If you are using MS Windows, please use Windows update as soon as possible and at least apply the Security Patches (IE and Service Pack upgrades take a while and can be deferred)

The worm going around today is called MSBLAST – it affects Windows 2000 and XP (maybe also NT)

If you search your hard drive and find the “msblast.exe” file, please do the following:

Unplug from network

Start --> Run --> MSCONFIG and disable msblast.exe

Open task manager and end the msblast process

Delete “msblast.exe” from the folder where you found it

More-detailed info and removal instructions can be found at the major antivirus websites, e.g. McAfee or Symantec

EDIT: here are some links to more info:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Hope this helps,

Kevin

My brother just had this also.

As it is so new, there is very little info on the web.

In addition to the above, you may want to remove the registry entry for msblast (do Run>Regedit) and it can be found in:

hkey_local_machine>
software>
microsoft>
windows>
currentversion>
run>

I’m no expert, but this seemed to cause an auto-startup command even after the program had been removed - at least it caused Zone alarm to ask if MSblast could access the net.

The usual disclaimer: this info provided as is, no liability taken and edit the registry at your own risk

good to know about that registry key --thanks, BC

it sounds like it tries to auto-update itself – “a new version of msblast is available” – that could be bad …

Thanks a lot,i had much trouble the last 30 minutes because of the worm.
thanks for your post,it helped a lot!!!

it’s weird , I seem to be invulnerable to the new exploit and the only reason I can think off is never having installed a service pack.

(Never dared to install one , I did it once on a windows 2000 computer and he was totally messed up.)

Fellow ZBs,

For what it’s worth, Steve Gibson over at Gibson Research Corporation provides a quick check of your Port 135 (he says this is the port exploited by the DCOM/RPC viruses) and a few paragraphs on the threat (worthwhile reading).

Specifically, in part he says on his website:

Our ShieldsUP Port Probe test will quickly confirm that your port 135 is blocked from remote access and possible exploitation.

We will soon have a new tool and tests to properly and fully address this new threat — Microsoft has not. Until then you are invited to send the following link to your friends and colleagues to have them use our free service to quickly check that their port 135 is NOT OPEN to the world’s malicious hackers:

http://grc.com/x/portprobe=135

This link will instantly and easily test anyone’s Internet-connected PC. “Open” is BAD, “Closed” or “Stealth” is safe.

I always run the Zone Alarm Pro firewall software when I’m on line. This seems to provide protection for port 135 and when I ran Steve’s test I got a “Stealth” rating result.

Gibson’s Website combines excellent, up-to-date news on viruses while he also plugs his company’s software packages - SpinRite and others, (none I ever used).

He also writes an InfoWorld column called TechTalk where he discusses Windows problems and related topics.

Sven

yihaa , passed them all

Hi,

This sure seems to beg for a LINUX port of Zbrush…

Pixologic??? How about it?

T.