[thelist] The New Worm - need some help to clean it

[Tom Dell'Aringa]

--- Michael Pemberton <mpember at phreaker.net> wrote:
> Are you running an NT based OS? (NT / 2K / XP)
> What is the name of the process? (???.exe)

The process is msblast dot ee ex ee. I am runing WinXP Home edition
(sorry I failed to mention that). One thing that I don't know, is it
32 or 64 bit version? There are 2 patches (which are almost
impossible to download with the worm causing massive packet loss). 

> Do you have a copy of ERD Commander from Winternals?  If not, then
> Safe mode Command prompt may be enough.

DOn't have it never heard of it...

> Try locating the file and deleting it.

DOesn't help, re-spawns after reboot. 

I will try the 14 step list just posted. I have also downloaded
ZoneAlarm which is blocking the port 135 etc attacks which is mainly
keeping the PC up at least - so if you get this and you don't have ZA
- do that first and it will at least allow you to work a bit.

If anyone knows - MS site suggest disabling DCOM, what effect might
this have on other services? Anyway I have tried that. The link after
the 14 point list merely leads to that suggestion and the download of
the patch which I think I already have/installed and has NOT cleaned
the machine.

I hope you all don't mind these posts, the suggestions have helped
and hopefully if someone comes across this my work can save them some
time.

Tom

=====
http://www.pixelmech.com/ :: Web Development Services
http://www.DMXzone.com/ :: Premium Content Author / JavaScript / Every Friday!
http://www.maccaws.com/ :: Group Leader
[Making A Commercial Case for Adopting Web Standards]

"That's not art, that's just annoying." -- Squidward