[thelist] The New Worm - need some help to clean it
Tom Dell'Aringa
pixelmech at yahoo.com
Mon Aug 11 21:09:25 CDT 2003
--- Michael Pemberton <mpember at phreaker.net> wrote:
> Are you running an NT based OS? (NT / 2K / XP)
> What is the name of the process? (???.exe)
The process is msblast dot ee ex ee. I am runing WinXP Home edition
(sorry I failed to mention that). One thing that I don't know, is it
32 or 64 bit version? There are 2 patches (which are almost
impossible to download with the worm causing massive packet loss).
> Do you have a copy of ERD Commander from Winternals? If not, then
> Safe mode Command prompt may be enough.
DOn't have it never heard of it...
> Try locating the file and deleting it.
DOesn't help, re-spawns after reboot.
I will try the 14 step list just posted. I have also downloaded
ZoneAlarm which is blocking the port 135 etc attacks which is mainly
keeping the PC up at least - so if you get this and you don't have ZA
- do that first and it will at least allow you to work a bit.
If anyone knows - MS site suggest disabling DCOM, what effect might
this have on other services? Anyway I have tried that. The link after
the 14 point list merely leads to that suggestion and the download of
the patch which I think I already have/installed and has NOT cleaned
the machine.
I hope you all don't mind these posts, the suggestions have helped
and hopefully if someone comes across this my work can save them some
time.
Tom
=====
http://www.pixelmech.com/ :: Web Development Services
http://www.DMXzone.com/ :: Premium Content Author / JavaScript / Every Friday!
http://www.maccaws.com/ :: Group Leader
[Making A Commercial Case for Adopting Web Standards]
"That's not art, that's just annoying." -- Squidward
More information about the thelist
mailing list