Out of nowhere, my computer got the blaster worm. I can't open any programs, antivirus protectors, or removal tools unless I'm in safe mode. Apparantly, the most popular way to get rid of it is to use malwarebytes in safe mode (no network). I did this, but the problem persists. What now?
Give this tool a try. Read the entire article, save/print the instructions, then d/l the tool & run it.
W32.Blaster.Worm Removal Tool
W32.Blaster.Worm Removal Tool | Symantec
This tool is designed to remove the infections of:
W32.Blaster.Worm
W32.Blaster.B.Worm
W32.Blaster.C.Worm
W32.Blaster.D.Worm
W32.Blaster.E.Worm
W32.Blaster.F.Worm
Important:
W32.Blaster.Worm exploits the DCOM RPC vulnerability. This is described in Microsoft Security Bulletin MS03-026, and a patch is available there. You must download and install the patch. In many cases, you will need to do this before continuing with the removal instructions. If you are not able to remove the infection or prevent re-infection using the following instructions, first download and install the patch.
Microsoft removal tool> Download Details - Microsoft Download Center - Windows Malicious Software Removal Tool x64
I also tried using R-Kill and SuperAntiSpyware in safe mode, but that didn't help either.
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 8090
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
11/5/2011 11:56:35 AM
mbam-log-2011-11-05 (11-56-35).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 29295
Time elapsed: 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{15C039C3-F230-4706-9CAA-DE476AAB02AC} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59D4DC90-68D2-4321-988D-625E118F7DE6} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping.1 (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FCSB000063943.Shopping (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} (Adware.ShopToWin) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files (x86)\shop to win 21\shop to win 21.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\LocalLow\fcsb000063943\Toolbar\shoppingbho.dll (Adware.ShopToWin) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 8090
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
11/5/2011 1:22:17 PM
mbam-log-2011-11-05 (13-22-17).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 420707
Time elapsed: 38 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cd Tools updater (Trojan.Agent) -> Value: cd Tools updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msi system tune (Trojan.Agent) -> Value: msi system tune -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\default drivers checker (Trojan.Agent) -> Value: default drivers checker -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Sheil\AppData\Local\Temp\0.8942148782947734.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\ikstun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\gnstvn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sheil\AppData\Local\Temp\rhgpv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
This is not the blaster worm, it's a plain trojan/scareware/virus infestation.
Quote