Various Windows Worms.

With the increasing effect and exploitation of the microsoft windows DCOM vulnerability, and the number of variants or mutations of "worms" this issue is becomming worse. It's also increasingly difficult to stay abreast of the various exploits and fixes. We have made SOME tools available locally for our customers.

We have a tool to remove the BLASTER worm from your computer (if it is already infected).
1. Download the FixBlast.exe
2. Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible).
3. Close all the running programs before running the tool.
4. If you are running Windows XP, then disable System Restore.
5. Double-click the FixBlast.exe file to start the removal tool.
6. Click Start to begin the process, and then allow the tool to run.
7. Restart the computer.
8. Run the removal tool again to ensure that the system is clean.
9. If you are running Windows XP, then re-enable System Restore.
10. Run LiveUpdate to make sure that you are using the most current virus definitions.


Another similar worm is the W32.Welchia.Worm. This worm tries to fix the Blaster worm, but causes more problems than it cures! Download the Removal tool here.


Once you are sure your system is clean, you should patch to protect against this particular exploit.

There is a Patch for Windows2000, but you should have Service pack 3 or 4 before you try to apply it. There are indications it MAY work with SP2, but you're on your own with that.

There is a Patch for Windows XP. No service pack requirement as far as we know.


We are currently filtering port 135 for both ingress and egress in order to reduce any effect on our customers, but this is a short-term block, users should update their windows systems as described above.

(Published on 24-Oct-2003 15:48 by RossW, read 1292 times)
Missed an article? Check the archives