Nu am avut timp ieri... eram la un membru al dc.com si ii devirusam pc-ul.
Sistemele afectate(mai rau) sunt WinME;2000;XP
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003 "
Metoda de scoatere a virusului, folosita de mine ieri cu succes:
era win XP... am dat disable la "System Restore"
am luat antivirusul de pe link-ul 1
am luat patch-ul de pe link-ul 2 (functie de win-ul pe care il aveti)
am rulat fixblast.exe (link 1)
am instalat patch (link 2)
W32.Blaster.Worm Removal Tool
Discovered on: August 11, 2003
Last Updated on: August 12, 2003 09:06:01 PM PDT
Symantec Security Response has developed a removal tool to clean the W32.Blaster.Worm infections.
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before you can continue with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
Because of the way the worm works, it may be difficult to connect to the Internet to obtain the patch, definitions, or removal tool before the worm shuts down the computer. It has been reported that, for users of Windows XP, activating the Windows XP firewall may allow you to download and install the patch, obtain virus definitions, and run the removal tool. This may also work with other firewalls, although this has not been confirmed.
What the tool does
The W32.Blaster.Worm Removal Tool does the following:
Terminates the W32.Blaster.Worm viral processes.
Deletes the W32.Blaster.Worm files.
Deletes the dropped files.
Deletes the registry values that the worm added.
Run the tool on every computer.
Obtaining and running the tool
NOTE: You need administrative rights to run this tool on Windows 2000, or Windows XP.
Download the FixBlast.exe file from:
Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible).
To check the authenticity of the digital signature, refer to the section, "Digital signature."
Close all the running programs before running the tool.
If you are running Windows XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details.
CAUTION: If you are running Windows XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.
Double-click the FixBlast.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
NOTE: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and wait 30 seconds. Restart the computer in Safe mode and run the tool again. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions, read the document "How to start the computer in Safe Mode."
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.
When the tool has finished running, you will see a message indicating whether W32.Blaster.Worm infected the computer. In the case of a worm removal, the program displays the following results:
Total number of the scanned files
Number of deleted files
Number of terminated viral processes
Number of fixed registry entries