Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Purging Blaster.worm

From: Rory <nazgul () csn ul ie>
Date: Wed, 13 Aug 2003 22:28:09 +0100 (IST)
Should you not apply the patch first and then go about the task of
removing the worm. The point being that the time between you removing the
worm and you patching means that the host can get infected again. There
are automatic removal tools aswell as you may have missed a step in the
removal process.

removel tool:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


cheers,
Rory

On Wed, 13 Aug 2003, Preston, Tony wrote:


 I manually got rid of it on my work PC with the following steps:

1) kill msblast.exe process
2) delete msblast.exe from windows/system32
3) delete msblast.exe*.pf from windows/prefetch
4) delete all registry keys with msblast in them
5) The patch from Microsoft was applied, but the next
day I was re-infected after doing steps 1, 2, and 4.
I repeated these steps today after adding #3 and it is
not back (althought my firewall blocks port 135 hits
trying to re-infect).

-----Original Message-----
From: Jose Guevarra
To: security-basics () securityfocus com
Sent: 8/12/2003 8:06 PM
Subject: Purging Blaster.worm

Hi,

 Has anyone successfully purged the MSBlaster worm. There is a tool out
there that can do it but is it reliable?

thanx,

============


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: