Windows DCOM RPC Vulnerability Exploit Proliferating

by ***Starz*** » Tue Aug 12, 2003 6:11 am

Thanks Weaver...printing out your instructions...just because... :thumbs:

by **Mac33** » Tue Aug 12, 2003 9:40 am

Thanks Weaver for coming back to us on this one. Greatly appreciated, and i hope everything is now back in order at your workplace.
all the best :yesnod:

by **Empath** » Tue Aug 12, 2003 1:08 pm

I tried to update using Windowsupdate, but for some strange reason it keeps looping back to the 'update now' screen.
I tried to use the security patch, but the program wouldn't let me install it, saying something about vertifying the integrity of the Update.inf file....
I tried using that worm remover from Symatec, scanned the computer, says no worms detected, turn off firewall, restart warning pops up again.

Ack... does that mean I have to leave the firewall on forever?

(Note, I've deleted the registry file and the msblast.exe... does it keep reinfecting systems everytime I go onto the internet?)

by **BitTorrent** » Tue Aug 12, 2003 1:08 pm

Myself and two friends all got hit with this worm last night. i downloaded the tool from Symantec to clean it.. the tool also automatically redirected me to M$'s site to download the critical patch, and all is fine now! here is the link to download the tool from symantec:

http://securityresponse.symantec.com/av ... .tool.html

W32.Blaster.Worm Removal Tool
Discovered on: August 11, 2003
Last Updated on: August 11, 2003 08:01:58 PM PDT

Symantec Security Response has developed a removal tool to clean the W32.Blaster.Worm infections.

What the tool does

The W32.Blaster.Worm Removal Tool does the following:

Terminates the W32.Blaster.Worm viral processes.
Deletes the W32.Blaster.Worm files.
Deletes the dropped files.
Deletes the registry values that the worm added.

by ***Starz*** » Tue Aug 12, 2003 3:55 pm

This one seems to be getting around...thanks for the information Bit Torrent... :thumbs:

by **Weaver** » Tue Aug 12, 2003 4:19 pm

does it keep reinfecting systems everytime I go onto the internet?

Not to sound like a smartass, but yes, that is what worms are designed to do. If you use the Symantec tool without patching the Windows vulnerability then yes you can and probably will get infected again. Updating virus definitions will also help.

-Weaver

by **SCJwl** » Tue Aug 12, 2003 5:14 pm

I had this mother yesterday. I know it did. Sucker kept on rebooting and shutting down anything I was doing. And then telling me it was going to reboot in 60 seconds. I was so irritated. I couldn't even stay online after I posted a PM to Johnny so I trashed the OS and started fresh. What a pain.

by **Weaver** » Tue Aug 12, 2003 6:44 pm

so I trashed the OS and started fresh

That's one way to handle it.

-Weaver

by **SCgone** » Wed Aug 13, 2003 2:16 am

Weaver wrote:
so I trashed the OS and started fresh

That's one way to handle it.

-Weaver

She tends to do that a lot.

by **Empath** » Wed Aug 13, 2003 7:31 am

Weaver wrote:
Not to sound like a smartass, but yes, that is what worms are designed to do. If you use the Symantec tool without patching the Windows vulnerability then yes you can and probably will get infected again. Updating virus definitions will also help.

-Weaver

Ack... I can't download the patch from the Windows Update website for some strange reason... the 'Update Now' page keeps looping and looping whenever I press the button. Are there any alternative sites to the patch?

Technology, Support, and News Forum

Windows DCOM RPC Vulnerability Exploit Proliferating

Who is online