OT: Fixing George's msblast worm infected laptop
Peter Serwe
peter@easytree.net
Wed, 13 Aug 2003 20:45:52 -0500
Eric Waterman wrote:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS03-026.asp
Eric is right, that is the link to the patch to fix
the security vulnerability that allows the worm
to propagate, but if you actually have it on your
system, the patch from MS won't remove it.
Excerpted from http://vil.nai.com/vil/content/v_100547.htm
Manual Removal Instructions
To remove this virus "by hand", follow these steps:
1. Apply the MS03-026 patch
2. Terminate the process msblast.exe
3. Delete the msblast.exe file from your WINDOWS SYSTEM32 directory
(typically c:\windows\system32 or c:\winnt\system32)
4. Edit the registry
Delete the "windows auto update" value from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
It's not that difficult, just takes a minute or two.
--
Peter Serwe <peter@easytree.net>
Cheaper, Faster, Better, pick any two.
finger peter@easytree.net for public pgp key