Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: blaster worm terrorizing my comp!

05 Nov 2011   #1

Windows 7 Home Premium x64
 
 
blaster worm terrorizing my comp!

Out of nowhere, my computer got the blaster worm. I can't open any programs, antivirus protectors, or removal tools unless I'm in safe mode. Apparantly, the most popular way to get rid of it is to use malwarebytes in safe mode (no network). I did this, but the problem persists. What now?


My System SpecsSystem Spec
.

05 Nov 2011   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Give this tool a try. Read the entire article, save/print the instructions, then d/l the tool & run it.

W32.Blaster.Worm Removal Tool

W32.Blaster.Worm Removal Tool | Symantec

Quote:
This tool is designed to remove the infections of:

W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm

Important:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
My System SpecsSystem Spec
05 Nov 2011   #3

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

My System SpecsSystem Spec
.


05 Nov 2011   #4

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Give this tool a try. Read the entire article, save/print the instructions, then d/l the tool & run it.

W32.Blaster.Worm Removal Tool

W32.Blaster.Worm Removal Tool | Symantec

Quote:
This tool is designed to remove the infections of:

W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm

Important:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
Didn't do me any good. It says i need network administrator permission. Even though i am the administrator. And the virus made it so there is no option of running it as administrator.
My System SpecsSystem Spec
05 Nov 2011   #5

Windows 7 Home Premium x64
 
 

I also tried using R-Kill and SuperAntiSpyware in safe mode, but that didn't help either.
My System SpecsSystem Spec
05 Nov 2011   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

Can you post the log of when you ran Malwarebytes in Safe Mode?

Regards,
Golden
My System SpecsSystem Spec
05 Nov 2011   #7

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Hopalong X View Post
I just finished using the Microsoft removal tool (on safe mode) and it didn't detect anything.
My System SpecsSystem Spec
05 Nov 2011   #8

Windows 7 Home Premium x64
 
 

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8090

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

11/5/2011 11:56:35 AM
mbam-log-2011-11-05 (11-56-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 29295
Time elapsed: 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{15C039C3-F230-4706-9CAA-DE476AAB02AC} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59D4DC90-68D2-4321-988D-625E118F7DE6} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping.1 (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\shop to win 21\shop to win 21.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\LocalLow\fcsb000063943\Toolbar\shoppingbho.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
05 Nov 2011   #9

Windows 7 Home Premium x64
 
 

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8090

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

11/5/2011 1:22:17 PM
mbam-log-2011-11-05 (13-22-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 420707
Time elapsed: 38 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cd Tools updater (Trojan.Agent) -> Value: cd Tools updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msi system tune (Trojan.Agent) -> Value: msi system tune -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\default drivers checker (Trojan.Agent) -> Value: default drivers checker -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Sheil\AppData\Local\Temp\0.8942148782947734.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\ikstun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\gnstvn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\rhgpv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
05 Nov 2011   #10

Windows 7 x64 Ultimate SP1
 
 

This is not the blaster worm, it's a plain trojan/scareware/virus infestation.
My System SpecsSystem Spec
Reply

 blaster worm terrorizing my comp!




Thread Tools



Similar help and support threads for2: blaster worm terrorizing my comp!
Thread Forum
Solved W32 Blaster Worm System Security
TCrdMain.exe.can not start -W32/Blaster.worm System Security
No, it isn't the Blaster Worm Security News
blaster.worm help System Security
worm blaster System Security
Solved Win32/Blaster Worm Affected !! System Security
Solved Got a win32 blaster worm and can't get rid of it? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:05 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33