The computer is suspected to be infected with the W32.Blaster.Worm, follow
the steps below to remove this worm:
1. Physically disconnect the computer from the network
2. Check the system for signs of infection:
- Click Start, and then click Run
- Type regedit in the Run dialog box and press OK
- Navigate to the registry key:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- If the "windows auto update" value is found, delete this value
- Close Registry Editor
3. If you are infected, terminate the running copy of mblast.exe using Task
Manager (Note: To bring up the Task Manager, press Ctrl + Alt +Delete or
right-click on the TaskBar and click Task Manager)
4. Take one of the following steps below prior to installing the patch from
Microsoft
- Disable DCOM or
- Enable the Internet Connection Firewall (If you are running Windows XP
or Server 2003) or any firewall that can block incoming traffic from 135/tcp
5. Reconnect the system to the network and apply the patch immediately from
http://support.microsoft.com/?kbid=823980
To disable DCOM:
1. Start Registry Editor.
2. Locate the following path:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
3. Change the EnableDCOM string value to N.
4. Restart the operating system for the changes to take effect.
To enable the Internet Connection Firewall:
1. Open Network Connections (Click Start, click Control Panel, and then
double-click Network Connections.)
2. Click the Dial-up, LAN or High-Speed Internet connection that you
want to protect, and then, under Network Tasks, click Change settings of
this connection.
3. On the Advanced tab, under Internet Connection Firewall, select the
Protect my computer and network by limiting or preventing access to this
computer from the Internet check box.
