Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Do I have the w32 Blaster?

08 May 2013   #101
cottonball

Windows 7 Home Premium
 
 

Prescottbob,

RKill is not on your flash drive, it is RogueKiller, and it did not pick up anything.

We need to use RKill: http://www.bleepingcomputer.com/download/rkill/dl/132/


Use another computer to download RKill.com to the flash drive, and then, in safe mode, run it on the infected computer.
Do not reboot, and then run MBAM.

If the malicious process, which is causing your nuisance messages, is not killed, we will be back in the same boat.


My System SpecsSystem Spec
.
08 May 2013   #102
Prescottbob

Windows 7 home premium 64 bit
 
 

by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
Program started at: 05/08/2013 11:47:20 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry fi

rkill report
y Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
Program started at: 05/08/2013 11:47:20 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Binnie\Desktop\rkill\rkill-05-08-2013-11-47-22.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup T
My System SpecsSystem Spec
08 May 2013   #103
cottonball

Windows 7 Home Premium
 
 

Did you try to run this in normal Windows?

If not, please give it a whirl.
My System SpecsSystem Spec
.

08 May 2013   #104
Prescottbob

Windows 7 home premium 64 bit
 
 

Mbam running again 12:10. Going to lunch- be back 1:15 MST
My System SpecsSystem Spec
08 May 2013   #105
cottonball

Windows 7 Home Premium
 
 

If the problem persists after MBAM, do you use Chrome or FireFox browsers?

If not, see if you can download one of them, and use it to download FRST.

See if you get the same message..where the file has a virus and was deleted.
My System SpecsSystem Spec
08 May 2013   #106
Prescottbob

Windows 7 home premium 64 bit
 
 

rkill report in normal mode.

Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
Program started at: 05/08/2013 01:01:06 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* SharedAccess [Missing ImagePath]
* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 05/08/2013 01:01:10 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
My System SpecsSystem Spec
08 May 2013   #107
Prescottbob

Windows 7 home premium 64 bit
 
 

MBAM is still running in normal mode. FRST did download in CHROME.
My System SpecsSystem Spec
08 May 2013   #108
Prescottbob

Windows 7 home premium 64 bit
 
 

Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.08.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Binnie :: BINNIE-PC [administrator]
Protection: Enabled
5/8/2013 1:15:01 PM
MBAM-log-2013-05-08 (17-04-24).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1129785
Time elapsed: 3 hour(s), 34 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> No action taken.
C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> No action taken.
(end)
Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.08.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Binnie :: BINNIE-PC [administrator]
Protection: Enabled
5/8/2013 1:15:01 PM
mbam-log-2013-05-08 (13-15-01).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1129785
Time elapsed: 3 hour(s), 34 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.
C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> Quarantined and deleted successfully.
(end)
My System SpecsSystem Spec
08 May 2013   #109
cottonball

Windows 7 Home Premium
 
 

Prescottbob,

If Chrome does not give you the "...contained a virus and was deleted", see if you can go to the Farbar Recovery Scan Tool Download
Select the 64-bit version.
Save to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to disclaimer.

Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---





Also in Chrome, please start Downloading Farbar Service Scanner
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Press: Scan

When done, the tool creates a report (FSS.txt) on the Desktop.
Also provide the FSS.txt in your reply. <<---
My System SpecsSystem Spec
08 May 2013   #110
cottonball

Windows 7 Home Premium
 
 

We both posted at the same time.

Can you download FRST using Internet Explorer in normal Windows?

If no-go, use Chrome, but post whaich browser you used.
My System SpecsSystem Spec
Reply

 Do I have the w32 Blaster?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
W32 Blaster Worm
Hello, My computer has caught this worm and is driving me crazy, it starts with the spyware protection software which tells me I have many viruses. Im aware its a scam but i cant seem to resolve the problem in safe mode using spybot & uniblue registry cleaner. Please could someone help me,...
System Security
blaster.worm help
my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
System Security
Facebook blaster pro
Hi,recently i have remove facebook blaster pro.but when i start my pc a pop up of it show up.it run firefox from himself.Plz help me?
Software
worm blaster
my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
System Security
Sound Blaster
My sound chip on my motherboard seem to have gone kaput, got a Creative Sound Blaster Audigy SE. Apparently it don't work with Win7, yet its all right on my Vista partition. Trying to find a driver that will make it compatible with 7. Anyone had that problem.
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App