Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: blaster worm terrorizing my comp!

05 Nov 2011   #1
hitchhiker13

Windows 7 Home Premium x64
 
 
blaster worm terrorizing my comp!

Out of nowhere, my computer got the blaster worm. I can't open any programs, antivirus protectors, or removal tools unless I'm in safe mode. Apparantly, the most popular way to get rid of it is to use malwarebytes in safe mode (no network). I did this, but the problem persists. What now?


My System SpecsSystem Spec
.
05 Nov 2011   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Give this tool a try. Read the entire article, save/print the instructions, then d/l the tool & run it.

W32.Blaster.Worm Removal Tool

W32.Blaster.Worm Removal Tool | Symantec

Quote:
This tool is designed to remove the infections of:

W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm

Important:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
My System SpecsSystem Spec
05 Nov 2011   #3
Hopalong X

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

My System SpecsSystem Spec
.

05 Nov 2011   #4
hitchhiker13

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Give this tool a try. Read the entire article, save/print the instructions, then d/l the tool & run it.

W32.Blaster.Worm Removal Tool

W32.Blaster.Worm Removal Tool | Symantec

Quote:
This tool is designed to remove the infections of:

W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm

Important:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
Didn't do me any good. It says i need network administrator permission. Even though i am the administrator. And the virus made it so there is no option of running it as administrator.
My System SpecsSystem Spec
05 Nov 2011   #5
hitchhiker13

Windows 7 Home Premium x64
 
 

I also tried using R-Kill and SuperAntiSpyware in safe mode, but that didn't help either.
My System SpecsSystem Spec
05 Nov 2011   #6
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Can you post the log of when you ran Malwarebytes in Safe Mode?

Regards,
Golden
My System SpecsSystem Spec
05 Nov 2011   #7
hitchhiker13

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Hopalong X View Post
I just finished using the Microsoft removal tool (on safe mode) and it didn't detect anything.
My System SpecsSystem Spec
05 Nov 2011   #8
hitchhiker13

Windows 7 Home Premium x64
 
 

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8090

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

11/5/2011 11:56:35 AM
mbam-log-2011-11-05 (11-56-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 29295
Time elapsed: 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{15C039C3-F230-4706-9CAA-DE476AAB02AC} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59D4DC90-68D2-4321-988D-625E118F7DE6} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping.1 (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\shop to win 21\shop to win 21.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\LocalLow\fcsb000063943\Toolbar\shoppingbho.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
05 Nov 2011   #9
hitchhiker13

Windows 7 Home Premium x64
 
 

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8090

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

11/5/2011 1:22:17 PM
mbam-log-2011-11-05 (13-22-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 420707
Time elapsed: 38 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cd Tools updater (Trojan.Agent) -> Value: cd Tools updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msi system tune (Trojan.Agent) -> Value: msi system tune -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\default drivers checker (Trojan.Agent) -> Value: default drivers checker -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Sheil\AppData\Local\Temp\0.8942148782947734.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\ikstun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\gnstvn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\rhgpv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
05 Nov 2011   #10
Teerex

Windows 7 x64 Ultimate SP1
 
 

This is not the blaster worm, it's a plain trojan/scareware/virus infestation.
My System SpecsSystem Spec
Reply

 blaster worm terrorizing my comp!




Thread Tools




Similar help and support threads
Thread Forum
W32 Blaster Worm
Hello, My computer has caught this worm and is driving me crazy, it starts with the spyware protection software which tells me I have many viruses. Im aware its a scam but i cant seem to resolve the problem in safe mode using spybot & uniblue registry cleaner. Please could someone help me,...
System Security
TCrdMain.exe.can not start -W32/Blaster.worm
I have the above popup on my laptop and I can't access anything. I did read some of the other topics here but none have helped: http://www.sevenforums.com/system-security/102932-help.html I can't run anything. I already have Malwarebytes but can't run it either :( It also keeps running the...
System Security
blaster.worm help
my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
System Security
worm blaster
my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
System Security
Got a win32 blaster worm and can't get rid of it?
Microsoft essentials didn't detect it, maleware bytes didn't detect it. I can't open any programs, the option to open or install as administrator is NOT THERE. I used ESET online scanner it detected the two worms and "said" it cleaned them. And I just found out win 7 deletes all my restore points....
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:22.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App