Security Alert:
Blaster Worm (W32.Blaster.Worm)
IMPORTANT NEWS FOR WINDOWS 2000 and XP USERS!
--------------------
SECURITY ALERT!!!!!!
--------------------
Dear Valued Customer:
An Internet worm targeting Microsoft Windows users began spreading rapidly
around the world on Monday, August 11, triggering computer crashes and slowing
Web connections. The worm, dubbed "Blaster" but also known as LoveSan
or MSBlaster, zeroes in on Windows 2000 or Windows XP operating software.
Blaster is fairly unusual in that it does not spread specifically via e-mail, as
it can travel through a normal Internet connection. In short, Blaster takes
advantage of a security hole in Windows 2000 and XP systems, which was announced
by Microsoft in July.
One symptom many users have experienced is a pop up message stating, "NT
authority system...RPC...remote procedure call...system will shut down..."
If you receive this pop up message, your system has been affected.
If you are using Windows 2000 or XP, please visit the Microsoft web site
immediately at http://www.microsoft.com/security/incident/blast.asp.
This will give you specific information about this security hole and ways to
address it.
Below, we have also provided detailed instructions to resolve this issue. If you
are unable to resolve this issue on your own, please contact your local computer
repair center.
Please understand this security issue was not caused by our Internet service,
rather it is a result of the Microsoft security flaw. Be assured that we have
taken necessary steps to ensure that our networks are now secure. Our equipment
is continually updated and the appropriate security patch was installed in
advance of this attack.
This latest Internet attack serves as a vivid reminder to each of us to ensure
that we are keeping our systems secure by running Windows Updates, updating our
virus definitions and performing regular virus scans.
If there is anything further we can do for you, please do not hesitate to
contact us.
Thank you for your business!
General Manager
Camron Hosting
=========================================
IDENTIFYING AND REMOVING W32.BLASTER.WORM
1) Basic Remove Instructions
First of All, This Worm only affects Windows NT 4, Windows 2000 Professional and
Server, Windows XP Home and Pro, and Windows Server 2003. It does not affect
Windows 3.1, 95, 98 or ME.
Make sure you are logged into the computer with an account with Administrative
Rights. On Windows XP machines, the primary user account usually has these
rights.
First, right click on your task bar, and select "Task Manager"
Next, click on the "Processes" tab.
If you have Windows XP or Windows 2003 Server, make sure the checkmark at the
bottom labeled "Show Processes from all users" is check marked.
Next, look for a process called "msblast" or "msblast.exe".
If you see this, right click on this process, and select "End
Process".
Windows will give you a warning about terminating the process. Just click yes.
If you do not see this item, skip to the next section.
Next you must delete the infected file that may be causing your problem. Browse
to your C Drive, then your WINDOWS directory if Windows XP, or your WINNT
Directory if Windows 2000.
Find the "system32" directory.
In this directory, look for a file called "msblast" or "msblast.exe".
DO NOT DOUBLE CLICK OR OTHERWISE RUN THIS FILE.
Simply right click on the file and select "Delete".
2) Securing Your System
Next, go to this site and follow the instructions given to get the proper patch
for your computer.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
This set of instructions should help you secure your computer against this
threat.