Blaster Worm

 

   

If you have Blaster, follow these directions to remove it from your computer. Follow the steps carefully and do not skip any steps.

If these steps do not work or apply, you may have Sasser

1.  DISCONNECT the subject computer from any network IMMEDIATELY.

2. If necessary to stop the reboot process:
Windows XP:
Start/Run
Type "shutdown -a" ENTER while the message about shutting down is on the screen.
Windows 2000:
Follow the step Under "Recovery" to prevent LSASS.EXE from crashing:
PSS Security Response Team Alert - Sasser Worm and Variants


3.  Install or enable a firewall IMMEDIATELY, before connecting to the internet.

4.  VERY IMPORTANT to follow ALL steps, closing ports or installing the patch is NOT enough.
Download the patch and regedit referenced in the article below.
You may need to do this at an uninfected computer and burn to CD or save on floppies.
Each file is small enough to fit on a floppy.

5.  Follow this to clean and protect your computer:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

6.  Turn off/on System Restore to ensure the worm is not saved in System Restore:
Start/All Programs/Accessories/System Tools/System Restore.
Click System Restore Settings on left side.
Check "Turn off System Restore", click OK, follow prompts and reboot.
This deletes ALL Restore Points including corruption.
Then go back and turn on system Restore and create a Restore Point.

7.  After this is resolved prevent similar occurrences by installing ALL Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.

What you MUST do to protect your PC and keep things like this from occurring in the future.

What You Should Know About the Blaster Worm and Its Variants
Virus Alert About the Blaster Worm and Its Variants

 

Search this site powered by FreeFind

This site was last updated Monday, 17 September 2007