Identifying computers infected with W32.Blaster.Worm or other RPC worms
|Article:TECH112131|||||Created: 2003-01-04|||||Updated: 2007-01-12|||||Article URL http://www.symantec.com/docs/TECH112131|
This document provides a link to information that can help you identify the computers on your network that are infected with W32.Blaster.Worm, its variants, W32.Welchia.Worm, and other RPC worms.
Symantec Security Response has profiles of W32.Blaster.Worm and W32.Welchia.Worm activity that can help you find and eradicate this family of malicious code from your network. The profile may also be used to identify other RPC worm infections. For specific information, read Detecting network traffic that may be due to RPC worms.
For more information on the RPC vulnerability that is exploited by these worms and a list of Symantec products that detect it, read Symantec Security Response's article Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability.
Article URL http://www.symantec.com/docs/TECH112131