[www.cwis.net]   [About]   [Start Page]   [Webmail]   [My Account]   [Support

Support Main Menu

Popular Items
Software Downloads
Internet Access Numbers
Software Settings
Popup/adware/virus tools and how-tos
Service and Network Status

Contact Support
Contact us by E-Mail
Get a response within 24 hours.
Contact Us by Phone
Speak with a live person.

Manage My Account
- Pay your bill online
- Update your billing information
- Add/Remove e-mail boxes
- View service invoices
- Change your password
- View dialup time usage
- View web/mail usage

  Go to account maintenance

Search
 

Home > Technical Support > Blaster Worm

Protecting against and cleaning up the Blaster worm

If your computer is running one of the following, you may be vulerable to an Internet worm referred to as Blaster:

  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003

    • Quick Links:

  • Technical Overview
  • Microsoft Security Bulletin and patching instructions
  • Symantec W32.Blaster.Worm Removal Tool

    • Overview:
    Blaster is a worm that exploits the RPC vulnerability using TCP port 135. This vulnerability was made public by Microsoft in July with patches made immediately available. The worm attempts to replicate itself to other computers on your local area network and on the Internet at large.

    Full technical details about the worm can be found here from Symantec.

    To clean your system, please follow these steps:

    1. Follow the instructions by Microsoft in their security bulletin titled " What You Should Know About the Blaster Worm and Its Variants". This bulletin describes the problem, its symptoms, and what you need to do to protect your computer.
    2. Make sure to remove the worm using a removal tool, such as this tool from Symantec.

    Tip:
    If your computer is running Windows XP, it might try to reboot. When you receive the reboot warning, quickly follow these steps to keep your computer from rebooting. This may have to be done a few times while downloading the patch and fix tool.

    • Click Start then Run
    • Type in: shutdown /a
    • Click OK

    Symptoms:
    If your computer is running Windows XP and are infected, you are likely to encounter this error:

    This system is shutting down. Please save all work in progress and log off. This shutdown was initiated by NT Authority/System.

    Windows must restart because the Remote Procedure Call (RPC) service terminated unexpectedly.
    On most systems, a countdown of 60 seconds until reboot will also be shown.

    If your computer is running Windows 2000 and are infected, you are likely to encounter this error:

    svchost.exe has generated errors and will be closed by Windows. You will need to restart the program.
    The computer will not automatically shut down, however it may break your Internet access and make you unable to run some Java applications.