Blogs | Page-109 | Boshdirect by Josh Lyon

All Blog Categories

Written by Josh Lyon

Monday, 26 March 2007 12:15

Remove the Blaster Worm [MSBlast, Blaster, etc.]

Editing the RPC to allow you to connect to the internet
- Start > Run
- Type: "services.msc /s" in the open line and click OK
- On the right hand side find the Remote Procedure Call service [there is a Remote Procedure Call Locator service, do not confuse the two]
- Right-click the Remote Procedure Call (RPC) service, and then click Properties.
- Click the Recovery tab.
- Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
- Click Apply, and then click OK.
  
  Note: Make sure you change these back after removing the virus.
For Windows XP
- If your computer reboots repeatedly, please unplug your network cable from the wall.
- First, enable Internet Connection Firewall (ICF) in Windows XP: http://go.microsoft.com/?linkid=220772
  - In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
  - Right-click the connection on which you would like to enable ICF, and then click "Properties".
  - On the Advanced tab, click the box to select the option to "Protect my computer or network".
- Plug the network cable back into the wall to reconnect your computer to the Internet
- Download the MS03-026 security patch from Microsoft and install it on your computer:
- Install or update your antivirus signature software and scan your computer
- Download and run the worm removal tool from your antivirus vendor.
For Windows 2000 systems, where Internet Connection Firewall (ICF) is not available, the following steps will help block the affected ports so that the system can be patched. These steps are based on a modified excerpt from the article; HOW TO: Configure TCP/IP Filtering in Windows 2000. http://go.microsoft.com/?linkid=220775
- Configure TCP/IP security on Windows 2000:
  - Select "Network and Dial-up Connections" in Control Panel.
  - Right-click the interface you use to access the Internet, and then click "Properties".
  - In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
  - In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
  - Click the "Options" tab.
  - Click "TCP/IP filtering", and then click "Properties".
  - Select the "Enable TCP/IP Filtering (All adapters)" check box.
  - There are three columns with the following labels:
    1. TCP Ports
    2. UDP Ports
    3. IP Protocols
  - In each column, you must select the "Permit Only" option.
  - Click OK.
- Download the MS03-026 security patch for Windows 2000 from Microsoft and install it on your computer from: http://go.microsoft.com/?linkid=220776
- Install or update your antivirus signature software and scan your computer
- Then, download and run the worm removal tool from your antivirus vendor.

Prevention:

Turn on Internet Connection Firewall (Windows XP or Windows Server 2003) or use a third-party firewall to block TCP ports 135, 139, 445 and 593; UDP port 135, 137,138; also UDP 69 (TFTP)and TCP 4444 for remote command shell. To enable the Internet Connection Firewall in Windows: http://go.microsoft.com/?linkid=220782

In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
Right-click the connection on which you would like to enable ICF, and then click "Properties".

On the Advanced tab, click the box to select the option to "Protect my computer or network".

This worm utilizes a previously announced vulnerability as part of its infection method. Because of this, customers must ensure that their computers are patched for the vulnerability that is identified in Microsoft Security Bulletin MS03-026. http://go.microsoft.com/?linkid=220783.

Install the patch MS03-026 from the Microsoft Download Center:

Windows NT 4 Server & Workstation
http://go.microsoft.com/?linkid=220784

Windows NT 4 Terminal Server Edition
http://go.microsoft.com/?linkid=220785

Windows 2000
http://go.microsoft.com/?linkid=220786
Windows XP (32 bit)
http://go.microsoft.com/?linkid=220787

Windows XP (64 bit)
http://go.microsoft.com/?linkid=220788

Windows 2003 (32 bit)
http://go.microsoft.com/?linkid=220789

Windows 2003 (64 bit)
http://go.microsoft.com/?linkid=220790
As always, please make sure to use the latest antivirus detection from your antivirus vendor to detect new viruses and their variants.

Related Knowledge Base Articles:
http://go.microsoft.com/?linkid=220791

Related Microsoft Security Bulletins:
http://go.microsoft.com/?linkid=220792

Add Comment (1)

OS Install without CD-rom support

Written by Josh Lyon

Monday, 26 March 2007 12:08

Download a Floppy Disk boot creator:

Choose your flavor of bootdisk

Windows 98 Boot Disk

Windows 98 SE Boot Disk

Windows XP Boot Disk

DOS 6.22 Boot Disk

Copy the i386 directory from your installation CD to the hard-drive of the computer you will be installing the Operating System on.
Download and run a boot-disk creator from above. Make sure you have a clean floppy, it will be needed for this.
Reboot the computer with the floppy in it.
Run WINNT once you have accessed the i386 folder. (ie. navigate to C:\i386\ using the "CD" command then run WINNT)
Follow the installation process.

- OR -

Copy the i386 directory to your hard-drive or specify the shared network path as the sourcepath (with the [/s:sourcepath] trigger)
Run the command line utility [command or CMD from the Run line]
Navigate to the location of the i386 folder using the CD command (ie. "C:\> cd c:\i386")
Run the command: WINNT32
Follow the installation process

Add Comment (7)

<< Start < Prev 51 52 53 54 55 56 57 58 59 60 Next > End >>

Page 55 of 66

Translate This Page

About Me

Related Articles

Most Read Articles