« Spring Has Sprung | Main | Another day, another worm »

Tuesday, August 12, 2003

Blaster / Lovsan / Poza Worm


This one's a bit of a bastard. By forcing shutdown it makes it difficult to download the fixes and disinfector.

Running shutdown /a (on XP Pro only) will prevent the automatic shutdown.

You can also go into Computer Manager -> Services and Applications -> Services and change the Recovery settings for Remote Procedure Call (RPC) from "Restart the Computer" to "Restart the Service".

The easiest way is to set your system clock back a month when you get the shutdown message.

CERT has detailed disinfection / recovery instructions as part of their Blaster advisory. Visualante.org has good instructions too.

The updated (April 2004) Microsoft patch for your Operating System can be found on Microsoft's Technet.

Updated Windows XP patch is here.

Details of the worm are here.

Get the patch on, disinfect with something like Mcafee's Stinger.

Then force update your antivirus program's patterns. If you don't have an antivirus program, then try Avast! Personal Edition. It's free for personal use. Trend Micro offer a free online virus scanning tool too.

Then go to Windows Update and get all the critical updates.

Using a personal firewall like ZoneAlarm would have prevented infection in the first place (if properly configured).
Posted by Phil at 9:24 PM
Edited on: Saturday, April 23, 2005 10:22 AM
Categories: Computer Security