W32/Blaster Information

A recently discovered vulnerability in Windows NT, 2000, XP and 2003 allows remote users to take control of your machine as an administrative user. Microsoft has an advisory issued about this specific vulnerability. If you wish, you can read it here.

Products Affected by Blaster
  • Windows Server 2003
  • Windows XP Professional
  • Windows XP Home
  • Windows 2000 Server
  • Windows 2000 Professional
  • Window NT 4.0

Products Not Affected by Blaster
  • Windows Me (Millennium)
  • Windows 98 SE
  • Windows 98
  • Windows 95

 

How to tell your computer is Infected
Some users whose computers have been infected may not notice the presence of the worm at all, while others who are not infected may experience problems because the worm is attempting to attack their computer. Typical symptoms may include Windows XP and Windows Server 2003 systems rebooting every few minutes without user input, or Windows NT 4.0 and Windows 2000 systems becoming unresponsive.

Shutdown error. - If your computer is infected, you may see this error message.

Steps to Remove the Infection and Patch your System.

  1. Download the Blaster/SoBig/Nachi Removal tool from the King's Sophos Anit-Virus Site. Follow the instructions on the site on how to download the Resolve Tool
  2. Download the Appropriate Patch for your Computer. Select the Patch that was designed for your system. If you are not sure what version of windows you are running, click here.
    RPC/DCOM Patches KB824146
    Version Download
    Windows XP (All)
    Windows 2000 (All)
    Windows NT 4.0 (Workstation)
    Windows NT 4.0 (Server)

  3. Disconnect your Computer from the internet or Network
  4. Run the disinfection Tool to remove any Blaster Infections
  5. After the diinfection tool completes, run the Patch.
  6. After the patch installs your computer will need to be rebooted. Reattach your computer to the network.

    At this point your computer should be clean and protected from further exploits of the RPC vulnerability.

Steps to Take to Prevent Future virus Problems

  1. Install Anti virus Software
    It is important to that you install and keep your anti-virus software up to date. As new viruses come out anti-virus software makers have to release updates to their products so that their software can recognize the new viruses. If your AV software is not up to date then it can not protect you from newer viruses. If you do not have Anti-virus software or your current Anti-Virus software is old you can download Sophos Anti-Virus from the King's College Sophos Anti-Virus Page. Sophos Anti-Virus is available free of charge to current King's College Student's, Faculty and Staff for use on their personal computers.

  2. Keep Windows Up to Date
    Microsoft routinely make corrections to the Windows Operating System to correct security problems and bugs that are discovered in Windows. Windows makes these fixes and patches available free of charge to windows users. The easiest way to install and to check that your Windows version is complete is to visit the Windows Update site on a regular basis. Installing the critical hot fixes, service packs and patches found on the Windows Update site can help in preventing your computer to fall victim to worms and viruses that exploit know security issues. Make visiting Windows Update a routine habit.

    Microsoft Windows Update Site - http://windowsupdate.microsoft.com

  3. Install a Firewall on your Computer
    A firewall is a program that runs on your computer to help prevent people or viruses from getting into your computer. Windows XP has a firewall built into the Operating System.

    Windows XP users: You can use the instructions below to turn on the Internet Connection Firewall (ICF) in Windows XP or refer to KB article 283673 HOW TO: Enable or Disable Internet Connection Firewall in Windows XP.
    .
    1. On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
    2. Click the Network and Internet Connections category.
      (If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
    3. Click Network Connections.
    4. Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the context menu.
    5. On the Advanced tab, under Internet Connection Firewall, select Protect my computer or network, and then click OK.
      The Windows XP firewall is now enabled.


    Windows NT 4.0 and Windows 2000 users: You will need to install a third-party firewall. Most firewall software for home users is available in free or trial versions. Check the following resources for more information on personal firewalls:
    McAfee Security
    Symantec
    ZoneAlarm Pro (Zone Labs)
    Tiny Personal Firewall (Tiny Software)

    Outpost Firewall (Agnitum)
    Kerio Personal Firewall (Kerio Technologies)
    BlackICE PC Protection (Internet Security Systems)

    Windows 2000 Users: Alternatively, you can take steps to block the affected ports so that your computer can be patched. Here are some modified instructions from the TechNet article HOW TO: Configure TCP/IP Filtering in Windows 2000.


    Modified: 12/12/2003 - SMR

Sophos Anti-Virus is provided for King's College Faculty, Staff and Students at no cost.