Preventing MS Blast Virus from re-infecting Xp and Windows Pro. 2000

Discussion in 'Computer Support' started by Bun Mui, Aug 23, 2003.

  1. Bun Mui

    Bun Mui Guest

    I need to prevent MS Blast Virus from re-infecting Xp and Windows Pro.
    2000
    computers.

    I followed-

    http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.worm.removal.tool.html

    I used the fix file, have used Norton Anti-virus software and used the
    patch they reccomended for them, but they don't work in preventing
    re-infection with MS Blast worm.

    And BTW could the worm affect the operating of http://www.gotomypc.com
    I never get a succesful connection these days.

    I am using Go To My PC on MTS Dsl as host computer.
    I use Win. pro 2000 here.

    I use MTS dialup as remote computer.
    I use Win. 98 here.
    I think there something that is preventing a successful connection
    these days?

    Use to work a couple of weeks ago no problems.



    What advice could you give to me?

    Thanks.


    Bun Mui
     
    Bun Mui, Aug 23, 2003
    #1
    1. Advertisements

  2. Bun Mui

    °Mike° Guest

    <Canned response>

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for any entry/ies that include
    MSBLAST.EXE, PENIS32.EXE or TEEKIDS.EXE and
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,
    msblast.exe-0235D8H6.pf, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826955

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
     
    °Mike°, Aug 23, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.