RPC/DCOM/mblast.exe thread discussions/notices - Page 3
Page 3 of 9 FirstFirst 12345 ... LastLast
Results 21 to 30 of 89

Thread: RPC/DCOM/mblast.exe thread discussions/notices

  1. #21
    A_Person,

    How are you trying to remove the worm? By running a virus scan on it?

    If so, that wont work as the worm is to new for the virus detection to know how to detect.

    Delete the registry key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Auto Update

    Reboot. OPen up my computer, c: drive, winnt (or windows), system32, look for msblast.exe. Right click on it, uncheck read only, and then press ok. then delete. Currently thats how you get rid of it.

    Hope this helps.

  2. #22
    Banned
    Join Date
    Jul 2003
    Posts
    374
    Grinler, If i have previously disabled Microsoft Auto Update, Am i still exposed
    to this threat? All help appreciated.

    Thanks TidaL.

  3. #23
    Depends how you had auto update set up and when you disabled it. By default auto update downloads the updates for you, but does not apply them for you. THough you can change that in the settings in control panel.

    Just to be sure, goto www.windowsupdate.com and update your machine.

    Grinler

  4. #24
    the thing is i can't delete it, i unchecked read only and i still can't delete it, thers like no way to get rid of it!

  5. #25
    Member
    Join Date
    Jul 2002
    Posts
    39
    Hi!
    Some tip 2 remove & prevent msblast worm...
    * Block tcp port 135 at your firewall.
    * Delete the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "windows auto update"="msblast.exe"
    * Search ANY file with this md5 checksum: 5ae700c1dffb00cef492844a4db6cd69 (6176 Bytes)

    I think that stop the damage, but I recommend reinstall the compromised PC (desconect the network first), install a firewall, patch the PC cross your fingers and pray...
    Or better: save your data and install Linux or xxxBSD...

    I post more info about this worm in http://www.antionline.com/showthread...226#post652127

    See u!!

    PS excuse my english, please...

  6. #26
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  7. #27
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by TidaLphasE23
    Grinler, If i have previously disabled Microsoft Auto Update, Am i still exposed
    to this threat? All help appreciated.

    Thanks TidaL.


    Anyone feel free to correct me if I am wrong, but Windows Update doesn't really have anything to do with this worm - however, I'd advise against disabling Windows Update - ideally you are going to want to stay fully patched with updates as Microsoft releases them, using Windows Update. Microsoft has released a patch for this vulnerability and I would advise you strongly to apply it. The patch is available here: http://support.microsoft.com/?kbid=823980

    The firewall on my network at work is receiving an extremely large amount of incoming traffic destined for port 135, but all traffic is being denied. As mentioned, port 135 should be blocked at your perimeter.

    EDIT: There does appear to be a relation to Windows Update (in a way, I guess) - it seems that machines that are infected by this worm may try to flood the Windows Update site on the 16th of August...
    - Maverick

  8. #28
    Member
    Join Date
    Jul 2002
    Posts
    39
    I'm agree w Maverick811. Windows Update dont have any relation w this worm...

  9. #29
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    I think the best solution would to reinstall the compromised system and make sure all the patches are applied, firewall is installed and configured correctly, anti virus is installed and updated.

    If that is not an option then the following link might be helpful.http://securityresponse.symantec.com...ster.worm.html

    its best to leave the autoupdate function on if u dont have the time to monitor and install updates all the time. u can set it to run automatically and that will save you the hassle butit might patch things that may cause other progams to not work well. so I dont recommend this if ur office uses software that is not the regular ones most people use as it woud be better if u tested the patches before applying them.

  10. #30
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by r8devil
    I think the best solution would to reinstall the compromised system and make sure all the patches are applied, firewall is installed and configured correctly, anti virus is installed and updated.

    I have to agree/disagree here - I don't think that this deserves a full format and reinstall of the system - this thing can be cleaned from what I am reading - I have to say what others have already said, format and reinstall may be overkill..

    I do agree that a compromised system, once clean, must be fully patched, firewall properly configured, and AV up-to-date just as you stated. But let's not get overboard with the format and reinstalls.

    Of course, we should always keep up with patches and such anyway as to try to prevent worms like this, but we all know that always up-to-date, fully patched systems on the Internet is a distant dream...

    Just my thoughts for the evening...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •