Tips on Removing the LovSan Net Bug

Aug. 12 -- Security experts are warning that the latest online threat, dubbed MSBlaster or LovSan, is rapidly infecting thousands of computers around the globe.

Like previous Internet worms such as Code Red or Slammer, LovSan doesn't need a user to open a suspect e-mail that contains the malicious virus code.

Instead, it infects computers by exploiting a vulnerability in so-called remote procedure call, or RPC, found in Microsoft's Windows XP, Windows 2000, and Windows NT software. RPC allows one computer to access another for certain functions — such as to share files or use a printer.

But a flaw in the RPC code, discovered last month, allows a malicious program like LovSan to flood the RPC process and grant the worm complete access to the computer.

Once LovSan has access to a computer, it will install a program called MSBlast.exe. That program then goes on to search systematically for other unprotected computers on the Net and infect them with LovSan.

To prevent the spread of the Internet worm, security experts advise computer users to ensure they have the latest updates to their Windows operating system by running "window update" on their PC. Users can also proceed directly to the fixes, or patches, to this security flaw by going to Microsoft's Web site:

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

Popular Reads

Iran live updates: Iran says military's 'ready to respond' amid Trump threats

• Jun 21, 4:39 PM

'World's most luxurious plane': Trump unveils Qatari-donated 747 Air Force One

• Jun 19, 6:26 PM

Trump says US and Iran have reached a deal, opening the Strait of Hormuz

• Jun 14, 2:51 PM

Commercial antivirus software makers have also updated their products to guard against the LovSan worm. Users should contact the appropriate company's Web sites and download the latest protection software onto their PCs.

De-worming Your PC

If you suspect your computer is infected by the LovSan worm, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh recommends users follow these steps:

Physically disconnect the machine from the Internet.Since LovSan spreads automatically, this step should help minimize the risk of infecting other computers online.

Kill the "msblast.exe" process in the Task Manager. To do so: