As you may have heard by now in the news there is a new virus that is exploiting a security flaw in Windows XP, NT and 2000. The virus is known as "W32.Blaster.Worm" or "MSBlast." The virus does not come through email. It is sent to your computer through a Remote Procedure Call, or RPC, meaning that an infected computer scans other computers for a certain open port, and then sends itself through that port. This security flaw is not in Macintosh, Linux or Unix operating systems. To read more about the security flaw, please go to
http://www.microsoft.com/technet/security/bulletin/MS03-026.aspTo keep from getting this virus, you should go to www.windowsupdate.com and scan for all patches available for your computer. After it scans, you should download all the security patches. This will keep you from getting the virus.
NOTE: If you are infected, you will see an error saying "...NT authority must shut down your computer in 30 seconds."
BEWARE! Some users who have the virus have reported that while they were attempting to download the patches from Microsoft, the virus rebooted their computer. There is little chance of damage from this and it will be possible to eventually receive the patches from Microsoft even if you are infected and the virus reboots your computer. Just keep trying to get the patches.
XP users can prevent this from happening by turning on Internet Connection Firewall in their connection profile. IF YOU ARE AN XP USER, right click on your connection icon, left click on Properties, click the Advanced Tab, and place a checkmark next to "Internet Connection Firewall." This will allow you to download the patches without the virus rebooting your machine.
To fix this, you must edit your Windows registry. It is extremely important that you follow these set of instructions very carefully.
1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit
3. Then click OK. (The Registry Editor opens.)
4. Navigate to the key by clicking on the plus next to each section:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
5. In the right pane, delete the value:
"windows auto update"="msblast.exe"
6. Exit the Registry Editor by click the x in the top right corner.
You should then be able to go to www.windowsupdate.com and get the patch to keep your computer safe. You should also then go to
http://www.housecall.antivirus.com Click on Scan Now listed under the Customer Advisory. Press yes to any boxes that pop up. You will then see the Active Update windows where it is downloading an updated engine and pattern file. Once this is done, put a checkmark next to your C: drive and a checkmark next to Auto Clean. Then click Scan. This will scan your computer for viruses and automatically clean any that it can. It will also give you the option to delete the infected files that it was not able to clean. This online virus scanner is free.