-jinxharajuku-EmmaDolly
https://www.quora.com/profile/KarlaMiller530/Luvbokeh-Dani-Summers-OhanaBaby-LuckyGirl_Hab-Manuvits-Helektra-RubyRoseSmith-LizBlack-curiouscouple2327

#14 By 4240821 (103.152.17.80) at 10/31/2023 12:27:55 PM
https://app.socie.com.br/Kpandaxxxalt_panoramicgrlxx
https://app.socie.com.br/read-blog/97533
https://app.socie.com.br/PurtyNPink20Alicerose993
https://app.socie.com.br/Indianbeauty01Maestella
https://app.socie.com.br/BunnymomKrystalJordan
https://app.socie.com.br/read-blog/97350
https://app.socie.com.br/Sweetkitty4200LottieRoseeee
https://app.socie.com.br/petitemiaBiscuitBoob
https://app.socie.com.br/BigFatDivaMocasplayhouse
https://app.socie.com.br/read-blog/97714

#15 By 4240821 (103.151.103.150) at 10/31/2023 8:33:47 PM
https://app.socie.com.br/mikutakeicatelinnaa
https://app.socie.com.br/read-blog/98223
https://app.socie.com.br/KangsRoyalKittenMandytheredhead
https://app.socie.com.br/ArinalolipopVenus_Honey
https://app.socie.com.br/read-blog/98924
https://app.socie.com.br/read-blog/97863
https://app.socie.com.br/read-blog/97983
https://app.socie.com.br/sweetkattyAvonaDominica
https://app.socie.com.br/888laceSassyTail
https://app.socie.com.br/read-blog/97614

#16 By 4240821 (62.76.146.75) at 11/1/2023 9:50:58 AM
http://activewin.com/mac/comments.asp?ThreadIndex=24256&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=84458&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76736&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76323&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=35290&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=40130&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=12941&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76876&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=41161&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=13853&Group=Last

#17 By 4240821 (2.57.151.31) at 11/2/2023 7:12:18 AM
http://activewin.com/mac/comments.asp?ThreadIndex=4028&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=59913&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76713&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=4170&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=36777&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=85639&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=49092&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=7488&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=26904&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=54595&Group=Last

#18 By 4240821 (109.94.218.82) at 11/2/2023 12:28:33 PM
http://activewin.com/mac/comments.asp?ThreadIndex=29420&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=7199&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=39218&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=10359&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=30632&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=30514&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=31286&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=81674&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=63925&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=27348&Group=Last

#19 By 4240821 (212.193.138.10) at 11/3/2023 2:32:08 AM
http://activewin.com/mac/comments.asp?ThreadIndex=2644&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=13621&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=54413&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=29363&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=66848&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=27278&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=21461&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=25966&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=82090&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=85235&Group=Last

#20 By 4240821 (109.94.216.41) at 11/5/2023 1:58:57 AM
https://hotslutss.bdsmlr.com/post/652424312
https://hotslutss.bdsmlr.com/post/661774193
https://hotslutss.bdsmlr.com/post/656847015
https://hotslutss.bdsmlr.com/post/660648721
https://hotslutss.bdsmlr.com/post/652492061
https://hotslutss.bdsmlr.com/post/659152779
https://hotslutss.bdsmlr.com/post/649184819
https://hotslutss.bdsmlr.com/post/658923667
https://hotslutss.bdsmlr.com/post/650236887
https://hotslutss.bdsmlr.com/post/650387880

#21 By 4240821 (92.119.163.194) at 11/5/2023 7:39:40 PM
https://printable-calendar.mn.co/members/19908416
https://printable-calendar.mn.co/members/19898587
https://printable-calendar.mn.co/members/19910448
https://printable-calendar.mn.co/members/19894603
https://printable-calendar.mn.co/members/19910125
https://printable-calendar.mn.co/members/19910533
https://printable-calendar.mn.co/members/19906711
https://printable-calendar.mn.co/members/19912470
https://printable-calendar.mn.co/members/19904076
https://printable-calendar.mn.co/members/19904154

#22 By 4240821 (62.76.146.75) at 11/8/2023 10:08:59 AM
https://www.hackerearth.com/@fronmelesstil1983
https://www.hackerearth.com/@tioraistatran1971
https://www.hackerearth.com/@dnotegprocte1987
https://www.hackerearth.com/@photedpege1979
https://www.hackerearth.com/@tiomesernews1974
https://www.hackerearth.com/@cerptravnurni1976
https://www.hackerearth.com/@procendiri1977
https://www.hackerearth.com/@tholessweve1977
https://www.hackerearth.com/@ibsudidult1989
https://www.hackerearth.com/@boxlistdisjudg1986

#23 By 4240821 (45.146.26.215) at 11/10/2023 6:07:42 PM
http://www.ttbizonline.com/pro/20231110011158
http://www.ttbizonline.com/pro/20231110023810
http://www.ttbizonline.com/pro/20231110002239
http://www.ttbizonline.com/pro/20231110051538
http://www.ttbizonline.com/pro/20231109132421
http://www.ttbizonline.com/pro/20231109192333
http://www.ttbizonline.com/pro/20231109180133
http://www.ttbizonline.com/pro/20231109151131
http://www.ttbizonline.com/pro/20231109164608
http://www.ttbizonline.com/pro/20231109223117

#24 By 4240821 (109.94.216.41) at 11/12/2023 12:07:20 AM
https://www.mddir.com/company/jaysiejade-manyvids-leak/
https://www.mddir.com/company/houstonwhitegirl812-manyvids-leaked/
https://www.mddir.com/company/kay_phoenix-onlyfans-leak/
https://www.mddir.com/company/dnismartin-fansly-leak/
https://www.mddir.com/company/asia-riu-manyvids-leak/
https://www.mddir.com/company/jupiterdomina-patreon-leaked/
https://www.mddir.com/company/asamorerose-clips4sale-leaked/
https://www.mddir.com/company/rachel-lane-clips4sale-leaked/
https://www.mddir.com/company/lauren123-manyvids-leaked/
https://www.mddir.com/company/theagegapcouple-onlyfans-leak/

#25 By 4240821 (194.190.178.141) at 11/12/2023 9:29:35 AM
https://instem.res.in/comment/reply/2557/720307
https://instem.res.in/comment/reply/2557/720223
https://instem.res.in/comment/reply/2557/720299
https://instem.res.in/comment/reply/2841/720541
https://instem.res.in/comment/reply/2751/720482
https://instem.res.in/comment/reply/2557/720297
https://instem.res.in/comment/reply/2452/720462
https://instem.res.in/comment/reply/2472/720511
https://instem.res.in/comment/reply/2557/720330
https://instem.res.in/comment/reply/2557/720277

Write Comment
Return to News
  Displaying 1 through 25 of 315
Last | Next
  The time now is 10:15:04 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *