W32.Blaster.Worm information and removal instructions
information about W32.Welchia.Worm is being updated

This worm is using a known hole on Windows NT/2000/XP/2003 called DCOM RPC (more info at: Microsoft Site)

While this worm is attacking your computer it's installing a mallicious software on your computer (msblast.exe that will be installed in system32 directory under your windows directory) that could stop you for getting windows updates (like the patch for closing this hole).

If you want to know if your computer is already infected (and stop the process) do the following:

1. Press Ctrl+Alt+Delete once.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to alphabetically sort the processes.
5. Scroll through the list and look for msblast.exe.
6. If you find the file, click it, and then click End Process.
7. Exit the Task Manager.

If you have found this process - it means that you have the virus - continue reading this doc for info how to remove it.

First Install the patch from MS to this DCOM RPC hole. (these are patches only for 32 bit hardware - don't wory you don't have another hardware if you do not understand this...)

• Windows NT 4 Server
• Windows 2000
• Windows XP
• Windows 2003 Server

Then download the FixBlast Symantec Removal Tool and run it to check if your computer is clean

Then download the FixWelch Symantec Removal Tool and run it to check if your computer is clean

this text is based on symantec web site at: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html