For removal tool,
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html Virus Profile
System Affected: Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
1.Virus Name: W32/Lovsan.worm.c This is a variant of W32/Lovsan.worm. It is functionally the same as the original variant with the exception of filename and registry key creation.
a.The Worm will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026 rity/bulletin/MS03-026.asp> ) using TCP port 135. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system.
b.Presence of the following files in %WinDir%\System32 directory:
* penis32.exe (7,200 bytes) (worm)
2.Virus Name: W32/Lovsan.worm.This is a variant of W32/Lovsan.worm
It is functionally the same as the original variant with the exception of filename and registry key creation.
a.The Worm will exploit the DCOM RPC vulnerability (described in
Microsoft Security Bulletin MS03-026 rity/bulletin/MS03-026.asp> ) using TCP port 135. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system.
b.Presence of the following files in %WinDir%\System32 directory:
* Root32.exe (19,798 bytes) (backdoor)
* teekids.exe (5,360 bytes) (worm)
Registry key
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "Microsoft Inet Xp.." = teekids.exe Microsoft can suck my left testi! Bill
3.Anti-Virus software Detection (Mcafee) Virus signature(defination): 4.0.4285 or higher Scan Engine: 4.2.60
4.Virus Preventive measures i. Patch the vulnerability In Microsoft Operating Systems(MS03-026).
Additional information are available at
http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp ii.Update the Anti-virus software to the latest
ii.Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
iii.Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
iv.Do not open attachments unless you are expecting them.Do not execute software that is downloaded from the Internet unless it has been scanned for viruses
Reference:
http://vil.nai.com/vil/content/v_100551.htm http://vil.nai.com/vil/content/v_100552.htm http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html Important: To receive further virus notices or alerts, please subscribe to
http://mlist.ntu.edu.sg/archives/cits_virus.html 
Format is the last resort.
Everyone recommend format here ah???
