Microsoft patch blaster worm

For additional information about antivirus software vendors, click the following article number to view the article in the Microsoft Knowledge Base:.

If you are a home user, visit the following Microsoft Web site for steps to help you protect your computer and to recover if your computer has been infected with the Blaster worm:. What is Microsoft Security Essentials? Your computer is not vulnerable to the Blaster worm if you installed the security patch MS before August 11, the date that this worm was discovered.

You do not have to do anything else if you installed the security patch MS before August 11, Microsoft tested Windows NT Workstation 4. Windows Millennium Edition does not include the features that are associated with these vulnerabilities. Previous versions are no longer supported, and they may or may not be affected by these vulnerabilities.

Search Product and Services Lifecycle Information. You do not have to do anything if you are using any of these versions of Windows. Security update is included in these service packs. You do not have to do anything else if you installed these service packs.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:. If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:. The system is shutting down. Save all work in progress and log off. Any unsaved changes will be lost. On a Windows XP-based or on a Windows Server based computer, a dialog box may appear that gives you the option to report the problem to Microsoft.

You may find a file that is named Msblast. For technical details about the changes that this worm makes to your computer, contact your antivirus software vendor. To detect this virus, search for a file that is named Msblast. Repeat step 2 for each of these file names: Msblast. If you find any of these files, your computer may be infected with the worm. If you find one of these files, delete the file, and then follow the steps in the "Recovery" section of this article.

Some dial-up connections may not appear in the Network Connection folders. In some cases, you can use the following steps to turn on ICF for a connection that does not appear in the Network Connection folder. Basic Firewall is a component of Routing and Remote Access that you can enable for any public interface on a computer that is running both Routing and Remote Access and a member of the Windows Server family.

This worm uses a previously announced vulnerability as part of its infection method. Because of this, you must make sure that you have installed the security patch on all your computers to address the vulnerability that is identified in Microsoft Security Bulletin MS The security patch replaces the security patch.

Microsoft recommends that you install the security patch that also includes fixes for the issues that are addressed in Microsoft Security Bulletin MS Use the latest virus-detection signature from your antivirus vendor to detect new viruses and their variants.

A scheduled denial-of-service attack against Microsoft's main software update Web site did not materialize Saturday, as computers infected with the W Blaster worm failed to find their target. Blaster first appeared on Monday and quickly spread to computers worldwide by exploiting a known security vulnerability in Microsoft's Windows operating system.

In addition to infecting vulnerable Windows machines, Blaster worm was programmed to launch a denial-of-service attack against windowsupdate. However, an error in Blaster's design combined with last minute actions by Microsoft to change the registration of windowsupdate. Blaster's author provided the incorrect domain address for windowsupdate. The address specified in the worm's code, windowsupdate. On Thursday, Microsoft delisted the windowsupdate. That solution also removed the threat of collateral damage from the attack, because requests for windowsupdate.

The new worm hides behind a different file name from the Blaster worm, Dllhost. Instead, the worm spreads like Blaster by identifying unpatched Windows and XP systems, then infecting them, according to Hameroff. Traffic from infected systems can also clog up computer networks and create denial-of-service problems on computer networks if many infected computers attempt to download the Microsoft Windows patch at the same time, according to David Perry, global director of education at Trend Micro Inc.

CA is still analyzing the new worm and could not provide details or say how long Nachi will stay on systems before removing itself, he said. There is no evidence that the worm installs Trojan horse programs or other kinds of snooping "spyware" on infected systems, Perry said. Islandia, N. However, Trend Micro said the new worm is spreading rapidly in China and South Korea, prompting that company to issue a "red alert" to its customers in Asia, Perry said.

Do-gooder worms are no substitute for timely and responsible patching by systems administrators, experts said. Here are the latest Insider stories.