AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use the
Trend Micro System Cleaner.
MANUAL REMOVAL INSTRUCTIONS
Disabling the Malware Service
This removes the running malware service from memory on systems running Windows NT, 2000, and XP.
Open a command prompt window. Click Start>Run, type CMD and then press the Enter key.
At the command prompt, type the following:
NET STOP "Network Connections Sharing"
Press the Enter key. A message should indicate that the service has been stopped successfully.
Do the same to stop the following service:
NET STOP "WINS Client"
Close the command prompt window.
Removing the Malware Service
Restart your machine to terminate the malware service.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSetServices>
Still in the left panel, delete the subkeys:
RpcPatch
RpcTftpd
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_MSBLAST.D. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.
Applying Patches
TrendLabs advises all affected users to apply the patches issued by Microsoft from the following page:
Microsoft Security Bulletin MS03-026
Microsoft Bulletin MS03-007>Microsoft Bulletin MS03-007
TrendLabs also asks users to filter access to port 135 and allow trusted and internal sites only.
RPC DCOM Buffer Flow Vulnerability Scanning Tool
TrendLabs advises users to download the scanning tool released by Microsoft that can identify host machines in the network that do not have the MS03-026 security patch installed.
This Microsoft Scanning Tool is available for download at:
http://support.microsoft.com?kbid=826369.
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
For additional information about this threat, see Technical Details.