On Wed 13 August 2003, 13:06:22 +1000, Patricia wrote: > I've tried the exe 3 times now. Checking and getting rid of Blaster is relatively easy. The only way of preventing a reinfection is to download the patch - try http://windowsupdate.microsoft.com
To get rid of it (this is an extract from http://www.zdnet.com.au/itmanager/technology/story/0,2000029587,20277172,00.htm) > Detection > > The worm is very easily detected by users. Pressing > control-alt-delete, then clicking on "Task Manager" and selecting > the "Processes" tab will bring up a list of processes running on the > machine. Clicking on "Image Name" will sort the processes > alphabetically. If there is a process named "msblast.exe" running on > the system, then it has been infected by the worm. > > Prevention > > The best prevention is to install the patch from Microsoft. Users > who have not yet patched their Windows 2000, NT, and XP systems > should do so. > > Removal > The worm is relatively easy to clean up after detection. <snip stuff about loading the patch> > ... it will be necessary to delete the worm's executable file, > msblast.exe. However, its process must be stopped before it can be > deleted. > > Log in with administrator rights, load up the "Task manager" again > as described above. Click on the "Image Name" field under the > "Processes" tab and click once on the "msblast.exe" process. Press > "End Process" to stop it from running. > > The worm's executable file will be found in the system32 directory, > which is a subdirectory of (by default) the "winnt" directory in > Windows 2000 machines, and the "windows" directory in Windows XP > installations. > > Use Windows Explorer to navigate to the system32 directory, locate > the mblast.exe file and delete it. > > Reboot your system. Done! > > The final step, removing the registry key created by the worm, is > optional. It isn't really that important -- the key simply causes > the worm to start every time the system is re-booted, but once the > worm file itself is deleted it's redundant anyway. > > This is done manually by using the registry editor. It is important > to note that making incorrect changes to the registry can have > catastrophic consequences. > > Load the registry editor by clicking on the start button, navigating > to "Run..." and typing in "regedit". Run regedit and navigate to the > following "key". > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > > In the right hand section of the registry editor, the following > value will be found: > > "windows auto update"="msblast.exe" > > Delete it. > > Reboot. Done! Good luck. -- Robin Anson Using The Bat! v1.62r on Windows XP 5.1 Build 2600 Service Pack 1 ________________________________________________ Current version is 1.62r | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
