About W32/Blaster worm

davidsk

About W32/Blaster worm, you can do as the following:\r\n\r\n\r\n>1. Physically disconnect the machine from the network. (remove phone\r\n>cord, cable, dsl, wireless card)\r\n>\r\n>\r\n>2. Kill the \"msblast.exe\" process in the Task Manager.\r\n>\r\n>  2a. CTRL-ALT-DELETE\r\n>  2b. Click \"Task Manager\" button\r\n>  2c. Select \"rocesses\" tab\r\n>  2d. Highlight \"msblast.exe\"\r\n>  2e. Click \"End Process\" button (note that this will bring up a\r\n>Warning dialog box which a user needs to answer \"Yes\"\r\n>\r\n>3. Delete any files named \"msblast.exe\" on the machine.\r\n>\r\n>  3a. Start -> Search -> Find Files or Folders\r\n>  3b. Search for  \"msblast.exe\"\r\n>  3c. For each match:\r\n>      3c1. Right-click, select delete\r\n>\r\n>4a. Disable DCOM on all affected machines\r\n>\r\n>   From\r\n><http://microsoft.com/technet/tre ... lletin/MS03-026.asp>\r\n>\r\n>  4a1. Run Dcomcnfg.exe.\r\n>\r\n>       If you are running Windows XP or Windows Server 2003 perform\r\n>these additional steps:\r\n>\r\n>     * Click on the Component Services node under Console Root.\r\n>     * Open the Computers sub-folder.\r\n>     * For the local computer, right click on My Computer and choose\r\n>roperties.\r\n>     * For a remote computer, right click on the Computers folder and\r\n>choose New then Computer. Enter the computer name. Right click\r\n>       on that computer name and choose Properties.\r\n>\r\n>  4a2. Choose the Default Properties tab.\r\n>\r\n>  4a3. Select (or clear) the Enable Distributed COM on this Computer check box.\r\n>\r\n>  4a4. If you will be setting more properties for the machine, click\r\n>the Apply button to enable (or disable) DCOM. Otherwise, click\r\n>       OK to apply the changes and exit Dcomcnfg.exe.\r\n>\r\n>\r\n>4b. Enable ICF:\r\n>\r\n>  From <http://support.microsoft.com/default.aspx?scid=kb;en-us;283673>\r\n>\r\n>  4b1. In Control Panel, double-click Networking and Internet\r\n>  Connections, and then click Network Connections.\r\n>\r\n>  4b2. Right-click the connection on which you would like to enable\r\n>  ICF, and then click Properties.\r\n>\r\n>  4b3. On the Advanced tab, click the box to select the option to\r\n>  Protect my computer or network.\r\n>\r\n>  4b4. If you want to enable the use of some applications and services\r\n>  through the firewall, you need to enable them by clicking the Settings\r\n>  button, and then selecting the programs, protocols, and services to be\r\n>  enabled for the ICF configuration\r\n>\r\n>5. Reboot the machine and reconnect to the network.\r\n>\r\n>6. Install the patch from Windows Update, or MS03-026.\r\n>\r\n>6a. Using Internet Explorer, go to http://www.windowsupdate.com and\r\n>     follow the instructions there to install any available patches.\r\n>\r\n>7. Read and apply the clean up measures outlined in MS03-026.\r\n>\r\n><http://microsoft.com/technet/tre ... lletin/MS03-026.asp>\r\n>

grassstar

Many computers were harried by it yesterday!\r\nI am tired.\r\n\r\nword 、excel....error!\r\n\r\nKill it!

lpopo

这个漏洞早就有了我觉得应该有半年了，相应的攻击工具也早就出来了，可以远程夺取系统的最高权限！只是大家都不重视！\r\n我预测下一个病毒要利用的是IIS的远程溢出漏洞，呵呵，网站惨！！