[LynnHam]

here's the fix for it
Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability


A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system.
This issue may be exposed on other ports that the RPC Endpoint Mapper listens on, such as TCP ports 139, 135, 445 and 593.



Resolution for Windows XP
Shut down PC
Unplug Cable Modem.
Start up PC
Click Start -> Settings -> Control Panel
Double Click Network Connections
Right Click the Local Area Connection used to access Internet. Example: Local Area Connection 1
Select Properties
Click the Advanced Tab
Enable the Windows XP Firewall
Click OK, Close out of open windows.
Plug in the Cable Modem.
Ensure Block Sync is established.
Open Internet Explorer
Go to the following URL: http://www.microsoft.com/technet/default.asp
Click the Link toward the middle of the page titled: Action: Read Security Bulletin MS03-026 and Install the Security Patch Immediately
Scroll Down Page about half way to Patch Availability
Click Windows XP 32 bit Edition
Click Download in the upper right of the screen.
Save the file to the desktop
Run the downloaded file.
The patch will install and prompt the customer to reboot.
Once the patch is installed and the computer rebooted, the Windows XP firewall can be disabled and the customer can surf normally.
Temporary Resolution for Windows 2000 Users
Have them go to http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe and install the file from there. URL is not case sensitive.

[FairOpinion]

If I do the normal go to the Windows Updatepage, let it scan my computer and download &install all the patches, would it install this one too, or do I still have to go and install it manually. (at the Window update it says there are no updates to install, recently I downloaded and installed a bunch of critical patches, which seem to be as numerous as multiplying rabbits).

[dtel]

Thank you.
I owe you one.

[Eva]

I just went to the Microsoft Windows XP forum and downloaded what they told me to down load and they did everything for me. I shut down my computer and re-started and haven't had a problem since. Are you saying that I need to do more?

[reaganite]

I followed your instructions in post #17, and it worked perfectly. I started having this problem about 6:00 pm yesterday. I could do anything I wanted on my computer, except stay online. It would shutdown within about 5 minutes, everytime. My virus software detected nothing. Thank you so much!

[antivenom]

Well IF you didn't do a RUN -> Regedit...and do a Find on HKEY_LOCAL_MACHINE for Msblast.exe you are still a carrier...

[FourtySeven]

Home use, thanks.

[A Navy Vet]

Just found MSBlast.exe in my registry. And what point in this process do you delete the file itself? And yes, I know to turn off system restore. Thank you.