You have the MSBlaster worm. To remove it, do the
following:
The following instructions are in three parts
1. Stop it from running
2. Remove it from your system
3. Make sure it doesn't come back
Before starting make sure you have a firewall active see
step 3a:
1. Stop it from running
Press Ctrl-Alt-Delete to bring up the Task Manager, then
on the
Processes tab, click msblast.exe and then "End process."
Reply
"Yes" to the warning message that comes up.
This stops the worm from running, so your system will not
shut
down. However, it doesn't remove it, and if that's all you
do, it
will start up again the next time you boot.
***
2. Remove it from your system
a. Download a removal tool from a link below.
But if that's all you do, you can get reinfected just as
you did the first time.
***
3. Make sure it doesn't come back
a. MAKE sure you're running a Firewall that prevents worms
like
this from getting in. You can enable the built-in Windows
XP
firewall, or(preferred) download and install another one
such as the free version of ZoneAlarm. To enable the built-
in firewall, go to
Control Panel, double-click Networking and Internet
Connections,
then click Network Connections. Right-click your
connection, then
click Properties, and on the Advanced tab, click the option
"Protect my computer and network...". Note: the built in
firewall only monitors incoming traffic not outgoing(ie
spyware, trojans, etc.. you may have on your system).
b. If you've disconnected your internet connection,
reconnect it.
Download and install the Microsoft patch at
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-
458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
That will remove the vulnerability that the worm exploits.
c. MAKE sure you are running an Anti-Virus program, and
that you
regularly download the latest updated virus definitions.
-----------------------------------------------------------
-----------------------------------------------------------
------------------------
If you connected the PC to the Internet without
having first
installed the KB824146 Hotfix, without having first
installed an
antivirus application with current virus definition
files, and before
enabling a firewall, you're very likely to get infected
from any of
the thousands of PCs on the Internet that are constantly
broadcasting
the Blaster and/or Welchia worms. It only takes a few
seconds of
exposure.
To stay on-line long enough to get the necessary
updates, patches,
and removal tools, click Start > Run, and enter "shutdown -
a" when the
next RPC countdown begins. This will abort the shut
down. Also, make
sure you've enabled a firewall before starting, to
preclude any more
intrusions while getting the updates/patches/tools.
Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..html
W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm
..removal.tool.html
W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32
..welchia.worm.html
W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm
..removal.tool.html
