Locally, the worm has found its way into some of our manufacturing plants and businesses. Our local computer repair shops also are staying quite busy with an increase of customers needing to rid their systems of MSBlast infections as well.
The worm is getting a lot of media attention, as major networks such as CNN, TechTV and others are airing information on how computer users can protect themselves. This worm operates slightly different from other worms because it doesn't rely on spreading via e-mail. It looks for unpatched systems and either crashes them or infects them.
How can you tell if you've been infected by MSBlast? A couple of signs to look for include your system crashing, spontaneously rebooting or finding a file or process running on your system named msblast.exe or teekids.exe.
For a manual cleanup of the worm, follow the following instruction:
To stop your computer from spontaneous reboots, click on "Start," select "Run" and type in "cmd" (without quotes). At the Command Prompt, type "shutdown -a" (type without quotes and with a space between shutdown and -a). This will tell your system to abort the shutdown process.
To find files, simply click on "Start," select "Search" and then select "All Files and Folders." Next, type in the file name you are looking for - in this case, msblast.exe - and then click on the "Search" button. If you find the file, right-click on the filename and select delete to remove it.
To find processes, do a ctrl-alt-del combination keystroke and then click on the "Task Manager" button. Select the "Processes" tab and look for msblast.exe or teekids.exe. If you find an instance of either file, select it and click "End Process," then click "Yes."
After this, I recommend that you immediately go online to Windows Update at http://windowsupdate.microsoft.com and install the RPC patch. Next, get the latest virus definitions for your virus protection software. Also, consider installing a free firewall, such as ZoneAlarm. Visit www.zonealarm.com for more details.
Windows users, please remember this simple rule of the thumb, whenever you hear of Microsoft releasing a patch for their software. Do yourself a favor and patch your system right away.
For more details on the MSBlast worm, visit Cert at www.cert.org/tech_tips/w32_blaster.html.
* Lindows.com has launched a new LindowsOS Consultants program to aid organizations that are considering deploying Lindows.com products. Learn more at www.lindows.com/consultants. At the beginning of the month, the company launched KooBox, an all-in-one box computer system that included a LCD flat monitor, full system and speaker for under $450. Learn more at www.koobox.com.
E-mail me at firstname.lastname@example.org; fax me at (859) 236-9566; or write me snail-mail at The Advocate-Messenger, P.O. Box 149, Danville, KY 40423-0149.