w32.blaster.worm

  • Thread starter Thread starter BJG
  • Start date Start date
B

BJG

under c:\windows\systems32\msblast.exe

I bought this computer appx 1.5 months ago and since I
did not register I lost all access. I spent over a week
repairing and on help desk to repair and decided to load
all disk...still have three to go.

Please tell me how to rid me how to get rid of this which
was imbedded several months before I bought this computer
or should I use my warranty and return?

I am a semi novice, disabled with some neurological
difficulties. If this is too detailed please be honest
and I will use warranty and return for a new one with
less hassle and dislike for MS.

Thank you.
 
> under c:\windows\systems32\msblast.exe
> I bought this computer appx 1.5 months ago and since I
Click to expand...
> did not register I lost all access. I spent over a week
Click to expand...
> repairing and on help desk to repair and decided to load
Click to expand...
> all disk...still have three to go.
> Please tell me how to rid me how to get rid of this which
Click to expand...
> was imbedded several months before I bought this computer
Click to expand...
> or should I use my warranty and return?
> I am a semi novice, disabled with some neurological
Click to expand...
> difficulties. If this is too detailed please be honest
Click to expand...
> and I will use warranty and return for a new one with
Click to expand...
> less hassle and dislike for MS.
> Thank you.
Click to expand...

No need to return it without first trying ti rid yourself of it.
It's unclear in your post...when you say that you are loading all disk's do
you mean that you are reformating?....
The first thing you need to do is to turn on your XP firewall,and
download stinger.
Stinger will remove the Blaster worm
http://vil.nai.com/vil/stinger/

Once you have stinger downloaded disconnect from the internet as you are
infecting others with the msblast.
In case you cannot stay online long enough to download this,when the
countdown begins bring up the run command and type in
shutdown -a and hit ok there is a space between the n and -
run stinger and remove what it finds.When the blaster is removed go to
windows update for there has been a patch to prevent this for over a year now.
I hope this will get you started.
Good Luck
 
Billie;
See this link:
http://www3.telus.net/dandemar/blaster.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/


> under c:\windows\systems32\msblast.exe
> I bought this computer appx 1.5 months ago and since I
Click to expand...
> did not register I lost all access. I spent over a week
Click to expand...
> repairing and on help desk to repair and decided to load
Click to expand...
> all disk...still have three to go.
> Please tell me how to rid me how to get rid of this which
Click to expand...
> was imbedded several months before I bought this computer
Click to expand...
> or should I use my warranty and return?
> I am a semi novice, disabled with some neurological
Click to expand...
> difficulties. If this is too detailed please be honest
Click to expand...
 
Thanks Jupiter!
I was reading the links you provided and as many times that I've been in
admin tools>services I never realized that their is a recovery option for
many of the services.
 
When you get the shutdown message...

Go to; Start --> Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/ or the Microsoft Lovsan/Blaster and Nachi/Welchia
Removal Tool
http://www.microsoft.com/downloads/...8B-FE98-493F-AD76-BF673A38B4CF&displaylang=en
and install the following patch for the RPC/RPCSS and DCOM Vulnerabilities that are
addressed by Microsoft Security Bulletin MS04-012 - KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741 and finally
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Please read: http://www.microsoft.com/security/incident/blast.asp

You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.

I also suggest the installation of *ALL* MS Critical Updates ASAP.

Dave






| under c:\windows\systems32\msblast.exe
|
| I bought this computer appx 1.5 months ago and since I
| did not register I lost all access. I spent over a week
| repairing and on help desk to repair and decided to load
| all disk...still have three to go.
|
| Please tell me how to rid me how to get rid of this which
| was imbedded several months before I bought this computer
| or should I use my warranty and return?
|
| I am a semi novice, disabled with some neurological
| difficulties. If this is too detailed please be honest
| and I will use warranty and return for a new one with
| less hassle and dislike for MS.
|
| Thank you.
 
> under c:\windows\systems32\msblast.exe
> I bought this computer appx 1.5 months ago and since I
Click to expand...
> did not register I lost all access. I spent over a week
Click to expand...
> repairing and on help desk to repair and decided to load
Click to expand...
> all disk...still have three to go.
> Please tell me how to rid me how to get rid of this which
Click to expand...
> was imbedded several months before I bought this computer
Click to expand...
> or should I use my warranty and return?
> I am a semi novice, disabled with some neurological
Click to expand...
> difficulties. If this is too detailed please be honest
Click to expand...
> and I will use warranty and return for a new one with
Click to expand...
> less hassle and dislike for MS.
> Thank you.
Click to expand...

If you connected the PC to the Internet without having first
enabled a firewall, without having first installed an antivirus
application with current virus definition files, and before installing
the KB828471 Hotfix, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the Blaster and/or Welchia worms. It only takes a few seconds of
exposure.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

MS04-012 Cumulative Update for Microsoft RPC-DCOM
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger

--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
Back
Top