Not logged in [
Login
-
Register
]
You Are Not Registered Or Not Logged In
Corsa Sport
»
Message Board
»
Off Day
»
Geek Day
»
Computer bods
» Post Reply
Post Reply
Who Can Post?
All users can post new topics and all users can reply.
Icon:
Formatting Mode:
Normal
Advanced
Help
Andale Mono
Arial
Arial Black
Book Antiqua
Century Gothic
Comic Sans MS
Courier New
Georgia
Impact
Tahoma
Times New Roman
Trebuchet MS
Script MT Bold
Stencil
Verdana
Lucida Console
-2
-1
1
2
3
4
5
6
White
Black
Red
Yellow
Pink
Green
Orange
Purple
Blue
Beige
Brown
Teal
Navy
Maroon
LimeGreen
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
[quote][i]Originally posted by Skinz[/i] W32/Blaster-A disinfection instructions and FAQ At the time of writing, W32/Blaster-A (also known as: W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A) is spreading in the wild. W32/Blaster-A is a worm that scans networks looking for computers vulnerable to Microsoft's DCOM RPC security exploit. On finding a suitable victim the worm causes the remote machine to acquire a copy of the worm using TFTP, which is saved as msblast.exe in the Windows system folder. 1. How do I prevent W32/Blaster-A spreading on my network? 2. How do I remove W32/Blaster-A automatically? 3. How do I remove W32/Blaster-A manually? 4. Which systems are affected? 5. How did my computer become infected? 6. Background technical information 7. Where should I put the W32/Blaster-A virus identity (IDE) file? 8. My computer is continuously rebooting, how can I download RESOLVE? 1. How do I prevent W32/Blaster-A spreading on my network? Network administrators are strongly advised to perform the following operations to limit the impact of the worm Download and deploy Microsoft patch MS03-026 W32/Blaster-A exploits a vulnerability that can be patched. To read more about the vulnerability and download the patch for deployment, go here. On standalone computers, update with all relevant security patches from Windows update. Administrators are advised to deploy the patch to internet enabled workstations and internal company networks, paying particular attention to proxy/gateway computers. Rename tftp.exe The worm utilises tftp.exe, a Windows native program. If tftp.exe exists on your network, and you have no business need for it, rename it (e.g. to tftp-exe.old). You should not delete it as future legitimate software may require it. Block traffic to certain ports on your firewall Administrators should block incoming traffic on the following ports: tcp/69 (used by the TFTP process) tcp/135 (used by RPC remote access) tcp/4444 (used by this worm to connect) This should primarily be implemented on your internet firewall. Where appropriate, you should also block access to these ports to prevent access from potentially infected non-trusted networks. 2. How do I remove W32/Blaster-A automatically? W32/Blaster-A can be removed from Windows 95/98/Me/NT/2000/XP computers automatically with RESOLVE download the RESOLVE W32/Blaster-A self-extractor and double-click it (the contents will extract to C:\SOPHTEMP) select Start|Run then type cmd (on Windows 95/98/Me type command) to open a command prompt click OK to remove the worm non-interactively type C:\SOPHTEMP\RESOLVE.COM -DF=BLASTERA.DAT -NOC and press the Enter key . The above process will remove the infected file from memory, clean the registry and remove the infected file from the system. After removing the worm you should install the patch mentioned above. You can find detailed instructions on running RESOLVE in the notes enclosed in the self-extractor. To remove W32/Blaster-A on other platforms please follow the instructions for removing worms. [/quote]
Post Options:
Disable smileys?
Turn BBCode off?
Receive email notification of new replies?
This is a long topic, click
here
to review it.