Pathology Computing Resources Home
08/15/2003 - Windows DCOM Vulnerability
Operating Systems DCOM Vulnerability & Fixes (Last Updated 1:20 p.m.
available for download below may not completely remove the virus infection
on your computer. Download them and run them according to instructions
below, and apply the DCOM patch that is appropriate for your computer
operating system. If either tool indicates that it has found and removed
some viral files from your computer, or, if you run a virus scan with
updated definitions and find an infection, please contact me, and do NOT
run Windows Update. I must make a "hands-on" visit to your computer
to remove files and registry entries that the tool does not remove.
in ALL Microsoft Windows operating systems has been recently discovered.
The flaw can be patched by applying an update available from Microsoft.
Unfortunately, only a few of our departmental machines have been correctly
and fully patched.
matters worse, as of 08/13/2003, there are two quickly-moving worms/trojan
horses that are attacking computers on campus. Some users may notice nothing
wrong with their computers, even though they are infected, while other
users may experience complete computer crashes and shutdowns.
I have put
together a toolkit on this page to assist you in installing the necessary
patches and repairing damage caused by viruses. Please print this page
before attempting any of the repairs. If you are unsure how to proceed,
you may call me, however, this attack is widespread, and I anticipate
that it may be several weeks before I can completely patch and repair
all affected machines.
instructions below step-by-step IN THE ORDER IN WHICH THEY APPEAR. Do
NOT skip any step, or you could render your computer unbootable and force
a reformat and reinstallation of Windows.
- XP Users
must know how to disable the System Restore feature. Click the link
below and print that page as well if you are an XP user. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
a folder called fix_blast in the root of the C: drive on your computer.
Do NOT put it in the My Documents folder.
the files below, and save them to the fix_blast directory that you created
in Step 2. Make sure you download the files APPROPRIATE for your operating
(Windows 2000, Windows XP)
(Windows 2000, Windows XP)
Patch for Windows 2000 - KB823980-x86-ENU.exe (Windows 2000 ONLY)
Patch for WindowsXP-KB823980-x86-ENU.exe (Windows XP ONLY)
- Symantec Antivirus Corporate Edition Version 8
your computer from the network by unplugging the network cable from
the back of the computer.
the virus definition date in Norton/Symantec antivirus by double-clicking
on the yellow shield in the lower right-hand corner (system tray) of
your screen. The definition MUST read 8/11/2003 rev. 19, or later, AND
there must be NO exclamation point on the Norton shield in the system
tray. If either of these cases if false, then you must install the latest
version of Symantec antivirus. Before installing the new version, you
need to uninstall the old version. Use Start=>Settings=>Control
Panel=>Add/Remove Programs to complete the removal. Select the Norton
Antivirus product that is on your computer and click "Remove".
Once the removal is finished, restart your computer. Then install the
new version of Symantec by clicking on Start=>Run, then typing c:\fix_blast\SAV8m.exe
to complete the installation. Fully record any error messages that you
encounter during the removal/installation process so that I can help
you if you run into trouble.
- If you
are running Windows XP, make sure to disable the System Restore feature,
using the instructions that you printed from the Symantec website (link
Start=>Run, then type C:\fix_blast\fixWinsh.exe into the box. Click
OK. This will open the Stealther fix tool. Let it run to completion
and restart when requested.
Start=>Run, then type C:\fix_blast\fixblast.exe into the box. Click
OK. This will open the Blaster fix tool. Let it run to completion and
restart when requested.
the OS patch that is specific to your operating system (see file downloads
above). Restart the computer.
your computer to the network.
- To prevent
future problems: Make sure to run Windows Update regularly ... at least
once per week ... on all Windows machines. You can do this by selecting
Start=>Run=>Windows Update, or by visiting http://windowsupdate.microsoft.com
and following the instructions to scan your computer for needed updates
and installing updates until the website tells you that there are no
more critical updates available. This process will be VERY slow at the
present time because of the tremendous number of machines that have
been affected around the world, however, things should settle down again
over the next few week. You MUST keep your computer operating system
patched, and your virus definitions up-to-date.