Full Disclosure mailing list archives
Re[2]: PacBell Internet blocked port 135
From: Geysap <pappgeza () tolna net>
Date: Wed, 13 Aug 2003 15:23:01 +0200
Hello full-disclosure Hy, Under Windows system this DCOM worm remove in this time better removal tool is Sophos removal - automatic RESOLVE. The tool, good WinXP. Remove DCOM Worm program Windows program, but this remove Worm not with exe. Download remowal, klikk, this exe. The program make dir, Sophostemp, in primari winchester. In this folder is blastera.dat Blastera.txt PSAPI.DLL readresn.txt readress.txt resolve.com - files. Yuo cheese this run. W32/Blaster-A can be removed from Windows 95/98/Me/NT/2000/XP computers automatically with RESOLVE download the RESOLVE W32/Blaster-A self-extractor and double-click it (the contents will extract to C:\SOPHTEMP) select Start|Run then type cmd (on Windows 95/98/Me type command) to open a command prompt click OK - this is: --->>> http://www.sophos.com/misc/blastsfx.exe to remove the worm non-interactively type C:\SOPHTEMP\RESOLVE.COM -DF=BLASTERA.DAT -NOC and press the Enter key . The above process will remove the infected file from memory, clean the registry and remove the infected file from the system. After removing the worm you should install the patch mentioned above. You can find detailed instructions on running RESOLVE in the notes enclosed in the self-extractor. To remove W32/Blaster-A on other platforms please follow the instructions for removing worms. And remove manualy: To remove W32/Blaster-A manually on Windows 95/98/Me and Windows NT/2000/XP ensure you have installed Microsoft patch MS03-026 and implemented as many of the steps mentioned above as is feasible. press Ctrl+Alt+Del in Windows NT/2000/XP click Task Manager and select the Processes tab look for a process named msblast.exe in the list click the process to highlight it click the 'End Process' (in Windows 95/98/Me 'End Task') button close Task Manager. In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry. At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens. Before you edit the registry, you should make a backup. If in doubt, contact your network administrator. Incorrect editing of the Windows Registry can cause system failure. Locate the HKEY_LOCAL_MACHINE entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run in the righthand pane select windows auto update = msblast.exe and delete it if it exists. Close the registry editor. You should reboot your computer and repeat the above process to ensure all traces of the worm have been removed from your system. The remove is 100%. -- Üdvözlettel, Geysap mailto:pappgeza () tolna net www.gyik.com ============================================================================ Fiat justitia, pereat mundus! Ezt a levelet a Sophos Anti-Virus(c) Version 3.72 (c) 1989,2002 Sophos Plc, www.sophos.com Magyar kepviselet: www.swoffice.org/tmsi/sophos/frame_sophos.html Engine Version: 2.13 ellenorizte. This E-mail is checked with Sophos Anti-Virus(c) & DrWeb plug-in (c) This system protects firewall Keiro (c) ============================================================================ -- Üdvözlettel, Geysap mailto:pappgeza () tolna net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- PacBell Internet blocked port 135 Jim Race (Aug 12)
- Re: PacBell Internet blocked port 135 SecuresDotComs (Aug 12)
- Re[2]: PacBell Internet blocked port 135 Geysap (Aug 13)
- Re: PacBell Internet blocked port 135 SecuresDotComs (Aug 12)