System32

[Corey]

I found a file in my system32 folder called msblast.exe
and i suspect that it is a virus . Can anyone confirm
weather or not I should delete this from my computer?

 

[Nicholas]

Corey --

Read and follow the instructions in this article:

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

**** You need to make sure you have a FIREWALL enabled ****

Open XP's "Help and Support" and type: FIREWALL , and hit enter.
Click on the topic titled "Enable or Disable Internet Connection Firewall".

Additional information from Symantec:

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/8205.html

The RPC alert has been diagnosed as the W32.Blaster.Worm and removal
instructions are available from this Symantec link:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html


--
Nicholas

-------------------------------------------------------------------


| I found a file in my system32 folder called msblast.exe
| and i suspect that it is a virus . Can anyone confirm
| weather or not I should delete this from my computer?

 

[Jonathan Maltz [MS-MVP]]

Install:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
As soon as you can!

Also enable Windows XP's built in firewall:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673

Then go to WindowsUpdate to pick up the latest updates:
http://windowsupdate.microsoft.com

More info about the worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
tutorial site
Only reply by newsgroup. If I see an email I didn't ask for, it will be
deleted without reading.

 

[Chris Lanier]

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html