Plant Pathology Computing Resources Home

Alerts

08/15/2003 - Windows DCOM Vulnerability

Email
No Mail
Mail Alias

Printing
No Printing

Internet
Connection
No Internet
New Connection
Move Connection

Virus Protection
Download Software
Configure Software

Info-Tech Education

Troubleshooting

Other Useful Links

For Assistance

ppath_help@ncsu.edu
919-515-5547

OR

help@ncsu.edu
919-515-HELP
(919-515-4357) 		 

Windows Operating Systems DCOM Vulnerability & Fixes (Last Updated 1:20 p.m. 08/15/2003)

*The tools available for download below may not completely remove the virus infection on your computer. Download them and run them according to instructions below, and apply the DCOM patch that is appropriate for your computer operating system. If either tool indicates that it has found and removed some viral files from your computer, or, if you run a virus scan with updated definitions and find an infection, please contact me, and do NOT run Windows Update. I must make a "hands-on" visit to your computer to remove files and registry entries that the tool does not remove.

Thanks,
Leslie

A vulnerability in ALL Microsoft Windows operating systems has been recently discovered. The flaw can be patched by applying an update available from Microsoft. Unfortunately, only a few of our departmental machines have been correctly and fully patched.

To make matters worse, as of 08/13/2003, there are two quickly-moving worms/trojan horses that are attacking computers on campus. Some users may notice nothing wrong with their computers, even though they are infected, while other users may experience complete computer crashes and shutdowns.

I have put together a toolkit on this page to assist you in installing the necessary patches and repairing damage caused by viruses. Please print this page before attempting any of the repairs. If you are unsure how to proceed, you may call me, however, this attack is widespread, and I anticipate that it may be several weeks before I can completely patch and repair all affected machines.

Follow the instructions below step-by-step IN THE ORDER IN WHICH THEY APPEAR. Do NOT skip any step, or you could render your computer unbootable and force a reformat and reinstallation of Windows.

  1. Print this page.
  2. XP Users must know how to disable the System Restore feature. Click the link below and print that page as well if you are an XP user. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
  3. Create a folder called fix_blast in the root of the C: drive on your computer. Do NOT put it in the My Documents folder.
  4. Download the files below, and save them to the fix_blast directory that you created in Step 2. Make sure you download the files APPROPRIATE for your operating system.
    1. fixWinsh.exe (Windows 2000, Windows XP)
    2. fixblast.exe (Windows 2000, Windows XP)
    3. OS Patch for Windows 2000 - KB823980-x86-ENU.exe (Windows 2000 ONLY)
    4. OS Patch for WindowsXP-KB823980-x86-ENU.exe (Windows XP ONLY)
    5. SAV8m.exe - Symantec Antivirus Corporate Edition Version 8
  5. Disconnect your computer from the network by unplugging the network cable from the back of the computer.
  6. Check the virus definition date in Norton/Symantec antivirus by double-clicking on the yellow shield in the lower right-hand corner (system tray) of your screen. The definition MUST read 8/11/2003 rev. 19, or later, AND there must be NO exclamation point on the Norton shield in the system tray. If either of these cases if false, then you must install the latest version of Symantec antivirus. Before installing the new version, you need to uninstall the old version. Use Start=>Settings=>Control Panel=>Add/Remove Programs to complete the removal. Select the Norton Antivirus product that is on your computer and click "Remove". Once the removal is finished, restart your computer. Then install the new version of Symantec by clicking on Start=>Run, then typing c:\fix_blast\SAV8m.exe to complete the installation. Fully record any error messages that you encounter during the removal/installation process so that I can help you if you run into trouble.
  7. If you are running Windows XP, make sure to disable the System Restore feature, using the instructions that you printed from the Symantec website (link above).
  8. Click Start=>Run, then type C:\fix_blast\fixWinsh.exe into the box. Click OK. This will open the Stealther fix tool. Let it run to completion and restart when requested.
  9. Click Start=>Run, then type C:\fix_blast\fixblast.exe into the box. Click OK. This will open the Blaster fix tool. Let it run to completion and restart when requested.
  10. Install the OS patch that is specific to your operating system (see file downloads above). Restart the computer.
  11. Reconnect your computer to the network.
  12. To prevent future problems: Make sure to run Windows Update regularly ... at least once per week ... on all Windows machines. You can do this by selecting Start=>Run=>Windows Update, or by visiting http://windowsupdate.microsoft.com and following the instructions to scan your computer for needed updates and installing updates until the website tells you that there are no more critical updates available. This process will be VERY slow at the present time because of the tremendous number of machines that have been affected around the world, however, things should settle down again over the next few week. You MUST keep your computer operating system patched, and your virus definitions up-to-date.