| Port No | 4444 |
| Service Name | W32.Blaster.E.Worm |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | W32.Blaster.E.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers. While Windows NT and Windows 2003 Servers are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the Mslaugh.exe file into the %Windir%\System32 folder, and then execute it. |
| Reference Link | Port Number:4444 Service Name:W32.Blaster.E.Worm Port:TCP |
| Attack | According to Symantec Removal Instructions: Removal using the W32.Blaster.Worm Removal Tool Symantec Security Response has developed a removal tool to clean the infections of W32.Blaster.E.Worm. Try this tool first, as it is the easiest way to remove this threat. Manual Removal As an alternative to using the removal tool, you can manually remove this threat. The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.