Here's a weird one. I have all of the symptoms of the MSBlast worm, but I can't find the process running or any file called MSBLAST.EXE or anything in the registry! I'm not sure what the heck is going on now.
Also, according to MS, the patch is for XP Service Pack 1. I don't have or want SP1. I tried running the patch on my non service packed system and it seems to have gotten through without any problems. Think this will cause any problems?
The virus spreads through a Windows vulnerability in the Remote Procedure Call service (through TCP port 135). Basically, all you have to do is be connected directly to the internet. If your computer has an IP that is not exposed directly to the internet, you should be okay unless a computer in that same subnet also has the virus.
After ensuring that the virus is not on your computer, make sure you download and run the patch for the RPC vulnerability. If this is not applied, you will continually get the virus.
There are other viruses that take advantage of this also (Backdoor.Hale for Norton) and you may be infected with one of these.
One fairly sure way to check if one of these virii has infected your computer is to go to the registry key, HKLM\Software\Microsoft\Ole and make sure that the key "EnableDCOM" has the data value 'Y'. If it has 'N' you may be infected.
I'm not an expert so I may have some of this wrong.
I agree that the best thing to do is simply get the latest virus definitions for your Anti-Virus programs and run a full system scan.
In all the time I had Windows 98SE running NAV, I was never infected with a virus. The other day I installed XP Pro, and decided to have a quick browse on the net before I got the chance to set up my security and download any patches.
To my complete surprise, within about five seconds of connecting via ADSL, I was shutdown by the RPC. XP is one seriously compromised OS. Annoying as it is to download them, thank god for patches.