---
title: W32.Blaster.Worm
date: 2003-08-12 22:56:44
permalink: https://lesterchan.net/blog/2003/08/12/w32blasterworm/
author: Lester Chan
categories:
  - Software
---

Lots of people have been infected by the **W32.Blaster.Worm**. It is a worm that will exploit the DCOM RPC vulnerability using TCP port 135. It will attempt to download and run a file, msblast.exe.

> **»** Infection Length: 6,176 bytes  
>  **»** Systems Affected: Microsoft IIS, Windows 2000, Windows NT, Windows XP  
>  **»** Systems Not Affected: Linux, Macintosh, OS/2, UNIX

Basically, what the virus does is it will auto restart your Windows after a certain time.

Fixes:

> **»** [Symantec Security Response – W32.Blaster.Worm Information (Removal)](http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html)  
>  **»** [Microsoft Security Bulletin (Patch)](http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp)

It is recommended that all users get this fixed as soon as possible.

**\*Update\*** I have mirrored the Microsoft patch on this server. If it is illegal inform me and I will remove it immediately.

> **»** WinXP English Patch  
>  **»** Win2K English Patch

**\*Disclaimer\*** Download at your own risk, I will not hold any responsibility if there is anything wrong with your computer after installing it.