Stuart McLachlan
stuart at lexacorp.com.pg
Mon Aug 11 19:07:20 CDT 2003
On 11 Aug 2003 at 19:52, Susan Harkins wrote: > Internet Virus Alert: Central Command Warns Of New RPC > Computer Worm Named Worm/Lovsan.A > > > http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph > p?p_faqid=506 > > > ========I'll be looking for more info on how to get rid of this -- info > talks as though msblast.exe is the virus file and I've got it. :( Not sure > where I got it from though if that's the case -- the wording is a bit Are you firewalled? If not, it snuck into your system using the "Buffer Overrun In RPC Interface Could Allow Code Execution " exploit. See http://support.microsoft.com/?kbid=823980 > ambiguous and I'm not positive that msblast.exe isn't a valid file. > Doubt if it is a valid file. There's none on my W2k system. > If anyone finds more info on how to get rid of this sucker, let me know > please. > Looks like it's just a case of deleting the reg key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update"="msblast.exe" and the MSBLAST.EXE file. -- Lexacorp Ltd http://www.lexacorp.com.pg Information Technology Consultancy, Software Development,System Support.