MessageSymantec has a lengthy write-up about W32.Blaster.Worm at: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. It will attempt to download and run the file Msblast.exe. Their virus definitions file released late this afternoon will protect against it, but those machines already infected is another story. The write-up addresses how to remove it. Doug Ö¿Ö ----- Original Message ----- From: Steven Nichols To: crime@private Sent: Monday, August 11, 2003 4:37 PM Subject: CRIME XP Home edition We have had about 10-15 users call in. XP Home eddition. Dialup users PC's are up to date on all virus and microsoft patches. Customer working on pc, black screen pop's up. Says Remote server will be shutting down in 60 seconds. The pc shuts down, reboots. then tons of windows start popping up that say "Can't open document", etc. anyone else see this? Steven Nichols Sr. Network and Systems Administrator Internet and NOC Manager VALLEY INTERNET COMPANY 1709 NE 27th Street, Suite C McMinnville, Oregon 97128 503-565-5030 or 800-909-9078 (toll-free) "Pay no attention to the folks behind the curtain..." PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 19:13:37 PDT