Hello,
Here is some additional information along with additional links.
Stop Windows XP and Windows Server 2003 systems from rebooting after an
attack:
Another way to prevent Windows XP and Windows 2003 Server systems from
rebooting once the count down has started is to run this command at
the command line:
shutdown /a
This aborts the shutdown sequence. Since the RPC service has already
been shut down, it cannot be shut down again. Then you can patch the
system with MS03-026 which will reboot the system once it’s installed.
This command is not available on pre-XP systems.
Change Service Properties to avoid the reboot:
1. Open up the Services snap-in.
This can be done by right clicking on"My Computer", select"Manage",
select"Services and Applications" and click on"Services".
This can be done by going to the Control Panel and selecting to
switch to"Classic View", double-click on"Administrative Tools" and
select"Services".
2.Double-click on the"Remote Procedure Call (RPC)" service.
3. On the User Interface for RPC, click the"Recovery" tab.
4. Under the"Recovery" tab, go to the"First failure:" drop down and
change the value from"Restart the Computer" to"Restart the
Service".
5. Change the"Restart service after:" value to 5 minutes.
6. Install the MS03-026 / 823980 on the computer.
What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp
Microsoft scanning tool for MSBLASTER
http://support.microsoft.com/default.aspx?scid=kb;en-us;826369
PREVENTION:
Turn on Internet Connection Firewall (Windows XP or Windows Server 2003) or
use a third party firewall to block TCP ports 135, 139, 445 and 593; UDP
port 135, 137,138; also UDP 69 (TFTP) and TCP 4444 for remote command
shell.
To enable the Internet Connection Firewall in Windows:
http://support.microsoft.com/?id=283673
1.In Control Panel, double-click Networking and Internet Connections, and
then click Network Connections.
2.Right-click the connection on which you would like to enable ICF, and
then click Properties.
3.On the Advanced tab, click the box to select the option to"Protect my
computer or network".
This worm utilizes a previously-announced vulnerability as part of its
infection method. Because of this, you must ensure that their computers are
patched for the vulnerability that is identified in Microsoft Security
Bulletin MS03-026.
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.
Install the patch MS03-026 from Windows Update:
Windows NT 4 Server & Workstation
http://download.microsoft.com/download/6/5/1/651c3333-4892-431f-ae93-bf8718d
29e1a/Q823980i.EXE
Windows NT 4 Terminal Server Edition
http://download.microsoft.com/download/4/6/c/46c9c414-19ea-4268-a430-5372218
8d489/Q823980i.EXE
Windows 2000
http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42
049d5/Windows2000-KB823980-x86-ENU.exe
Windows XP (32 bit)
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a9
83f01/WindowsXP-KB823980-x86-ENU.exe
Windows XP (64 bit)
http://download.microsoft.com/download/a/7/5/a75b3c8f-5df0-451b-b526-cfc7c5c
67df5/WindowsXP-KB823980-ia64-ENU.exe
Windows 2003 (32 bit)
http://download.microsoft.com/download/8/f/2/8f21131d-9df3-4530-802a-2780629
390b9/WindowsServer2003-KB823980-x86-ENU.exe
Windows 2003 (64 bit)
http://download.microsoft.com/download/4/0/3/403d6631-9430-4ff6-a061-9072a4c
50425/WindowsServer2003-KB823980-ia64-ENU.exe
Shane Brasher
MCSE (2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking