W32.Blaster.worm How Do You Kill It?

[tupperware]

You tried this?

http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99

 

[Hostile]

You tried this?

http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99

Over a dozen times. It keeps saying not found when it is done running.

 

[YosemiteSam]

Over a dozen times. It keeps saying not found when it is done running.

Are you sure it's the W32.Blaster.worm? What is telling you this?

 

[Hostile]

Are you sure it's the W32.Blaster.worm? What is telling you this?

Every pop up warning.

 

[YosemiteSam]

Every pop up warning.

Are these popups trying to sell you antivirus?

 

[Hostile]

Are these popups trying to sell you antivirus?

It looks like that to me.

 

[YosemiteSam]

It looks like that to me.

I think what you have is not the W32.Blaster.worm. You have some virus/malware that is trying to use scare tactics with a well known virus name to get your to buy their or someone else's product that they get a cut of.

Have you tried Spybot? (download it from the safer-networking links)

It maybe too new for most products to find it yet.

 

[WarC]

Hos,

This virus is one of the nastier newer ones that re-generate as well as self-replicate through persistent or scheduled online connections. This worm was a big pain in the butt for me a couple years ago when it first hit. My quick diagnosis/howto:

Update and run ur anti-virus software in safe mode if possible, normal is okay.

-disconnect from the internet- ...this virus re-generates itself and communicates with other infected machines online.


Search for and delete any of these you find In Windows\System32: Msblast.exe, Nstask32.exe, Penis32.exe, Teekids.exe, Win32sockdrv.dll, or Yuetyutr.dll

You may have to boot into safe mode to manually delete these files. If you cannot delete them even in safe mode, let me know and there is a DOS command line we can use to do it.

I work in IT so disinfecting machines while keeping data intact is part of my profession. I always like to recommend Microsoft Security Essentials and Malwarebytes. Updated with windows updated as well, not much is getting past the combo at the moment.

 

[Hostile]

I think what you have is not the W32.Blaster.worm. You have some virus/malware that is trying to use scare tactics with a well known virus name to get your to buy their or someone else's product that they get a cut of.

Have you tried Spybot? (download it from the safer-networking links)

You know the little multi colored shield in the startup part of the taskbar?

These popups appear there no matter what I try to open. For instance, if I try to open DISK CLEANUP it will tell me it can't because it is being blocked by W32.Blaster.worm.

Also, if it is a virus, shouldn't Malwarebytes kill it?

Or since I have to run these in safe mode is it not getting to them?

 

[YosemiteSam]

You know the little multi colored shield in the startup part of the taskbar?

These popups appear there no matter what I try to open. For instance, if I try to open DISK CLEANUP it will tell me it can't because it is being blocked by W32.Blaster.worm.

Also, if it is a virus, shouldn't Malwarebytes kill it?

Or since I have to run these in safe mode is it not getting to them?

I see, I thought you were talking about IE POPUPs.

I've never used Malwarebytes. I've always combo-ed antivirus and Spybot. I will have to checkout Malwarebytes.

 

[Zaxor]

than it is not the blaster ... I had this too what i did is to look through what is being autostarted on my machine...I think mine was start.exe or something like that I deleted it and it was gone

 

[YosemiteSam]

On that note, also checkout Microsoft's AutoRuns It's part of Microsoft's sysinternals. It basically lists every single thing that auto starts on your system. Since there is so many places that something can auto start from, this tool puts them all accessible from a single place. (in other words, it freaking rocks!)

 

[WarC]

It looks like that to me.

If this is the case it most probably isn't blaster at all and just a really bad spyware infection. They're equally a pain in the butt to fully remove.

Malwarebytes is good when used in conjunction with Microsoft Security Essentials. I'd try to get both of those updated and ran, deletings anything suspicious they find. You might have to do most of that in safe mode. Delete all other anti-virus or anti-spyware programs you can remove from Add-Remove Programs including Symantec. We gotta try to reduce everything down to these two tools and work from there. After a big infection its important to establish a beachhead.


If nothing else is working at all and you get close to your wits end but don't wanna re-format, install and run HijackThis and send me the report you generate with it. I dont mind weeding through what processes are running on your machine and try to find whats infecting it.

 

[Zaxor]

take a look at the task manager and see if you recognize all those things under processes... than look under msconfig under what is being booted or started in windows see if you recognize those

 

[Zaxor]

On that note, also checkout Microsoft's AutoRuns It's part of Microsoft's sysinternals. It basically lists every single thing that auto starts on your system. Since there is so many places that something can auto start from, this tool puts them all accessible from a single place. (in other words, it freaking rocks!)

great program thanks

 

[DallasEast]

I see, I thought you were talking about IE POPUPs.

I've never used Malwarebytes. I've always combo-ed antivirus and Spybot. I will have to checkout Malwarebytes.

Malwarebytes is fantastic, even in its trial version. I have tried Spybot in the past. It's good, but seems to be inconsistent with its throughness at times. Maybe that's why I've never stuck with it.

 

[ajk23az]

Spybots tea timer causes more problems than you started with. If it's malware, a boot time scan should find it.

 

[DallasEast]

Spybots tea timer causes more problems than you started with. If it's malware, a boot time scan should find it.

I always try the boot scan feature of any antivirus, malware, spyware, etc., program I download first thing. It's the best way to identify and remove junk from your computer in my opinion.

I used to LOVE Avast! boot time scan feature. It never bothered me about how long the scan would take because it was always so thorough. Still pains me that I got away from it. The annual subscription price is very reasonable as well.

 

[ajk23az]

I always try the boot scan feature of any antivirus, malware, spyware, etc., program I download first thing. It's the best way to identify and remove junk from your computer in my opinion.

I used to LOVE Avast! boot time scan feature. It never bothered me about how long the scan would take because it was always so thorough. Still pains me that I got away from it. The annual subscription price is very reasonable as well.

Yup, it's awesome. The scan is long but once you get one notification, you can just click option 4, and move all findings to the chest and then just let it go until it is done.

 

[gmoney112]

If it's anything like the worm I had, it completely demolished my machine. Nothing worked. It literally changed window system processes so I couldn't access the net, and it was still active in Safe Mode. Formatting was the only way to get ride of it.