worm

  • Thread starter Thread starter jsr
  • Start date Start date
J

jsr

Win32/MSBlast worm
The beta scan keeps finding this and then tells me its
removing it. The next scan, it finds it again. How do I
get rid of this worm once and for all?
 
This will take more than Antispy if this is the Blaster
Worm, If this was Blaster then it would mean your system
isnt fully patched or wasnt patched when you were
infected also the side effects of this are obvious like
losing internet connection and the pc constantly shutting
down and displaying this message :

"This shutdown was initiated by NT AUTHORITY\SYSTEM"
Windows must now restart because the Remote Procedure
Call (RPC) service terminated unexpectedly"

If you see this You can disable this shutdown by
following the steps below during the countdown

Click on Start, Run
Type in CMD and press ENTER
Type in the following command and press Enter

SHUTDOWN -A

This will terminate the shutdown


Open the Windows Task Manager by pressing CTRL+ALT+DEL,
select the Processes tab

Check for any of the following programs, click on it and
then press "End Process"

MSLAUGH.EXE
MSBLAST.EXE
ENBIEI.EXE
TEEKIDS.EXE
MSPATCH.EXE

Close Task Manager


Download these fixtools:

Save All To Desktop Or C:Drive


Symantecs Blaster Remover :
-------------------------

http://securityresponse.symantec.com/avcenter/FixBlast.exe


Trend Micro's Damage Clean Up Tool :
----------------------------------

http://www.trendmicro.com/ftp/products/tsc/tsc.zip


Microsoft Malicious Software Removal Tool :
-----------------------------------------

http://go.microsoft.com/fwlink/?LinkId=40587


Next copy this to notepad so you can view it in safe mode.

When you have them downloaded reboot into safe mode,
Reboot and keep tapping F8 then choose safe mode from the
list

Run The Symantec Blaster Remover by double clicking
FixBlast.exe, When it finishes run Trend Micro's damage
clean up tool & Finally run the MS malicious software
removal tool.

Remove previous system restore points

First Create a New Restore Point

Goto Start Menu > Run > And copy & paste this in


%SystemRoot%\System32\restore\rstrui.exe


Press Enter, Choose create a restore point and Next ,
Name it and press Create

Next clear the infected Restore Points

Goto Start Menu and Run and type


cleanmgr


Press Enter, Goto the "More Options" tab and press Clean
up on the System Restore area to remove all the restore
points except the one we just created

Reboot back to normal mode.



Finally Visit Microsoft Windows Update and download all
available patches for your system, You may need to reboot
and go back more than once to get all patches and
available updates:

http://www.windowsupdate.com/


Let us know if you have any problems

Andy
 
Back
Top