OT: Fixing George's msblast worm infected laptop

Peter Serwe peter@easytree.net
Wed, 13 Aug 2003 20:45:52 -0500


Eric Waterman wrote:

> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS03-026.asp

Eric is right, that is the link to the patch to fix
the security vulnerability that allows the worm
to propagate, but if you actually have it on your
system, the patch from MS won't remove it.

Excerpted from http://vil.nai.com/vil/content/v_100547.htm

Manual Removal Instructions

To remove this virus "by hand", follow these steps:

1.  Apply the MS03-026 patch

2.  Terminate the process msblast.exe

3.  Delete the msblast.exe file from your WINDOWS SYSTEM32 directory
     (typically c:\windows\system32 or c:\winnt\system32)

4.  Edit the registry
     Delete the "windows auto update" value from
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
     Windows\CurrentVersion\Run

It's not that difficult, just takes a minute or two.

--
Peter Serwe <peter@easytree.net>
Cheaper, Faster, Better, pick any two.
finger peter@easytree.net for public pgp key