W32.MSBLAST.WORM Removal Instructions
Updated 08/15/03
Note: Missvalley Internet does not guarantee these instructions are a 100% solution to this virus. The links below are provided by some of the major virus removal companies, and to the best of our knowledge are the current solutions for this virus. The instructions below are intended to simplify the removal of this virus. This virus exploits a bug in Microsoft Windows, this virus is transmitted by several methods, mostly relating to file sharing on the Internet. If you run programs such as Kazaa, or other file sharing programs you are at risk of contracting viruses. Always keep your anti virus software up to date, and always apply routine patches to your windows operating system via http://windowsupdate.microsoft.com. Although your Internet provider can protect your email, they cannot protect you from everything on the Internet. It is up to you to keep your machine updated as reccomended by Microsoft. Please remember, if you are a Missvalley Internet customer, we do have a PC repair shop, and reccomend you bring in your PC at least one to two times a year for a check-up.
UPDATE: Norton Antivirus has released a removal tool for this virus which seems to be doing quite well, you can download it by clicking here. It does not however fix the problem with windows that causes the shutdown, you still need to follow step #2 below to fix that problem.
W32.MSBLAST.WORM is a virus that exploits a known vulnerability in the Microsoft Windows operating system. As of the writing of this page, to our knowledge Microsoft Windows 98 is not yet affected. Microsoft Windows 2000, and XP seem to be the most affected operating sytems. The vulnerability seems to cause windows to shut down your PC after popping up a box that reads something similar to "RPC Shutdown" or "Remote Procedure Call Shutdown".
Follow these steps to remove the virus and it's effects. You must not only remove the virus, but you should patch the vulnerability with a patch from Microsoft. Links are provided below.
NOTE: At this time we have discovered that newer Windows XP Model Hewlett Packard desktop computers have a bug which keeps them from applying Microsoft patches. We have contacted HP about this problem but as of yet have not been able to obtain a solution to this problem from them. Because of this bug with HP computers, you likely will not be able to apply the Microsoft patch that is mentioned below. You will however be able to run the removal tool to remove the virus. Since you cannot apply the Microsoft patch, your computer can still be shut down by other people on the Internet with the virus. We have included a temporary work-around for this problem below, please follow those instructions if you own an HP desktop computer and have difficulties applying the Microsoft patch mentioned below.
STEP 1:
Remove the virus. Go to http://www.antivirus.com (you can also use your favorite anti virus software to remove the virus), and follow their instructions for a "Free House call". After the virus is removed, follow the instructions in STEP 2. You may also use a free removal tool provided by http://www.norton.com to remove the virus. Complete a scan for the virus with either the removal tool, or your virus scanner. This should remove the virus. If you have difficulties and are one of our customers, please don't hesitate to call our office and speak to one of our techs.
STEP 2:
Read the Microsoft Bulletin, and apply the patch needed for your operating system. If you are unable to apply the patch, you may have other problems with your Windows operating system. If that is the case, you will need to either call your computer manufacturer for support, or take your PC to the nearest service center, or one of our local offices. (Please see below for instructions for HP computers that cannot apply the patch)
Once you have successfully completed both of the above steps, your computer should no longer want to shut down unexpectedly, and the virus itself should be removed from your system so that your computer is not causing other computers to want to shut down. Many customers find they do not have the virus, yet their PC's are shutting down, this is because some other person on the Internet has the virus, and you have not yet applied Microsoft's patch for their bug in windows.
It is important that you at least apply the patch from Microsoft, even if you have not had your computer affected by this virus. Eventually there will be several variations of this virus, and removal of it may become more difficult as we have seen with other virii in the past. If you at least fix the problem with windows, you should not be affected again.
If you would like Missvalley Internet to remove this virus for you, the standard charge is $45 for our customers. If you are a non-customer, please call our office for details. Missvalley Internet's customers will not be charged a bench fee for the removal of this virus. Non-customers will be subject to our normal $25 bench fee, and the $45 removal fee. If you intend to remove the virus and it's effects yourself, again, please follow the instructions above, or instructions provided from your anti virus software.
Instructions for HP computers who cannot apply the Microsoft patch (STEP 2):
1) Click on START, then Control Panel
2) Double click on Administrative Tools
3) Double click on Services
4) About half way through the list, find "Remote Procedure Call (RPC)" and right click on it, then left click on Properties
5) Click on the Recovery tab at the top of the window
6) You will see 3 options labled "Fist Failure", "Second Failure", and "Third Failure", change each option to "Take no action" or to "Restart the Service"
7) Click OK at the bottom, and close out services and the control panel. You're done.
8) Contact HP support (you should have the number in your documentation for your computer) and see what their solution to the problem is. The last time we spoke with them, they mentioned they may be sending out new software to their cusotmers, but we cannot confirm this since we are not an HP customer.