Boshdirect

Remove the Blaster Worm [MSBlast, etc]

Remove the Blaster Worm [MSBlast, Blaster, etc.]

  • Editing the RPC to allow you to connect to the internet
    • Start > Run
    • Type: "services.msc /s" in the open line and click OK
    • On the right hand side find the Remote Procedure Call service [there is a Remote Procedure Call Locator service, do not confuse the two]
    • Right-click the Remote Procedure Call (RPC) service, and then click Properties.
    • Click the Recovery tab.
    • Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
    • Click Apply, and then click OK.
       

      Note: Make sure you change these back after removing the virus.

       

  • For Windows XP
    • If your computer reboots repeatedly, please unplug your network cable from the wall.
    • First, enable Internet Connection Firewall (ICF) in Windows XP: http://go.microsoft.com/?linkid=220772
      • In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
      • Right-click the connection on which you would like to enable ICF, and then click "Properties".
      • On the Advanced tab, click the box to select the option to "Protect my computer or network".
    • Plug the network cable back into the wall to reconnect your computer to the Internet
    • Download the MS03-026 security patch from Microsoft and install it on your computer:

      • Windows XP (32 bit)
      http://go.microsoft.com/?linkid=220773

      Windows XP (64 bit)
      http://go.microsoft.com/?linkid=220774

    • Install or update your antivirus signature software and scan your computer
    • Download and run the worm removal tool from your antivirus vendor.
       
  • For Windows 2000 systems, where Internet Connection Firewall (ICF) is not available, the following steps will help block the affected ports so that the system can be patched. These steps are based on a modified excerpt from the article; HOW TO: Configure TCP/IP Filtering in Windows 2000. http://go.microsoft.com/?linkid=220775
    • Configure TCP/IP security on Windows 2000:
      • Select "Network and Dial-up Connections" in Control Panel.
      • Right-click the interface you use to access the Internet, and then click "Properties".
      • In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
      • In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
      • Click the "Options" tab.
      • Click "TCP/IP filtering", and then click "Properties".
      • Select the "Enable TCP/IP Filtering (All adapters)" check box.
      • There are three columns with the following labels:
        1. TCP Ports
        2. UDP Ports
        3. IP Protocols
      • In each column, you must select the "Permit Only" option.
      • Click OK.
         
    • Download the MS03-026 security patch for Windows 2000 from Microsoft and install it on your computer from: http://go.microsoft.com/?linkid=220776
       
    • Install or update your antivirus signature software and scan your computer
       
    • Then, download and run the worm removal tool from your antivirus vendor.
       
  • Prevention:

Posted

in

by

Josh Lyon

Tags:

, , , , , , , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *