I had it on four of my computers here. I do not know how it came in yet. I went to the symantec website. They have a removal tool for it. Really easy to remove.
Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dennis Fleming Sent: Tuesday, August 12, 2003 10:42 AM To: RBASE-L Mailing List Subject: [RBASE-L] - Re: New Worm What was the probable source of this worm? (i.e., why didn't my ISP pick it up?) What a pain! I would love to be in a locked room with all the worms who write worms and viruses for just a day. Thanks for the heads-up, Dennis At 11:00 PM 8/11/2003 -0400, you wrote: >Buddy, >It's called W32.Blaster.worm >The symptom is, it will perform a shutdown as soon as you boot up, it >generously gives you a minute to close any open processes. >You have to reboot in safe mode with networking to do the following. > >I got it. Now it's gone, took me several hours. > >If using NAV goto www.sarc.com for instructions >Basically do regedit, find msblast.exe and delete it. >In XP Pro run task mgr and if cmd.exe is running, highlight it and click >end process > >Before doing all this you should set system restore off, so what U R doing >doesn't get registered in case you have to roll back. >Then go to http://securityresponse.symantec.com/avcenter/defs.download.html >This will download the urgent visrus defs. The live update is only updated >each Wednesday, this site has the downloads for virus's found immediately. > >Good Luck >----- Original Message ----- >From: "Walker, Buddy" <[EMAIL PROTECTED]> >To: "RBASE-L Mailing List" <[EMAIL PROTECTED]> >Sent: Monday, August 11, 2003 7:12 PM >Subject: [RBASE-L] - New Worm > > > > >You may want to take a look at this URL: >http://isc.sans.org/diary.html?date=2003-08-11 > >It's a new RPC worm that is going around. If one of your client machines >has it, it may be spread it to the server. > >Buddy > > > Dennis Fleming IISCO http://www.TheBestCMMS.com Phone: 570 775-7593 Fax: 570 775-9797
