MS Blaster patch

Shows you how I been spacing it lately. I didn't even know this was going on till Lately, I nociced it in my Zone Alarm Program list LOL
First entry in my log was dated march, second one dated july, third and last was dated august.
Seems to be a more frequent check now and looks as if the info is being transmitted back to MS. for their records.
This is probably old news to most of you but for those that didn't know it, I thought I would repost it.



On New Years Eve, Microsoft officially released a patch (Windows-KB833330-ENU.exe) to help combat its continued assault on networks.

The Blaster Worm Removal Tool for Windows XP and Windows 2000 (KB833330), follows an August 2003 advisory published by the company on how to prevent infection. At the time, Microsoft suggested that infected users update their Windows operating systems, set up firewalls, and clean their systems with the use of anti-virus software from security vendors Symnatec, Network Associates, Trend Micro and Computer Associates.

According to Knowledge Base Article 833330, the tool works performs the following actions:

During the installation of KB833330.exe, Setup checks your computer for the necessary prerequisites. If the prerequisites are met, Setup automatically copies Blastcln.exe to the %WINDIR%\$NtUninstallKB833330$\Blastcln folder and then runs Blastcln.exe to check for the Blaster infection and for the Nachi infection. If infection is present, Blastcln.exe disables these worms and removes them. When Blastcln.exe runs, it performs the following tasks without displaying any dialog boxes or other user interface:

1. Blastcln.exe checks for evidence of a Blaster infection and a Nachi infection in memory. If it finds an infection, it either ends the worm process, or it stops and deletes the service, or both.
2. Blastcln.exe checks for known Blaster files and for known Nachi files on the disk, and it checks for entries in the Run keys in the registry. If it finds them, it deletes the worm files, and it removes the registry entries. It is possible for other tools (or worms) to delete the worm files on disk without deleting the registry values. In this situation, where a Blaster registry value no longer points to a file on the disk (and is, therefore, essentially harmless), Blastcln.exe does not remove the "orphaned" registry value.

Users can verify that the tool works by reviewing the Blastcln.log file for one of the following:

"No Blaster/Nachi infection found"
"Virus_Name found and removed"
"Virus_Name found and will be removed at next reboot"

The 317 KB tool is freely available for download at this location.
http://www.microsoft.com/downloads/...8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en


Below is an example of my log file



Microsoft Blaster/Nachi removal tool started on Sat Mar 20 15:05:08 2004
Checking 86 services.
Checking 28 processes.
Checking startup registry keys.
Checking known Blaster/Nachi filenames.
**** No Blaster/Nachi infection found ****
Microsoft Blaster/Nachi removal tool stopped.
Microsoft Blaster/Nachi removal tool started on Mon Jul 05 14:54:04 2004
Checking 87 services.
Checking 23 processes.
Checking startup registry keys.
Checking known Blaster/Nachi filenames.
**** No Blaster/Nachi infection found ****
Microsoft Blaster/Nachi removal tool stopped.
Microsoft Blaster/Nachi removal tool started on Sun Aug 15 16:13:34 2004
Checking 88 services.
Checking 26 processes.
Checking startup registry keys.
Checking known Blaster/Nachi filenames.
**** No Blaster/Nachi infection found ****
Microsoft Blaster/Nachi removal tool stopped.