Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BLASTER WORM VARIANTS SPREADS IN THE WILD

Virus Name  : W32.Blaster.C.Worm

Alias             : W32/Blaster-B, W32/Lovsan.C.Worm, WORM_MSBLAST.C, Blaster, Lovesan.B, I-Worm/Generic

Virus type    : Internet worm

Threat level : Medium

Virus details :

                     Blaster.C is a modified variant of Blaster worm,  exploits a vulnerability DCOM RPC [ Buffer Overrun In RPC Interface ] to infect target systems. This variant also scans for IP addresses and infects unpatched systems. Solo Antivirus can detect and remove Blaster worm and its variants without problem.

                     Blaster.C worm copies to Windows System32 folder as teekids.exe and modifies the registry run section to load automatically. This variant is packed with backdoor programs and it drops index.exe, root32.exe in the infected systems. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Microsoft Inet Xp.."= "teekids.exe" 

                      Blaster worm and its variants can be avoided by installing security patches from Microsoft. If you have not installed, you can get a copy at http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

                      After August 15th, Blaster worm and its variants will launch a distributed denial-of-service attack on windowsupdate.com server. The worm infected users will receive the error messages like 

System Shutdown

This system is shutting down. Please save all
work in progress and log off. Any unsaved
changes will be lost. This shutdown was
initiated by NT AUTHORITY\SYSTEM

Time before shutdown : 00:00:59

Message
Windows must now restart because the
Remote Procedure Call (RPC) service
terminated unexpectedly

                      Blaster worm infected systems may reboot every few minutes. This will stop the infected users from downloading security patches and antivirus software. You can disable DCOM temporarily to download patches and antivirus software. After installing security patches and antivirus software, you can enable the distributed COM. 

How can I protect my system?

                   Solo has incorporated W32.Blaster.C Worm in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/technet/security/bulletin/MS03-026.asp Then run Solo anti-virus scanner to remove the worm components.

                   Solo antivirus can detect and remove W32.Blaster.C  Worm and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link