 |
|
|
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security Alert: Blaster Worm
(W32.Blaster.Worm)
IMPORTANT NEWS FOR WINDOWS 2000 and XP USERS! -------------------- SECURITY ALERT -------------------- Dear Valued Customer: An Internet worm targeting Microsoft Windows users began spreading rapidly around the world on Monday, August 11, triggering computer crashes and slowing Web connections. The worm, dubbed "Blaster" but also known as LoveSan or MSBlaster, zeroes in on Windows 2000 or Windows XP operating software. Blaster is fairly unusual in that it does not spread specifically via e-mail, as it can travel through a normal Internet connection. In short, Blaster takes advantage of a security hole in Windows 2000 and XP systems, which was announced by Microsoft in July. One symptom many users have experienced is a pop up message stating, "NT authority system...RPC...remote procedure call...system will shut down..." If you receive this pop up message, your system has been affected. If you are using Windows 2000 or XP, please visit the Microsoft web site immediately at http://www.microsoft.com/security/incident/blast.asp. This will give you specific information about this security hole and ways to address it. Below, we have also provided detailed instructions to resolve this issue. If you are unable to resolve this issue on your own, please contact your local computer repair center. Please understand this security issue was not caused by our Internet service, rather it is a result of the Microsoft security flaw. Be assured that we have taken necessary steps to ensure that our networks are now secure. Our equipment is continually updated and the appropriate security patch was installed in advance of this attack. This latest Internet attack serves as a vivid reminder to each of us to ensure that we are keeping our systems secure by running Windows Updates, updating our virus definitions and performing regular virus scans. If there is anything further we can do for you, please do not hesitate to contact us. 267-1822. Thank you for your business! Eric Shippam
General Manager
========================================= IDENTIFYING AND REMOVING W32.BLASTER.WORM 1) Basic Remove Instructions First off, This Worm only affects Windows NT 4, Windows 2000 Professional and Server, Windows XP Home and Pro, and Windows Server 2003. It does not affect Windows 3.1, 95, 98 or ME. Make sure you are logged into the computer with an account with Administrative Rights. On Windows XP machines, the primary user account usually has these rights. First, right click on your task bar, and select "Task Manager" Next, click on the "Processes" tab. If you have Windows XP or Windows 2003 Server, make sure the checkmark at the bottom labeled "Show Processes from all users" is checkmarked. Next, look for a process called "msblast" or "msblast.exe". If you see this, right click on this process, and select "End Process". Windows will give you a warning about terminating the process. Just click yes. If you do not see this item, skip to the next section. Next you must delete the infected file that may be causing your problem. Browse to your C Drive, then your WINDOWS directory if Windows XP, or your WINNT Directory if Windows 2000. Find the "system32" directory. In this directory, look for a file called "msblast" or "msblast.exe". DO NOT DOUBLE CLICK OR OTHERWISE RUN THIS FILE. Simply right click on the file and select "Delete". 2) Securing Your System Next, go to this site and follow the instructions given to get the proper patch for your computer. http://www.microsoft.com/security/security_bulletins/ms03-026.asp This set of instructions should help you secure your computer against this threat. |