About the Blaster Worm

The Blaster Worm has invaded campus.  Blaster targets machines running Windows 2000, Windows NT4, or Windows XP which have not received the latest security patches. Please use the fix below for Windows XP machines.  If you are running Windows 2000, do a full scan with Norton Antivirus and report any infections to MicroSupport@tntech.edu or call 372-6315 or your College MicroSupport contact. 

| What is Blaster? |  Running a Scan with Norton|
| Removing Blaster from an infected machine | 
| Protecting your XP machine against Blaster |
| Protecting your 2000 machine against Blaster | Home Users|

What does Blaster do? (from Symantec's Security Response site)

• Performs Denial of Service against windowsupdate.com
  • Causes system instability: May cause machines to crash.
  • Compromises security settings: Opens a hidden remote cmd.exe shell.

• Due to the random nature of how the worm constructs the exploit data, this may cause computers to crash if it sends incorrect data. This may manifest as svchost.exe generating errors as a result of the incorrect data.

Running a Scan with Norton Antivirus

Click on the yellow shield in the bottom right corner (system tray). Click Scan Computer in the left menu. Check the box to select C: (Local Drive) Click the Scan button at the bottom of the window.

If Norton reports that you have the Blaster worm, please contact MicroSupport@tntech.edu or call 372-6315 or your College MicroSupport contact. 

If your machine has already been hit by Blaster and you are running Windows XP, please follow these directions:

1.    Select the patch for your operating system:

Windows XP

Windows XP

3.    Follow the instructions in the Installation Wizard.

4.    Reboot your system.

5.    If Norton Antivirus caught the Blaster worm and notified you that it was quarantined, then your machine is protected.  However, if you are running Windows 2000 you may still receive some error messages.  Please reboot your system and notify MicroSupport@tntech.edu or call 372-6315 or your College MicroSupport contact. 

6.    If your Windows XP machine was infected by Blaster, please turn off System Restore before continuing.  To do so, right-click on My Computer and select Properties.  Go to the tab marked "System Restore"; if there is not a check in the box next to Turn Off System Restore, please click to add one. Next, use the removal tool. Click Open to begin to run the program to remove Blaster from your machine.  After the removal tool finishes, please return to the System Restore option and turn it back on by removing the check.

Tip:  If your machine is rebooting too frequently to allow you to download these patches, turn it off for several hours and try again.

If your Windows XP machine has not been hit by Blaster, please ensure that your system files are updated so that Blaster cannot infect your system.  Follow these directions.

1.    Select the patch for your operating system:

Windows XP

If your Windows 2000 machine has not been hit by Blaster,  follow these directions.   You MUST install all Critical Updates before applying any patches.

1. Open Internet Explorer
    
2. From the Tools Menu, select Windows Update
    
3. If you see a message from Microsoft asking to install the updater, click OK.
    
4. Select Scan for Updates
    
5. Select the Critical Updates in the left menu once the site has determined your needs.
    
6. Install all Critical Updates.  You may need to install some one at a time and reboot and return to the site.
    
7. Select the patch for your operating system:   Windows 2000

8. You will see the window shown below.  Select Open.

9. Follow the instructions in the Installation Wizard.
    
10. Reboot your system.

Home Users

Go to the Microsoft Security Web Site on Blaster for complete instructions for home users found near the bottom of the page.

You may also want to refer to the information at Symantec's Security Response site