Updated 5/10/2004
JT's Computer FAQs
Everything you want to know, plus what you didn't know you'd like to know.
        

Wednesday, August 13, 2003



3 Easy Steps to Eliminate the Windows DCOM Security Vulnerability.

If you know your computer has the "blaster" worm virus, skip ahead to "Eradication".

"Blaster" News

According to cnet, the MSBlast (aka "Blaster") worm infected as many as 100,000 Windows computers in just 24 hours. Infection appears to be slowing due to poor programming of the worm. However, whether you have it or not, you'd best eliminate the possibility of infection to your Windows operating system by eliminating the widely publicized "DCOM" security vulnerability (variations of the "blaster" worm could eventually infect your Windows system if you don't). If your system is worm free, keep it that way by following the 3 steps listed below under "Protecting Against Infection".

The DCOM security vulnerability was published on the Microsoft web site on July 16, 2003. It was only a matter of time before the malicious-minded would flaunt the vulnerability. That day came yesterday.

The worm crashes (or "restarts") some systems because it incorrectly tries using a Windows-2000-specific exploitation technique on Windows XP systems, and vice versa. Whether or not your system is behaving oddly, you can easily detect whether your system has the Microsoft (MS) Blast (or "blaster") worm by following the 3 steps below.


Detection

It's very easy to detect whether you're infected by the MSBlaster worm. Simply follow these 3 steps:

  1. Press control-alt-delete, then click on "Task Manager"
  2. Select the "Processes" tab, then click on the "Image Name" column to sort alphabetically
  3. If there is a process named "msblast.exe" running, then it has been infected

If your system is infected, skip ahead to "Eradication".


Protecting Against Infection

To eliminate the DCOM security vulnerability and protect your system against infection by the MSBlast worm (or any "blaster" variations), follow these 3 steps:

  1. Login to Windows with administrator rights.
  2. Start Internet Explorer and direct the browser to windowsupdate.microsoft.com
  3. Follow the instructions. Install any necessary updates, paying special attention to those in the "Critical Updates and Service Packs" section.


Eradication

Eradication of the worm is relatively easy once detected. Follow these steps:

  1. Login to Windows with administrator rights.
  2. Start Internet Explorer and direct the browser to windowsupdate.microsoft.com
  3. Follow the instructions. Install any necessary updates, paying special attention to those in the "Critical Updates and Service Packs" section.
  4. Reboot the system. Log back in with Administrator rights.
  5. Press control-alt-delete, then click on "Task Manager"
  6. Select the "Processes" tab, then click on the "Image Name" column to sort alphabetically
  7. Find the process named "msblast.exe", and click it once, then press "End Process"
  8. Use Windows Explorer to navigate to the "system32" directory (found in the "winnt" directory on Windows 2000 machines, and in the "windows" directory on Windows XP computers).
  9. Locate the "msblast.exe" file inside the "system32" directory and delete it.
  10. Reboot the system.

That'll do it!


Registry Entry Elimination (Optional)

Though not necessary, purists can also take the following steps to eliminate a registry entry that's already been disabled by deletion of the "msblast.exe" file, above. Be very careful, however, as any mistaken change to the registry could render your system inoperable. Very carefully take these steps:

  1. Start the registry editor by clicking the "Start" button, then "Run..." and typing "regedit".
  2. In regedit navigate to the following "key": HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  3. In the right section of the registry editor find:
    "windows auto update"="msblast.exe"
    and delete it.
  4. Reboot the system.

You've successfully eliminated the MSBlast worm!


Read the cnet article (referenced at top) here.

The top-most "worm" graphic was found here.

"Worms Blast" is a game by Raveware. The logo was found here.




 
August 2003
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Jul   Feb


FAQ Index






Click here to send an email to the editor of this weblog.


 

Find:




h o t z a z # 1




FAQ Index

Lithium-Ion Battery Care -- How to Prolong Your Laptop Computer's Battery Life

MyDoom.B - How To Eliminate the 'My Doom.B' Email Virus


AUGUST 2003

How To Fix or Touch-Up Your Photographs with Photoshop

What Happens When My Domain Name Expires?

How To Stop the Microsoft Windows "Blaster" Worm Virus MSBlast


JULY 2003

How-To Stop Windows Messenger Service Pop-Up Spam


JUNE 2003

What's a Domain Name?

What's a Blog? (Part II)

What's a Blog? (Part I)

U.S. Computer Coach



 

zazoodles
Everything You're Looking For ...
     @ 4oodles.com

Arts
Business
Computers
Games
Health
Home
Kids_and_Teens
News
Recreation
Reference
Regional
Science
Shopping
Society
Sports
World


Search:



 

Links

zaz.com
encyclopedia.to





Top Search Results

"How To Stop the Microsoft Windows "Blaster" Worm Virus MSBlast - Zaz News"

ZazNews on
Google

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.


Top

© Copyright 2004 Kevin JT Binder, kevinbinder.net