Er is een nieuwe zeer gevaarlijke worm die gebruik maakt van een lek in windows (DCOM RPC zoals beschreven in artikel: MS03-026).
Symantec raad aan om poort 4444, 135 en 69 te sluiten.
De bestandsnaam van de worm heet: msblast.exe.
Zodra je besmet bent is het bovendien niet meer mogelijk om op www.windowsupdate.com te komen.
als je besmet ben zal je cpu ± om de minuut uitvallen en herstarten, dus je hebt weinig tijd om het op te lossen met downloaden,
Voor meer informatie lees:
http://www.sarc.com/avcenter/venc/d...aster.worm.html
De virus definities ertegen komen morgen via automatische liveupdate.
Je kunt hem verwijderen via:
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
let op, er is een wereldwijde attack met dit virus gepland dus deze zal regelmatig terugkeren.
housecall en Norton vonden hem nog niet afgelopen nacht en wordt binnengesluisd via een fout in Xp door je firewall door,
pas deze morgen rond 10.00 u. herkende de updates het 4us
Obtaining and running the tool
NOTE: You need administrative rights to run this tool on Windows 2000, or Windows XP.
Download the FixBlast.exe file from:
http://securityresponse.symantec.com/avcenter/FixBlast.exe
Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible).
To check the authenticity of the digital signature, refer to the section, "Digital signature."
Close all the running programs before running the tool.
If you are running Windows XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details.
CAUTION: If you are running Windows XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.
Double-click the FixBlast.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
NOTE: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and wait 30 seconds. Restart the computer in Safe mode and run the tool again. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions, read the document "How to start the computer in Safe Mode."
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.
When the tool has finished running, you will see a message indicating whether W32.Blaster.Worm infected the computer. In the case of a worm removal, the program displays the following results:
Symantec raad aan om poort 4444, 135 en 69 te sluiten.
De bestandsnaam van de worm heet: msblast.exe.
Zodra je besmet bent is het bovendien niet meer mogelijk om op www.windowsupdate.com te komen.
als je besmet ben zal je cpu ± om de minuut uitvallen en herstarten, dus je hebt weinig tijd om het op te lossen met downloaden,
Voor meer informatie lees:
http://www.sarc.com/avcenter/venc/d...aster.worm.html
De virus definities ertegen komen morgen via automatische liveupdate.
Je kunt hem verwijderen via:
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
let op, er is een wereldwijde attack met dit virus gepland dus deze zal regelmatig terugkeren.
housecall en Norton vonden hem nog niet afgelopen nacht en wordt binnengesluisd via een fout in Xp door je firewall door,
pas deze morgen rond 10.00 u. herkende de updates het 4us
Obtaining and running the tool
NOTE: You need administrative rights to run this tool on Windows 2000, or Windows XP.
Download the FixBlast.exe file from:
http://securityresponse.symantec.com/avcenter/FixBlast.exe
Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible).
To check the authenticity of the digital signature, refer to the section, "Digital signature."
Close all the running programs before running the tool.
If you are running Windows XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details.
CAUTION: If you are running Windows XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.
Double-click the FixBlast.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
NOTE: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and wait 30 seconds. Restart the computer in Safe mode and run the tool again. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions, read the document "How to start the computer in Safe Mode."
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.
When the tool has finished running, you will see a message indicating whether W32.Blaster.Worm infected the computer. In the case of a worm removal, the program displays the following results:
