<Canned response for Blaster worm.>

Boot into Safe Mode and start your registry editor:
Start / Run / regedit

Navigate to:
HKEY_LOCAL_MACHINE
+Software
+Microsoft
+Windows
+CurrentVersion
+Run

In the right-hand pane, look for any entry/ies that include
MSBLAST.EXE, PENIS32.EXE or TEEKIDS.EXE and
DELETE it/them.
These are the files associated with the different variants:
Variant A - msblast.exe
Variant B - penis32.exe
Variant C - teekids.exe

You just disabled the worm from running at startup, so boot into
normal mode again, and turn off ALL system restores to purge
your system.

Open Windows Explorer to the ..\Windows\System32\ or
...\WinNT\System32\ folder and DELETE *any* of the
files named above.

Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
and find the reference to the above file/s (any reference will
be similar to: <filename.exe>-<alphanumerics>.PF), for example,
msblast.exe-0235D8H6.pf, and DELETE it/them.

Now you can download and install the patch, configure your
firewall and update your virus scanner.

Virus Alert About the Blaster Worm and Its Variants
http://support.microsoft.com/default.aspx?kbid=826955

Microsoft Security Bulletin MS03-026
http://www.microsoft.com/technet/sec...n/MS03-026.asp

What you should know about the Blaster worm
http://www.microsoft.com/security/incident/blast.asp

Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

How to Use The KB 823980 Scanning Tool to Identify Host Computers
That Do Not Have The 823980 Security Patch (MS03-026) Installed
http://support.microsoft.com/default.aspx?kbid=826369

W32.Blaster.Worm
http://www.symantec.com/avcenter/ven...ster.worm.html

W32.Blaster.B.Worm
http://www.symantec.com/avcenter/ven...er.b.worm.html

W32.Blaster.C.Worm
http://www.symantec.com/avcenter/ven...er.c.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/ven...oval.tool.html


On Sat, 13 Dec 2003 08:32:16 +1100, in
<utcktv4g3hpji2fmmbc0sc2bnb6t7hh252@4ax.com>
Chris Bainton scrawled:

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

So, you *are* a thief, as well as an arsehole?


On Fri, 12 Dec 2003 16:07:21 -0500, in
<d4bktvk4f05e0kul46oefun19rmvqto5ae@4ax.com>
Harrison scrawled:

<snip>

<Snip thievery>

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

<Harrison> wrote in message
news:d4bktvk4f05e0kul46oefun19rmvqto5ae@4ax.com...
True enough.

Ridiculous

Which won't stop Blaster or Welchia.

As if he'd be able to stay on line long enough.

So you're a thief as well.

Hi all

Wondered if anyone has information on Windows XP pro installations.
I know this is not a Win xp specific group but I have always had quick
responce from the manay gurus here.

I was helping a freind with a fresh installation of WinXP and after
the installation.

I had a message about a service had shut down in the NT security
folder (something like csv as forgot the paper i wrote it on doh),
requiring a compulsory (timed) restart .The problem occured after I
added the service pack 1 also.

The ppl she bought computer from didnt leave any disks with computer
some time back (OS especially).

I had to use a suspect key as I dont know how to retrieve the original
key from the existing installation (help here also plz).

Would this be a security issue by microsoft recognising a widly shared
key? as this occured after i connected to the internet?

Thanks for any ideas

Chris

"Chris Bainton" <cbainton@ihug.com.au> wrote in message
news:utcktv4g3hpji2fmmbc0sc2bnb6t7hh252@4ax.com...
Well, your obviously at a working computer, go here and download the
security patch:

http://www.microsoft.com/technet/tre...n/MS03-026.asp

It will fit on a floppy. Then download the fix tools for Blaster and Welchia
from www.symantec.com. Take this to the computer, apply the patch, reboot
and apply it again. Connect to the Internet and go now go to Windows Update,
while its loading hit Ctrl-Alt-Del to open the task manager, click on
processes look for a file named DLLHOST.EXE , if you see this you have
Welchia as well select this file and click End Process. You can also look
for the file names mentioned in the other responses to your question. After
applying all the critical updates, run the fix tools.

On Fri, 12 Dec 2003 16:37:21 -0500, in
<ipcktvgdo08a7v8e1of2pffotiqdbqcmgi@4ax.com>
Harrison scrawled:

<snip>

You just happen to be a fucking thief, and you make a point of
helping other thieves. This is not the first time you've helped a
thief in this newsgroup, and I've no doubt it will be the last.


Perhaps you'd like to fuck right off, thief.

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

On Fri, 12 Dec 2003 16:44:58 -0500, in
<bhdktvon4i7fddq5aepmm14cdote4fivvf@4ax.com>
Harrison scrawled:

http://webster.commnet.edu/grammar/marks/marks.htm
http://www.davidappleyard.com/punctuation.htm
http://webster.commnet.edu/grammar/capitals.htm


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

<Harrison> wrote in message
news:bhdktvon4i7fddq5aepmm14cdote4fivvf@4ax.com...
your.. no wait...its you're (thanks) a fuckwit. I guess its on then eh?

"°Mike°" <ZHNTPDWBLECA@fcnzzbgry.pbz> wrote in message news:400835e1.15900768@localhost.dot.net...

Why do you assume the original poster is a thief?
What are YOU another MS arselicker?

On Fri, 12 Dec 2003 22:05:04 GMT, in
<kYqCb.50056$aT.2030@news-server.bigpond.net.au>
GEORGE scrawled:

Where did I say that the original poster is a thief?
Can't you read?

Far from it; I'm not illiterate, either. Now, is there any other
way that you'd like to make a fool of yourself?

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

I'm not in your killfile, you moron. Your continued snipes
at me are proof enough of that. Fucking thief.


On Fri, 12 Dec 2003 17:14:33 -0500, in
<qcfktv8j48g5u78rvku1kcn80qqfk5f6gv@4ax.com>
Harrison scrawled:

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

On Fri, 12 Dec 2003 22:26:48 GMT, in
<IgrCb.50073$aT.42284@news-server.bigpond.net.au>
GEORGE scrawled:

Like I said, can't you read? I was talking to, and about
Harrison.

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

On Fri, 12 Dec 2003 17:17:12 -0500, in
<6ffktvoplr94opkg0jdlu4ou8jmc1vknpk@4ax.com>
Harrison scrawled:

Run, boi, run.........

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

"°Mike°" <ZHNTPDWBLECA@fcnzzbgry.pbz> wrote in message news:401241c4.18944390@localhost.dot.net...
and you have no doubt it will be the last, or you have no doubt will it be the last.

GEORGE wrote:

Posting 'cracks' in a newsgroup *is* assisting thieves. This doesn't
reflect one way or another upon the original poster; who may have a
legitimate copy of the software, or not.
It may make a difference to *you*; as to the target of theft.
Thieves, and those that condone and applaud their activity always have a
handy justification for their actions. It does not change the fact that
it is theft.
The fact that you think it's only okay to steal from *some* people
doesn't alter an obvious flaw in *your* ethics.
--
"A thief is a thief."

On Fri, 12 Dec 2003 22:52:42 GMT, in
<_ErCb.50112$aT.19099@news-server.bigpond.net.au>
GEORGE scrawled:

Are you stupid, or what? My remarks were aimed at Harrison,
and only Harrison. And if *you* condone thieving, then I guess
I could always aim them at you, too.

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

On Fri, 12 Dec 2003 17:57:41 -0500, in
<bthktvgok7p0d23aae4rs61rsosjqhf9f7@4ax.com>
Harrison scrawled:

You proved nothing, except that you didn't have a clue
what your were (and continue) to talk about.

You're a liar, as well as a thief. It is *you* that continues
to snipe at me, and my maintenance page, from behind
your "stealth" killfile.

Santa had better watch out; you'll steal everything from him.

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

Harrison wrote:
<snip>

Nonsense. He was basically ignoring you; prior to your obvious,
baiting, snipes. But you wouldn't know that, would you; since you have
him 'killfiled'.
And by the way; if you proceed at your current rate for the next
several years, you *may* have helped as many people in this newsgroup as
the "twit" that you recommend that people killfile. But I don't like the
odds of that happening.
From all of your promise of a Bright New Tomorrow for the newsgroup
as a Nicer Place; it certainly hasn't taken you long to join the wallow.
Sniping from behind the killfile; posting cracks, spelling lames, and
the always-witty 'I fucked yo Momma' insults.
Is this the example you wished to set, in order to 'improve' the
place? Or have you just decided that it's okay now to be one those
people that you'd previously claimed to abhor?
The only thing you've managed to injure, is your own credibility.
--
"You may well insult the 'old-timers'. At this rate of implosion; it
seems unlikely you'll be one."

On Fri, 12 Dec 2003 15:53:18 -0800, in
<brdkea$2aurk$1@ID-179272.news.uni-berlin.de>
trout scrawled:

Yes, I was ignoring him, you have it spot on. Of course, it's patently
obvious that I am not in his killfile.

<snip>

--
"Shame he never wears his other face."