The CERT Coordination Center has issued Steps for computer users to take if their computer has been been infected by the W32/Blaster worm.
1. Physically disconnect the machine from the network. (remove phone cord, cable, dsl, wireless card)
2. Kill the "msblast.exe" process in the Task Manager.
2a. CTRL-ALT-DELETE
2b. Click "Task Manager" button
2c. Select "Processes" tab
2d. Highlight "msblast.exe"
2e. Click "End Process" button (note that this will bring up a Warning dialog box which a user needs to answer "Yes")
3. Delete any files named "msblast.exe" on the machine.
3a. Start -> Search -> Find Files or Folders
3b. Search for "msblast.exe"
3c. For each match:
3c1. Right-click, select delete
4a. Disable DCOM on all affected machines
From
<http://microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS03-026.asp>
4a1. Run Dcomcnfg.exe.
If you are running Windows XP or Windows Server 2003 perform these additional steps:
* Click on the Component Services node under Console Root.
* Open the Computers sub-folder.
* For the local computer, right click on My Computer and choose Properties.
* For a remote computer, right click on the Computers folder and choose New then Computer. Enter the computer name. Right click on that computer name and choose Properties.
4a2. Choose the Default Properties tab.
4a3. Select (or clear) the Enable Distributed COM on this Computer check box.
4a4. If you will be setting more properties for the machine, click the Apply button to enable (or disable) DCOM. Otherwise, click OK to apply the changes and exit Dcomcnfg.exe.
4b. Enable ICF:
From <http://support.microsoft.com/default.aspx?scid=kb;en-us;283673>
4b1. In Control Panel, double-click Networking and Internet
Connections, and then click Network Connections.
4b2. Right-click the connection on which you would like to enable
ICF, and then click Properties.
4b3. On the Advanced tab, click the box to select the option to
Protect my computer or network.
4b4. If you want to enable the use of some applications and services through the firewall, you need to enable them by clicking the Settings button, and then selecting the programs, protocols, and services to be enabled for the ICF configuration
5. Reboot the machine and reconnect to the network.
6. Install the patch from Windows Update, or MS03-026.
6a. Using Internet Explorer, go to http://www.windowsupdate.com and
follow the instructions there to install any available patches.
7. Read and apply the clean up measures outlined in MS03-026.
<http://microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS03-026.asp>
1. Physically disconnect the machine from the network. (remove phone cord, cable, dsl, wireless card)
2. Kill the "msblast.exe" process in the Task Manager.
2a. CTRL-ALT-DELETE
2b. Click "Task Manager" button
2c. Select "Processes" tab
2d. Highlight "msblast.exe"
2e. Click "End Process" button (note that this will bring up a Warning dialog box which a user needs to answer "Yes")
3. Delete any files named "msblast.exe" on the machine.
3a. Start -> Search -> Find Files or Folders
3b. Search for "msblast.exe"
3c. For each match:
3c1. Right-click, select delete
4a. Disable DCOM on all affected machines
From
<http://microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS03-026.asp>
4a1. Run Dcomcnfg.exe.
If you are running Windows XP or Windows Server 2003 perform these additional steps:
* Click on the Component Services node under Console Root.
* Open the Computers sub-folder.
* For the local computer, right click on My Computer and choose Properties.
* For a remote computer, right click on the Computers folder and choose New then Computer. Enter the computer name. Right click on that computer name and choose Properties.
4a2. Choose the Default Properties tab.
4a3. Select (or clear) the Enable Distributed COM on this Computer check box.
4a4. If you will be setting more properties for the machine, click the Apply button to enable (or disable) DCOM. Otherwise, click OK to apply the changes and exit Dcomcnfg.exe.
4b. Enable ICF:
From <http://support.microsoft.com/default.aspx?scid=kb;en-us;283673>
4b1. In Control Panel, double-click Networking and Internet
Connections, and then click Network Connections.
4b2. Right-click the connection on which you would like to enable
ICF, and then click Properties.
4b3. On the Advanced tab, click the box to select the option to
Protect my computer or network.
4b4. If you want to enable the use of some applications and services through the firewall, you need to enable them by clicking the Settings button, and then selecting the programs, protocols, and services to be enabled for the ICF configuration
5. Reboot the machine and reconnect to the network.
6. Install the patch from Windows Update, or MS03-026.
6a. Using Internet Explorer, go to http://www.windowsupdate.com and
follow the instructions there to install any available patches.
7. Read and apply the clean up measures outlined in MS03-026.
<http://microsoft.com/technet/treeview/default.asp?url=/technet/
security/bulletin/MS03-026.asp>
