W32/Blaster.worm and Cryptographic Service

[PostCode]

On some systems I am disinfecting, after removing the worm and attempting to install the patch to the OS, I am receiving an error message:

"Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer."

The service is running. After running trying a few things like renaming %windir%\system32\catroot2 to %windir%\system32\oldcatroot2 and a few other things, I got a lead on something that worked. If your experiencing this issue, open a command line, Start\Run, then type in there cmd and press enter.

In here type the following:

net start cryptsvc (this ensures the cryptographic service is running)
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll

Now exit the command line and reboot. You should be able to install the patch to the OS.

In addition to this, after performing the command line operations, the systems that were affected can now run a Windows Update, which they were unable to do prior to this.

Hope this helps.

 

[nalani]

A friend of mine who works for Norton suggested that I first install the patch, then run the fixblast tool (after turning off the System Restore). BUT he said I should always verify the fixblast tool to make sure it was a true blue Norton tool. I'll look for the addy of that tool ... after running the tool once, restarting, running the tool again, turning back on the system restore, all was well ...

 

[Mirlyn]

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Postcode: Thanks...I had a machine that wouldn't stop giving that error, no matter how many times I restarted the service. But I kept doing a net stop/net start, not just a net start. Maybe that was the problem.

 

[pc_builder]

What operating systems does that affect? Also... what does it do? I'm curious because I don't think I have it.

 

[pc_builder]

Nevermind, I google'd it. Scary.

 

[AlladinSane]

I installed ZoneAlarm and it blocked 35 tries of connecting to the port 135, I still suspect I may have been infected even if Symantec's FixBlast didn't find anything. It would be amazing if it had not reached me before I installed ZA and upgraded AVG...

 

[Mirlyn]

We ran into two other viruses while disinfecting computers. One is a mutation of MSBlaster. The only way we found to detect it was to slave the drive in another computer and scan/repair it that way.


We also had four computers with that crypto service error. Stopping and/or starting the service didn't help. But this did.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326815

 

[PostCode]

We ran into two other viruses while disinfecting computers. One is a mutation of MSBlaster. The only way we found to detect it was to slave the drive in another computer and scan/repair it that way.


We also had four computers with that crypto service error. Stopping and/or starting the service didn't help. But this did.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326815

That was one of the first things I tried when I tried to fix this crypto error, but it didn't work.