Cannot remove blast worm

Norton Security | Norton Internet Security
1

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

2

Download and install Malware Bytes Anti Malware. Also are you using IE? If so switch to Firefox.

 

http://www.malwarebytes.org/
3

You mean this dialog??

 

 

There are a few variants.

 

Look for this registry entry and delete

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows automation = (one of the file names below)"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update =(one of the file names below) "

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Inet Xp.. =(one of the file names below) "

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig =(one of the file names below) "

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Nonton Antivirus =(one of the file names below) "

"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Nonton Antivirus =(one of the file names below) "

"HLKM\Software\Microsoft\Windows\CurrentVersion\Run\www.hidro.4t.cXm =(one of the file names below) "

 

Remove any of the files below on your PC

 

msblast.exe, penis32.exe, wuaumgr.exe, teekids.exe, root32.exe,msconfig35.exe, mspatch.exe, mslaugh.exe, enbiei.exe

 

Cheers

 

Quads

 

 

[edit: Broke AutoGenerated link, Actual reg key ended in .com not .cXm .]

Message Edited by Allen_K on 10-02-2008 09:35 PM
4

ufukeskici, do you have a Norton product installed? If so, which one and what year?

 

Also, you need to install Windows updates as soon as you possibly can because Microsoft fixed the blaster vulnerability years ago and there's no reason that anybody should still be getting exploited by this.

5
reese_anschultz wrote:

ufukeskici, do you have a Norton product installed? If so, which one and what year?

 

Also, you need to install Windows updates as soon as you possibly can because Microsoft fixed the blaster vulnerability years ago and there's no reason that anybody should still be getting exploited by this.

That's what I thought, though  ufukeskici already stated he had XP Service Pack 3 installed so the fix 'should' already be included, as far as I know.
Fascinating 
 Thanks
 
Quads 

 

6

I forgot that he said xp sp3 was installed. He should be protected from Blaster.

7

@Quads,

 

That's exactly what I get.

 

I have symantec antivirus 10.1.5.5000 version 2.10.2008 rev 4

 

I had sp2 before threat i installed sp3 after threat.

 

i tried spybot s&d, malware and adware but nothing happened. they couldn't find anything!

8
ufukeskici wrote:

@Quads,

 

That's exactly what I get.

 

I have symantec antivirus 10.1.5.5000 version 2.10.2008 rev 4

 

I had sp2 before threat i installed sp3 after threat.

 

i tried spybot s&d, malware and adware but nothing happened. they couldn't find anything!

Please buy N.I.S. 2009 from the symantec Online Store as soon as possible.

9
ufukeskici wrote:
I have symantec antivirus 10.1.5.5000 version 2.10.2008 rev 4

If you would like to discuss Symantec enterprise products (like Symantec AntiVirus 10) please visit https://forums.symantec.com/. These Norton forums are specifically for consumer product discussion. I apologize for this inconvenience.

10

Hi

 

That soves that, it infected an SP 2 system before it got upgraged to SP 3

 

One of the Files and the Registry entries should be there, What I mean by "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update =(one of the file names below) " is for instance replace the brackets etc with one of the file names. Like

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update = msblast.exe " 

 

Quads 

4 Likes
11

I checked the regedit but couldn’t find any registry value called “windows auto update”…

12

did you try searching for the other registry entries, Plus searching for the files listed on your hard drive that I stated earlier on??

 

Quads 

13

no files like them. :frowning:

14

Can I ask what advised you that you had the blaster worm??  Seeing has you the removal tools and manual searching did not find anything.

 

You could for now change the RPC recovery settings so that the PC won't restart.

 

And specifically block the port(s) with your firewall.

 

Quads 

15

Did you fix the Problem??

 

Do you know how to change the RPC etc?? 

 

Quads 

16

I just changed the RPC. But I do not know if I have still that virus or not.

17

Hi

 

You can also block specifically port 135 in your firewall settings which is the port that the RPC group of trojans/ worms use.

 

Quads