Re: Remote Procedure Call
From: CS (nomail_at_hotmail.com)
Date: 02/28/04
- Next message: Tom Pepper Willett: "Re: Microsoft sends viruses?"
- Previous message: Steevo: "Automatic Updates"
- In reply to: anonymous_at_discussions.microsoft.com: "Remote Procedure Call"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Feb 2004 17:20:46 -0600
On Sat, 28 Feb 2004 13:39:24 -0800,
<anonymous@discussions.microsoft.com> wrote:
>Why does this keep coming up & closing down my computer
Because you accessed the internet without using a firewall or an Anti
Virus application. You are now nicely infected with the MS Blaster
Worm\Virus. Read below. Removal instructions are compliments of Mr.
Ken Blake, MS MVP:
The instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back
Before beginning, if you have an always-on internet connection,
it's a good idea to disconnect it.
1. Stop it from running
Press Ctrl-Alt-Delete to bring up the Task Manager, then on the
Processes tab, click msblast.exe and then "End process." Reply
"Yes" to the warning message that comes up.
This stops the worm from running, so your system will not shut
down. However, it doesn't remove it, and if that's all you do, it
will start up again the next time you boot.
2. Remove it from your system
a. Start the registry editor program, regedit, by going to Start
Run, and typing REGEDIT Navigate to
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\Run
by clicking the plus signs next to each of the folders in the
left hand pane. When you get to the last of them, Run, click the
word Run itself.
Find an entry called "Windows Auto Update" on the right side.
Right-click it and delete it.
b. Do a Windows search for msblast, and delete all files found.
The worm is now gone, and won't start again the next time you
boot. But if that's all you do, you can get reinfected just as
you did the first time.
3. Make sure it doesn't come back
a. If you've disconnected your internet connection, reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
That will remove the vulnerability that the worm exploits.
b. Make sure you're running a firewall that prevents worms like
this from getting in. You can enable the built-in Windows XP
firewall, or download and install another one such as the free
version of ZoneAlarm. To enable the built-in firewall, go to
Control Panel, double-click Networking and Internet Connections,
then click Network Connections. Right-click your connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network..."
c. Be sure you are running an anti-virus program, and that you
regularly download the latest updated virus definitions.
- Next message: Tom Pepper Willett: "Re: Microsoft sends viruses?"
- Previous message: Steevo: "Automatic Updates"
- In reply to: anonymous_at_discussions.microsoft.com: "Remote Procedure Call"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
