ΪʲôÎҵĵçÄÔ×Ü×Ô¶¯restartthe error is:
remote procedure service terminated.
¶àлÁË[noway (8-12 11:58, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]1Â¥

ÎÒµÄͬѧµÄµçÄÔÒ²ÓÐÕâ¸öÎÊÌâ,Çë¸ßÊÖ°ïæ½â¾ö.ÿ´Î¿ª»úÒ»½øÈ¥¹ýÁË1·ÖÖÓ×óÓÒÖ®ºó,»á³öÏÖÒ»¸ö¶Ô»°¿ò:
windows must restart because the remote procedure call service terminated unexpectedly.
ÇëÎʸÃÔõô°ì?
¿É·ñ²»ÖØװϵͳ½øÐнâ¾ö?
Áí¼Ç:´ËÈË֮ǰÉϹýÖйú»¥¶¯ÓÎÏ·ÔÚÏßÖÐÐÄ,ÊÇ·ñ¿ÉÄܸúÆä·þÎñÆ÷µÄbugÓйØ?

[¾íÐÄ²Ë (8-12 12:07, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]2Â¥

same sameÎÒ¾õµÃÊÇvirus.ͨ¹ýmsn´«µÄ¡£

ÎҵĵçÄÔÒ²Óöµ½Õâ¸öÎÊÌâÁË£¬¸Õ¸Õ»¹ÌæÅóÓÑÎÊÄØ¡£
±»Ëý´«ÉÏÁË¡£¡£¡£[±Ä±Ä±Ä (8-12 12:10, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]3Â¥

(ÒýÓà ±Ä±Ä±Ä:same sameÎÒ¾õµÃÊÇvirus.ͨ¹ýmsn´«µÄ¡£ ÎҵĵçÄÔÒ²Óöµ½Õâ¸öÎÊÌâÁË£¬¸Õ¸Õ»¹ÌæÅóÓÑÎÊÄØ¡£ ±»Ëý´«ÉÏÁË¡£¡£¡£)ÊÕµ½virus alertÁË¡£Norton·¢Ïֵġ£¡£

Object name: C:\Windows\system32\TFTP3516
virus name: W32.Blaster.worm
Action taken: unable to repair this file

¸ÃÔõô°ì£¿¸ßÊÖÖ¸½Ì£¡[±Ä±Ä±Ä (8-12 12:12, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]4Â¥

(ÒýÓà ±Ä±Ä±Ä:ÊÕµ½virus alertÁË¡£Norton·¢Ïֵġ£¡£ Object name: C:\Windows\system32\TFTP3516 virus name: W32.Blaster.worm Action taken: unable...)reinstall your system, andmake updates of the virus definations frequently enought(usually no less than once per 8 hours)

do not open any unauthorised material and suspective mails and application programs---even some documents.

and, do not trust others' abolity to prevent virus, the virus usually spread between trusted people.

[Óл°Ïë˵ (8-12 12:16, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]5Â¥

ÎÒÒ²ÊDz»¹ýÎÒÖÐÕеÄʱºòû¿ªmsn°¢£¬ºÃÔÚÓÐŵ¶Ù[Õ½ÉñÖ®Á¦ (8-12 12:17, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]6Â¥

(ÒýÓà սÉñÖ®Á¦:ÎÒÒ²ÊDz»¹ýÎÒÖÐÕеÄʱºòû¿ªmsn°¢£¬ºÃÔÚÓÐŵ¶Ù)do not totally trust any antivirus softwareno matter how powerful it is.

no matter how famous the authors were.....

actually, some virus are targeting to the antivirus process and end it before itself has been detected and written into the virus definations.......[Óл°Ïë˵ (8-12 12:21, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]7Â¥

ºÃÏñÊÇͦ´ó¹æÄ£µÄ²¡¶¾ÚÀ£¬£¬msn ÏȲ»ÓÃÁË£¬£¬ ȾÉÏ»¹Í¦Âé·³µÄ¡£
[noway (8-12 12:31, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]8Â¥

same same,ÓôÃÆËÀÁË¡£¡£¡£[ijijij (8-12 12:52, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]9Â¥

ÎÒµÄÒ²ÊÇÒ»Ñù£¬¿ÉÊÇûÓÐÊÕµ½virus alert[²»ÊÇÊçÅ® (8-12 12:55, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]10Â¥

ÊÇͨ¹ýMSNÂð£¿Õâ¸öÎÊÌâ³öÏÖÁ½´ÎÒÔºóÎҲŴò¿ªMSN[²»ÊÇÊçÅ® (8-12 12:58, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]11Â¥

seems this: windows³öÏÖÓÐÊ·ÒÔÀ´×î´ó©¶´£¬·¢ÐÅÈË: Willematte (willematte), ÐÅÇø: NoteBook
±ê Ìâ: [ÑÏÖØ]windows rpc ©¶´£¬¸Ï½ô´ò²¹¶¡!!!
·¢ÐÅÕ¾: BBS ˮľÇ廪վ (Tue Aug 12 03:20:26 2003), תÐÅ



windows³öÏÖÓÐÊ·ÒÔÀ´×î´ó©¶´£¬xp,2000,2003,nt¾ùÊÜÓ°Ï죡£¡


CCERT ¹ØÓÚwindow RPCϵÁЩ¶´µÄ°²È«¹«¸æ


7ÔÂ16ÈÕ²¨À¼µÄÒ»¸ö°²È«×éÖ¯LSD¹«²¼ÁËÒ»¸öWindows²Ù×÷ϵͳµÄÒ»¸ö°²È«Â©¶´£¬Õâ¸ö©¶´ºÅ
³Æ

Æù½ñΪֹwindowϵͳÖз¢ÏÖµÄ×îÑÏÖصÄÒ»¸öϵͳ©¶´
£¨Â©¶´µÄÏêÇé²Î¼ûhttp://www.ccert.edu.cn/advisories/all.php?ROWID=48£©
Ëæºó¸÷°²È«×éÖ¯¶Ô¸Ã©¶´Õ¹¿ªÁËÏà¹ØµÄÑо¿£¬ÔÚÑо¿µÄ¹ý³ÌÖйúÄڵݲȫ×éÖ¯ÓÖ·¢ÏÖÁËÓë
Ö®Ïà
¹ØµÄÁ½¸öͬÀàÐ͵Ä©¶´£¬²¢Éϱ¨ÁË΢Èí£¬µ«ÊÇÄ¿Ç°³§ÉÌ»¹Ã»ÓÐÌṩÏà¹ØµÄ²¹¶¡³ÌÐò¡£Òò´Ë
µ½Ä¿
ǰΪֹÕë¶Ôwindow rpcϵÁÐʵ¼ÊÉÏ´æÔÚÈý¸öÀàËƵÄ©¶´£¬ËüÃÇ·Ö±ðÊÇ£º

1¡¢Microsoft RPC½Ó¿ÚÔ¶³ÌÈÎÒâ´úÂë¿ÉÖ´ÐЩ¶´

©¶´ÃèÊö£º
Remote Procedure Call(RPC)ÊÇWindows²Ù×÷ϵͳʹÓõÄÒ»ÖÖÔ¶³Ì¹ý³Ìµ÷ÓÃЭÒé,RPCЭ
ÒéÌṩ
Ò»ÖÖ½ø³Ì¼äµÄ½»»¥Í¨ÐÅ»úÖÆ£¬ËüÔÊÐí±¾µØ»úÆ÷ÉϵijÌÐò½ø³ÌÎÞ·ìµÄÔÚÔ¶³ÌϵͳÖÐÔËÐдú
Âë¡£
¸ÃЭÒéµÄÇ°ÉíÊÇOSF RPCЭÒ飬µ«ÊÇÔö¼ÓÁË΢Èí×Ô¼ºµÄһЩÀ©Õ¹¡£

×î½ü·¢ÏÖ²¿·ÖRPCÔÚʹÓÃTCP/IPЭÒé´¦ÀíÐÅÏ¢½»»»Ê±²»ÕýÈ·µÄ´¦Àí»ûÐεÄÏûÏ¢µ¼Ö´æÔÚ
Ò»¸ö
°²È«Â©¶´¡£¸Ã©¶´Ó°ÏìʹÓÃRPCµÄDCOM½Ó¿Ú£¬Õâ¸ö½Ó¿ÚÓÃÀ´´¦ÀíÓÉ¿Í»§¶Ë»úÆ÷·¢Ë͸ø·þ
ÎñÆ÷
µÄDCOM¶ÔÏ󼤻îÇëÇó(ÈçUNC·¾¶)¡£Èç¹û¹¥»÷Õ߳ɹ¦ÀûÓÃÁ˸鶴½«»ñµÃ±¾µØϵͳȨÏÞ
£¬Ëû
½«¿ÉÒÔÔÚϵͳÉÏÔËÐÐÈÎÒâÃüÁÈç°²×°³ÌÐò¡¢²é¿´»ò¸ü¸Ä¡¢É¾³ýÊý¾Ý»òÕßÊǽ¨Á¢ÏµÍ³¹Ü
ÀíÔ±
ȨÏÞµÄÕÊ»§µÈ¡£

ÒªÀûÓÃÕâ¸ö©¶´£¬¹¥»÷ÕßÐèÒª·¢ËÍÌØÊâÐÎʽµÄÇëÇóµ½Ô¶³Ì»úÆ÷ÉϵÄ135¶Ë¿Ú.

2¡¢Microsoft DCOM RPC½Ó¿Ú¾Ü¾ø·þÎñ¼°È¨ÏÞÌáÉý©¶´
©¶´ÃèÊö£º
Remote Procedure Call(RPC)ÊÇWindows²Ù×÷ϵͳʹÓõÄÒ»ÖÖÔ¶³Ì¹ý³Ìµ÷ÓÃЭÒé,RPCЭ
ÒéÌṩ
Ò»ÖÖ½ø³Ì¼äµÄ½»»¥Í¨ÐÅ»úÖÆ£¬ËüÔÊÐí±¾µØ»úÆ÷ÉϵijÌÐò½ø³ÌÎÞ·ìµÄÔÚÔ¶³ÌϵͳÖÐÔËÐдú
Âë¡£
¸ÃЭÒéµÄÇ°ÉíÊÇOSF RPCЭÒ飬µ«ÊÇÔö¼ÓÁË΢Èí×Ô¼ºµÄһЩÀ©Õ¹¡£

×î½ü·¢ÏÖMS RPCÔÚ´¦Àí»ûÐÎÏûϢʱ´æÔÚÎÊÌ⣬Զ³Ì¹¥»÷Õß¿ÉÒÔÀûÓÃÕâ¸ö©¶´½øÐоܾø·þ
Îñ¹¥
»÷£¬ÔÚRPC·þÎñ±ÀÀ£ºó£¬¿ÉÓÃÀ´È¨ÏÞÌáÉý¹¥»÷¡£¹¥»÷Õß·¢ËÍ»ûÐÎÏûÏ¢¸ø
DCOM __RemoteGetClassObject½Ó¿Ú£¬RCP·þÎñ¾Í»á±ÀÀ££¬ËùÓÐÒÀ¿¿RPC·þÎñµÄÓ¦ÓóÌÐò
ºÍ·þÎñ
¾Í»á±äµÄ²»Õý³£¡£

Èç¹û¹¥»÷ÕßÓµÓкϷ¨ÕÊ»§£¬ÔÚRPC·þÎñ±ÀÀ£ºóËû»¹¿ÉÒԽٳֹܵÀºÍ135¶Ë¿Ú½øÐÐȨÏÞÌáÉý
¹¥»÷¡£

3¡¢window RPC½Ó¿Úδ֪©¶´
©¶´ÃèÊö£º
ÓÉÓڸ鶴ӰÏìÃæÌ«´ó¶ø³§ÉÌÓÖδÍƳöÏàÓ¦µÄ²¹¶¡³ÌÐò£¬Òò´ËÄ¿Ç°²¢Î´¹«²¼¸Ã©¶´µÄÏê
ϸ¼¼Êõ
ϸ½Ú£¬µ«ÊÇ·¢Ïָ鶴µÄ×éÖ¯ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ(±±¾©)ÓÐÏÞ¹«Ë¾ÔÚ±¨¸æÖÐÓÐÌáµ½ÈçϾ¯
¸æ£º

¸Ã©¶´¿ÉÒÔʹÈëÇÖÕßÇá¶øÒ׾ٵĽøÈëWindows 2000¡¢Windows XP¡¢Windows2003 Serve
rϵͳ¡£
¹¥»÷Õß¿ÉÒÔͨ¹ý¸Ã©¶´È¡µÃϵͳµÄ¿ØÖÆȨ£¬ÍêÈ«¿ØÖƱ»ÈëÇÖµÄϵͳ£¬ÇÔÈ¡Îļþ£¬ÆÆ»µ×Ê
ÁÏ¡£
ÒòΪ¸Ã©¶´ºÍÒÔÍù·¢Ïֵݲȫ©¶´²»Í¬£¬²»½öÓ°Ïì×÷Ϊ·þÎñÆ÷µÄWindowsϵͳ£¬Í¬ÑùÒ²

»áÓ°Ïì¸ö
È˵çÄÔ£¬ËùÒÔDZÔÚµÄÊܺ¦ÕßÊýÁ¿·Ç³£¶à¡£


©¶´Î£º¦£º
7ÔÂ23ºÅÍøÂçÉÏ·¢²¼ÁËDCOM RPC½Ó¿Ú¾Ü¾ø·þÎñ¹¥»÷µÄ³ÌÐò´úÂ룬7ÔÂ26ÈÕwindow RPC½Ó¿Ú
Ô¶³Ì»º
³åÒç³öµÄ¹¥»÷³ÌÐò´úÂë±»¹«²¼£¬ÕâÑù¾Íµ¼Ö¼´±ãÊÇÒ»¸ö¶Ô¸Ã©¶´¼¼Êõϸ½ÚºÁ²»Á˽âµÄÈË
Ò²ÄÜʹ
ÓÃÕâЩ´úÂëÈ¥¹¥»÷ÍøÂçÉϵÄÆäËû»úÆ÷ÒÔ´ïµ½¾Ü¾ø·þÎñ¹¥»÷µÄÄ¿µÄ»òÊÇ»ñµÃÏàÓ¦µÄϵͳȨ
ÏÞ¡£Ä¿
Ç°¹«²¼µÄ´úÂëÊǶÔϵͳ°æ±¾ÓÐÕë¶ÔÐԵģ¬µ«ÊÇͨÓÃÓÚ¸÷ϵͳ°æ±¾ÖеĹ¥»÷´úÂëÕýÔÚ²âÊÔ
ÖУ¬Ïà
ÐÅÔÚÉÔºóµÄ¼¸ÌìÄÚ±ã»á±»¹«²¼³öÀ´£¬Ò»µ©ÕâÖÖ¹¥»÷´úÂë±»¹«²¼³öÀ´£¬Ö»ÐèÒªºÜСµÄ¼¼Êõ
ÉϵĸÄ

Ôì¾Í¿ÉÒԸıà³ÉÈä³æ£¬Èç¹ûÀûÓÃÕâ¸ö©¶´Èä³æ±»·¢²¼³öÀ´£¬ËüµÄÍþÁ¦½«Ô¶Ô¶³¬¹ýcoder
edºÍ
slammer£¬¿ÉÄÜ»á¸øÕû¸ö»¥ÁªÍøÂç´øÀ´ÖÂÃüµÄ´ò»÷¡£


½â¾ö°ì·¨£º
Õë¶ÔÒÔÉÏ©¶´£¬CCERT½¨ÒéÓû§¶ÔÄúµÄ»úÆ÷²ÉÈ¡ÒÔÏ´ëÊ©£º
1¡¢ÏÂÔØ°²×°ÏàÓ¦µÄ²¹¶¡³ÌÐò£º
Õë¶ÔµÚÒ»¸ö©¶´Î¢ÈíÒѾ­·¢²¼ÁËÏàÓ¦µÄ°²È«¹«¸æÓë²¹¶¡³ÌÐò£¬Äã¿ÉÒÔµ½ÎÒÃǵÄÍøÕ¾ÏÂÔØ
£º
winnt
win2000
winxp
win2003

Õë¶ÔÆäËûÁ½¸ö©¶´£¬Î¢ÈíÄ¿Ç°»¹Ã»Óз¢²¼ÏàÓ¦µÄ²¹¶¡³ÌÐò£¬ÎÒÃǽ¨ÒéÄúʹÓÃwindow×Ô¶¯
update
¹¦ÄÜ£¬Ëæʱ¹Ø×¢³§É̵Ķ¯Ì¬£¬ÄãÒ²¿ÉÒÔ¹Ø×¢ÎÒÃǵÄÖ÷Ò³http://www.ccert.edu.cn
ÎÒÃÇ»áÔÚµÚһʱ¼äÌṩÏàÓ¦µÄ²¹¶¡³ÌÐòÏÂÔØ

2¡¢Ê¹Ó÷À»ðǽ¹Ø±ÕËùÓв»±ØÒªµÄ¶Ë¿Ú£¬¸ù¾ÝÎÒÃÇÏÖÔÚÕÆÎÕµÄÐÅÏ¢£¬ÕâЩ©¶´²»½ö½öÓ°Ïì
135¶Ë¿Ú£¬
ËüÓ°Ïìµ½´ó²¿·Öµ÷ÓÃDCOMº¯ÊýµÄ·þÎñ¶Ë¿Ú£¬Òò´ËCCERT½¨ÒéÓû§Ê¹ÓÃÍøÂç»òÊǸöÈË·À»ð
ǽ¹ýÂËÒÔ
϶˿ڣº
135/TCP epmap
135/UDP epmap
139/TCP netbios-ssn
139/UDP netbios-ssn
445/TCP microsoft-ds
445/UDP microsoft-ds
593/TCP http-rpc-epmap
593/UDP http-rpc-epmap

3¡¢Ê¹ÓÃIDSϵͳ¼ì²âÀ´×ÔÓÚÍøÂçÉϵĹ¥»÷£¬IDS¹æÔòÈçÏÂ:
alert tcp $EXTERNAL_NET any -> $HOME_NET 445
(msg:"NETBIOS SMB DCERPC ISystemActivator bind attempt"; flow:to_server,establ
ished;
content:"|FF|SMB|25|"; nocase; offset:4; depth:5; content:"|26 00|"; distance
:56;
within:2; content:"|5c 00|P|00|I|00|P|00|E|00 5c 00|"; nocase; distance:5; wit
hin:12;
content:"|05|"; distance:0; within:1; content:"|0b|"; distance:1; within:1;
byte_test:1,&,1,0,relative; content:"|A0 01 00 00 00 00 00 00 C0 00 00 00 00 0
0 00 46|";
distance:29; within:16; reference:cve,CAN-2003-0352;classtype:
attempted-admin; sid:2193; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 135
(msg:"NETBIOS DCERPC ISystemActivator bind attempt"; flow:to_server,establishe
d;

content:"|05|"; distance:0; within:1; content:"|0b|"; distance:1; within:1; b
yte_test:
1,&,1,0,relative; content:"|A0 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46|";

distance:29; within:16; reference:cve,CAN-2003-0352; classtype:attempted-admin
;

sid:2192; rev:1;)


×¢Ò⣺
1¡¢Õë¶ÔµÚÒ»¸ö©¶´µÄ²¹¶¡²¢Ã»ÓаüÀ¨ÔÚwindow 2000 sp4ÖУ¬ÄãÐèÒªÏÂÔص¥¶ÀµÄÈÈÐÞ²¹
²¹¶¡¡£
2¡¢ÓÉÓÚrpc·þÎñÒѾ­±»ÏâǶµ½windowµÄÄں˵±ÖУ¬Òò´ËÎÒÃDz»½¨ÒéÄúʹÓùرÕrpc·þÎñ
µÄ·½
·¨À´·ÀÖ¹¸Ã©¶´±»ÀûÓã¬ÒòΪ¹Ø±Õrpc·þÎñ¿ÉÄܻᵼÖÂÄúµÄϵͳ³öÏÖÐí¶àδ֪µÄ´íÎó

3¡¢µ±ÄúµÄϵͳͻȻµ¯³öÁËsvchost.exe³öÏÖÒì³£´íÎóµÄ¶Ô»°¿ò»òÕßÊÇ135¶Ë¿ÚͻȻ±»¹Ø
±Õ£¬ºÜ
¿ÉÄܱíʾÄãÒѾ­Êܵ½ÁËÕâÀ๥»÷£¬Ç뾡¿ì²ÉÈ¡ÏàÓ¦µÄ´ëÊ©¡£


×¢Ò⣬¸Ï½ô´ò²¹¶¡£¬¸üÏêϸµÄÇé¿öÇëÈ¥virus°æ»ònttech °æ£¡
[nusstat (8-12 13:08, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]12Â¥

µÇ½ʱ°ÎµôÍøÏß,ÍêÈ«µÇ½ÒÔºóÔÙ²åÉÏÍøÏß[skysun (8-12 13:09, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]13Â¥

plz try to upgrade your XP system , now!!I tried. the system seems ok.[richhouse (8-12 13:16, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]14Â¥

this is virus >> MSBLASTyou can do the following to remove it.

-> download lastest trend office scan virus definition, so u can find the virus

-> download a patch from https://security.nus.edu.sg, and install it

-> remove the file MSBLAST.exe, once u find the virus with trend office scan. if u can not remove it, then try to kill the process name msblast from task bar

-> good luck![Ñ°ÃÙ (8-12 13:17, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]15Â¥

(ÒýÓà nusstat:seems this: windows³öÏÖÓÐÊ·ÒÔÀ´×î´ó©¶´£¬·¢ÐÅÈË: Willematte (willematte), ÐÅÇø: NoteBook ±ê Ìâ: [ÑÏÖØ]windows rpc ©¶´£¬¸Ï½ô´ò²...)Ŷ![mitochondria (8-12 13:25, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]16Â¥

(ÒýÓà ѰÃÙ:this is virus >> MSBLASTyou can do the following to remove it. -> download lastest trend office scan virus definition, so u can...)that is it you are right[skysun (8-12 13:26, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]17Â¥

Ôõô½â¾ö£¿[Sting (8-12 14:22, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]18Â¥

(ÒýÓà Sting:Ôõô½â¾ö£¿)sorry ic[Sting (8-12 14:43, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]19Â¥

MSBLASTER.EXE MANUAL REMOVAL INSTRUCTIONSMANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process from memory.

1 Open Windows Task Manager press
CTRL+SHIFT+ESC, and click the Processes tab.

2 In the list of running programs*, locate the process:
MSBLAST.EXE

3 Select the malware process, then press either the the End Process button.

4 To check if the malware process has been terminated, close Task Manager, and then open it again.

5 Close Task Manager.


Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

1 Open Registry Editor.

To do this, click Start>Run, type Regedit, then press Enter.

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:
¡±windows auto update" = MSBLAST.EXE
Close Registry Editor.



NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.


More --->http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A[¹Ø×¢ (8-12 18:01, Long long ago)] [ ´«Í³°æ | sForum ][µÇ¼ºó»Ø¸´]20Â¥