I've spent the whole night cleaning that... I dont really know why, but on my computer this stuff has made my svchost.exe to crash at every startup. (which actually is very useful, i.e handle copy/paste action). If you have the same problem, DO d/l the windows patch file (security patch: buffer overrun in RPC interface could allow code execution). - KiDD*e*
- - - - - - - - - - - - - - - - - - - from: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file. Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed: a.. TCP Port 135, "DCOM RPC" b.. UDP Port 69, "TFTP" The worm also attempts to perform a Denial of Service (DoS) on windowsupdate.com. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability. Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.
