Event ID - 6669

Port No6669
Service NameW32/Cblade.worm
RFC Doc0
ProtocolTCP
DescriptionThis memory-resident Internet worm uses a known MS SQL 7 server vulnerability to propagate. The vulnerability allows the execution of a command shell on systems with the Systems Administrator account’s password set as empty by default.

This worm is also capable of performing a Distributed Denial of Service Attack (DDoS Attack) on target systems. It instructs the exploited MS SQL servers to connect to an IRC server to receive instructions from the attacker.
Reference LinkW32/Cblade.worm
AttackSolutions:

Scan your computer and take down the complete path and filename of the file detected as WORM_CBLAD.A.
Click Start>Run, type Regedit then hit the Enter key .
Double click the following:
HKEY_LOCAL_MACHINE> Software> Microsoft> Windows> CurrentVersion> Run
In the right panel, search for any of the registry keys that contains the following. This is the registry key that grants the capability to load the worm whenever the PC is started:
“Taskreg” .
Highlight the registry key that loads the file and then delete it.
Exit the registry.
Click Start>ShutDown>"Restart” then hit the Enter key.
Scan your system with Trend Micro antivirus and delete all files detected as WORM_CBLAD.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.
Trend Micro provides additional Windows ME Cleaning Instructions.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.