PC Ekspert Forum - View Single Post

Shimomura · 12.08.2003., 23:45

ovak:
1.Control Panel--->administrative tools--->services--->Remote Procedure Call--->Recovery-->sve postavina take no action!

2.skini antivirus:
http://securityresponse.symantec.com...oval.tool.html

3.nakon sto ukloniš virus,skini pach:
http://microsoft.com/technet/treevie...n/MS03-026.asp

i to je to:W32.Blaster.Worm is gone...

mozes ga uklonit i ručno:
1.-ctrl+alt+delete--->end msblast proces...
2.pokreni regedit
3.nadi-->HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

tu pobriši ”windows auto update" = MSBLAST.EXE ...

to je to

evo još par savjeta od sans instituta i Incidents.org:

* Close port 135/tcp (and if possible 135-139, 445 and 593)
* Monitor TCP Port 4444 and UDP Port 69 (tftp) which are used by the worm for activity related to this worm.
* Ensure that all available patches have been applied, especially the patches reported in Microsoft Security Bulletin MS03-026.
* This bulletin is available at http://www.microsoft.com/technet/sec...n/MS03-026.asp
* Infected machines are recommended to be pulled from the network pending a complete rebuild of the system.

12.08.2003., 23:45	#7
Shimomura Registered User Datum registracije: Aug 2003 Lokacija: in da haus Postovi: 6	ovak: 1.Control Panel--->administrative tools--->services--->Remote Procedure Call--->Recovery-->sve postavina take no action! 2.skini antivirus: http://securityresponse.symantec.com...oval.tool.html 3.nakon sto ukloniš virus,skini pach: http://microsoft.com/technet/treevie...n/MS03-026.asp i to je to:W32.Blaster.Worm is gone... mozes ga uklonit i ručno: 1.-ctrl+alt+delete--->end msblast proces... 2.pokreni regedit 3.nadi-->HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run tu pobriši ”windows auto update" = MSBLAST.EXE ... to je to evo još par savjeta od sans instituta i Incidents.org: * Close port 135/tcp (and if possible 135-139, 445 and 593) * Monitor TCP Port 4444 and UDP Port 69 (tftp) which are used by the worm for activity related to this worm. * Ensure that all available patches have been applied, especially the patches reported in Microsoft Security Bulletin MS03-026. * This bulletin is available at http://www.microsoft.com/technet/sec...n/MS03-026.asp * Infected machines are recommended to be pulled from the network pending a complete rebuild of the system.