Antivirus companies have discovered a number of new variants of the Blaster worm virus. This worm, often named Blaster, Nachi or Welchia, is known to attack Microsoft Windows operating systems and can crash your computer, slow your Internet connection or cause your computer to automatically reboot after a successful connection to the Internet is established.

Infection is very likely for customers who have not installed Microsoft's security patch. Customers who have found and removed the virus from their system are also very likely to be re-infected unless the security patch is installed. It is imperative that our customers' computers have the security patch installed and that the removal tool for the virus is also run. The virus is capable of launching DOS (Denial of Service) attacks against CoreComm and other Internet users. These DOS attacks can cause service interruptions for our subscribers, making it very important that all customers patch their system and remove this worm as soon as possible.

Once the computer is infected, the worm will attempt to infiltrate and infect other computers by using a normal Internet connection. This process has allowed the worm to spread worldwide in a very short period of time. Blaster targets computers running the following Windows operating systems: Windows NT, Windows 2000, Windows XP, and Windows Server 2003. If you are running one of the following operating systems, this virus does not affect you: Windows 95, Windows 98, Windows 98 SE (Second Edition), and Windows ME (Millennium Edition). Macintosh operating systems and UNIX variants such as Linux are also unaffected.

How to Protect Your Computer:
This worm is able to infect and utilize systems through security vulnerabilities discussed in Microsoft Security Bulletin MS03-026. Please visit the appropriate link below and make certain to patch your system for this vulnerability. We strongly recommend all customers patch their systems even if you believe you are not infected, as infection will most likely occur at some time in the future unless the patch is installed. The security patch will secure your system and protect you from re-infection. This patch will not remove the virus from your computer. See section "How to remove the virus" for removal instructions after the appropriate patch has been installed. If the following patch is not installed in combination with the removal tool, then re-infection is very likely.

MS03-026 downloads: Q823980 - Windows NT 4.0 Server : Download
Q823980 - Windows NT 4.0 Terminal Server Edition : Download
Q823980 - Windows 2000 (Service Pack 3 or later required): Download
Q823980 - Windows XP 32 bit Edition : Download
Q823980 - Windows Server 2003 32 bit Edition : Download

Because of this virus, users may have trouble staying connected to the Internet to obtain the patch and the removal tool before the computer reboots. Follow these steps if this is the case:

Windows 2000:
Right-click the My Computer icon on the Windows desktop and then click Manage. The Computer Management window opens.

Windows XP:
Click the Start button, right-click the My Computer icon, click Manage. The Computer Management window opens.

In the left pane, double-click Services and Applications and then select Services. A list of services appears. In the right pane, locate the Remote Procedure Call (RPC) service.

IMPORTANT: There is also a service named Remote Procedure Call (RPC) Locator. Do not confuse the two. Right-click the Remote Procedure Call (RPC) service and click Properties. Click the Recovery tab. Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service." Click Apply and then OK.

IMPORTANT: Be certain to change these settings back after you have installed the security patches and have removed the virus.

If you receive the error message "Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer" then please visit the following website for information on how to resolve this behavior: http://support.microsoft.com/default.aspx?scid=kb;en-us;822798

How to remove the virus:
A removal tool with instructions for Blaster and its variants can be found at: http://vil.nai.com/vil/stinger

IMPORTANT: You are installing these Microsoft provided patches and the Stinger removal tool at your own risk. CoreComm is not responsible for any problems or data loss associated with installing them nor does CoreComm support these items.