| 
|  |
 |
 |
|
|
| |
|
|
| Home
| PLANS |
ACCESS NUMBERS | WEBMAIL |
FAQ'S | SUPPORT | DOWNLOADS
| CONTACT US | About
Us FRAMES | AntiViruses | Firewalls | Bible Study Tools | FREE Bible Studies | Christian Links | Health Links |
| Download AVG Anti-Virus Free Edition | RAV Anti-Virus FREE Scan OnLine | BIBLE Time Line | SUGGESTION BOX |
Comments about The Blaster Worm Detection and Removal :
First if you have older machines don't worry about Windows 95, 98, and Millennium machines as they are not affected.
Click here for download Links for Microsoft Security Patches
The Blaster Worm seems fairly easy to detect in Windows XP machines (with a pop-up graphic that indicates an imminent reboot). In Windows 2000 machines it is much more subtle and may in fact have little or no symptoms. Office and email problems, sluggishness, menu and right button aberrations may indicate either the original Blaster Worm or a new variant (the msblast.exe worm file is no longer the only Trojan to watch out for as other filenames now have appeared).
In any event you should patch ALL of your Windows NT, 2000 and XP computers with their respective MS Security Patch. Start first with your network server machines and get them cleaned up. Then work on your workstations.
Windows 2000 machines
1. Place the Windows 2000 Blaster patch on portable media like a floppy or CDR, or on a network folder. Do the same with the Fixtool file from Symantec.
2. Log off old user and log in as Administrator (this is strongly suggested by F-Secure) .
3. Copy the two files to the Windows Desktop from your portable media or network folder. Run the Microsoft Patch first. There is a slight chance it may refuse to run saying you need a Service Pack upgrade first. If so download and install the Service Pack. Most machines will allow you to run the Patch and it will finish quickly and ask to reboot.
4. After running the MS Patch reboot and hold down the F8 key as it restarts and select Safe Mode with Network Support. (This may take a few minutes to load into Windows Safe Mode and you will first see a screen full of filenames appear and scroll down the screen in a DOS format...don't panic as this is OK).
5. Once you are back in Windows (in Safe Mode), run the Symantec Removal Tool. It may run 10 minutes or more depending on the speed of the computer and number of files on that computer.
6. When it finishes it will tell you whether it has detected and removed any Blaster files.
Now you be protected from Blaster. The next step is optional, but recommended:
7. Reboot the machine back into Normal Mode and run the Windows Update function from the Start Menu (while connected to the Internet). Let it scan for needed Updates. To save time we are removing the first four selections (because each require a separate download, install, and reboot). The remaining selections are left checked and typically are a 30 MB download. Pretty hefty for dialup users, but on the T1 it should take 10 minutes to 50 minutes depending on how fast your download speed averages.
8, We are not blocking the ports in Windows 2000 as recommended in the MS Security suggestions, but it's not a bad idea if you have the time to do it. I prefer Norton Internet Security myself as a software firewall to block those ports from attacks.
Windows XP Blaster Removal:
Basically the same steps as W2K above with a couple of additions.
1. Turn off System Restore prior to applying the XP patch. Windows System Restore might restore the infection afterwards so it must be turned off.
System Restore feature can be disabled using the following steps: (Paraphrased from F-Secure's excellent tutorial at http://www.f-secure.com/v-descs/sfc_dis1.shtml
1. Select Start/My Computer. 2. Click on "View system information". 3. Select the tab "System Restore". 4. Check the "Turn off System Restore on all drives" checkbox and click "Apply" button. 5. The program asks if you want to turn off System Restore. Click "Yes" button. 6. "Drive settings" has now turned to grey. Click "OK" button. 7. Windows XP System Restore feature is now disabled.
The System Restore feature can be enabled again with the same steps. At step 4. you have to uncheck the Turn Off System Restore on All Drives checkbox.
2. Do the same process as for W2K: boot into Admin user, run the Microsoft patch, reboot into Safe Mode, and run the removal tool. After finishing restore the checkmark in System Restore feature.
3. If you have time run the Windows Update for other updates.
4. An optional step after cleaning the machine is to enable the Internet Connection Firewall (found in XP machines). See F-Secure's tutorial on how to enable the Firewall:
http://www.f-secure.com/support/technical/winxp_fw.shtml
You will be able to tell if the computer has already been patched for Blaster by looking in Add/Remove Programs and seeing the entry: Windows Hotfix- KB823980
