Step 1. Patch Your System with the appropriate MS03-026 Patch (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp)

Step 2. After Installation of the Patch, Reboot your system.

Step 3. run "FIXBLAST".exe to remove the MSBLAST.exe file, terminate the process and remove added registry keys by the worm.

Step 4. Reboot your pc one last time.

:arrow: W32.Blaster.Worm Removal Tool (http://securityresponse.symantec.com/avcenter/FixBlast.exe)

:arrow: Source (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html)

Thanks BB... Removal tool says computer is clean and patch is installed..

:D

Good to know you won't be hit by this worm. I know it felt good having a little assurance that it won't happen to me.
:D

I got hit with this one on Sunday :(

Haven't had a chance to patch and clean yet....

Interesting behavior:
Sygate reported tft.exe trying to access a port for tiny file transfer protocol. Of course I said no to this and kept browsing the web. About a minute later, I received a message that there was a problem with my RPC locator service and that the pc will shut down in 1 minute.

If I disabled internet access, the RPC error did not re-occur.

Once I updated the virus definations, Norton actually started picking it up but would not remove it.

I'll be running the removal tool later today.

Thanks for the post Big Booger.

I'm all clean. I always cover my Jimmy.:D Always practice safe sex on the net.

Originally posted by phishhead
I'm all clean. I always cover my Jimmy.:D Always practice safe sex on the net.

And in real life kiddies ;) :p

Originally posted by SupaStar
And in real life kiddies ;) :p

Phishy doesn't need to cover his Jimmy any longer to avoid kids.:p

Originally posted by Conan
Phishy doesn't need to cover his Jimmy any longer to avoid kids.:p

hey conan thats hitting below the belt.:p

Alert the authorities, there has been a thread hijack.
:D

http://www.britishpictures.com/photos/pics/gideon.jpg

Nice Big, Nice;)

All clean here till the next one.Thanks for the quick references BB.

Originally posted by zipp51
All clean here till the next one.
So true :rolleyes:

I wonder if running a Linux gateway, would this worm wiggle through?

Just a thought.

No wiggling worms in Phishead's jimmy.

I just got this from my ISP....

IMPORTANT: Immediate action required to safeguard your computer from Phase Two of the MSBlast.exe virus

Dear Comcast Customer,

Have you taken the necessary steps to help ensure that your computer is clean and protected from the second phase of the MSBlast.exe virus or LovSan Web Worm? If not, we recommend that you immediately follow our suggested steps below.

The MSBlast.exe virus or LovSan Web Worm may enter your computer through a vulnerability in your computer's Microsoft Windows®-based operating system. According to current reports, this virus or worm is designed to cause computers to launch an electronic attack against Microsoft's Windows® help web site on August 16, 2003.

Here we go again.....

Hey that is great of comcast. Will help stop the spread of this worm I think. I think ISPs should be proactive like this.

Whats up guys,

I just thought I'd drop the word that there's a trojan out there being refered to as "Graybird" that pretends to be from microsoft with the subject line "Update". It instructs the user to follow the link to protect themselves from the blaster worm...

"Subject line: updated
Message text: Dear customer:
At 11:34 A.M. Pacific Time on August 13, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Download the attached update program. To begin the download process, do one of the following:

To download the attached program to your computer for installation at a later time, click Save or Save this program to disk.then run it. If you have any problem, connect to us immediately."


It tries to pass it's self off as your systems spoolsv.exe. More info at the link below:

http://www.sophos.com/virusinfo/analyses/trojgraybirda.html

One thing to remember is that Microsoft never sends emails to customers advising them to follow a link to an update.

Peace out,

Hex

Originally posted by Hex
One thing to remember is that Microsoft never sends emails to customers advising them to follow a link to an update.

Peace out,

Hex

Well a couple of us here are subscribed to Microsoft Security Updates. Microsoft sends us an e-mail whenever new patches are available so they do tell us to follow a link but it is normally within Microsoft's site.

Good point Conan. I didn't think of that.

Hex

Update,
I got the Patch to install on Longhorn 4008. :D

Worked like a charm, I only had to use compatibility mode to get it to work.

I have no idea what I was gonna say.. sorry.:D

Originally posted by Big Booger
BUt not it is patched against this worm.

Huh?:confused:

don't ask conan.
:msntongue:

So did it work or not? Are you protected?

yes it worked. It installed fine. I don't have the worm, so all seems well.