Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Do I have the w32 Blaster?

13 May 2013   #301
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

lol


My System SpecsSystem Spec
.
13 May 2013   #302
Doug Herbst

Windows 7 Home Premium 32bit
 
 

Don't know if this will help or if your problem is worse, but I had this same problem over the weekend and wasn't able to shake it off until I rebooted in safe mode and deleted the app. McAfee full scan did not detect it. But I found the sucker in my Users/user/AppData/Roaming folder (your path may be different due if you log on with a different name). It was an app with the name "amsecure" and a green shield logo. I deleted it early Sunday morning, rebooted, and it hasn't returned since. But I never clicked the box to purchase the product so I don't know if that caused additional complications for you. BTW when I hovered over it it showed the File Description was ALPass and the company was ESTsoft Corp. That may be a bogus company.
My System SpecsSystem Spec
13 May 2013   #303
Prescottbob

Windows 7 home premium 64 bit
 
 

Doug, thanks for the interest. I'll let cottonball digest that.

cottonball, jacee's scan just completed ( 6 hrs ). I've got evening appointments that can't be forestalled.

Will be back tomorrow.
My System SpecsSystem Spec
.

13 May 2013   #304
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This may be of some relevance ...
Quote:
MpSvc.dll can be infected by virus Backdoor:PHP/C99shell.J which spreads through social network Flickr to download and install malware Movavi Screen Capture Personal on the affected machines.

Once infected, the file path of MpSvc.dll will be re-set as:
C:\WINDOWS\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\
Your FSS Log shows:
Quote:
Farbar Service Scanner Version: 14-04-2013
Ran by Binnie (administrator) on 11-05-2013 at 15:25:02
Windows 7 Home Premium Service Pack 1 (X64)
************************************************
======== Search: "MpSvc.dll" =========
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
====== End Of Search ======
My System SpecsSystem Spec
13 May 2013   #305
cottonball

Windows 7 Home Premium
 
 

Yep, read the same stuff...

That is why Prescottbob is getting a new MpSvc.dll, and with CF and an FCopy:: all three of those will get a new life:

C:\MpSvc.dll | C:\Program Files\Windows Defender\MpSvc.dll

C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll

C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll


Just need to confirm that the C:\MpSvc.dll is in the right place...
My System SpecsSystem Spec
14 May 2013   #306
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This is what this Trojan Backdoor:PHP/C99shell.J does to an infected computer .. Encyclopedia entry: Backdoor:PHP/C99shell.J - Learn more about malware - Microsoft Malware Protection Center

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.

They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
My System SpecsSystem Spec
14 May 2013   #307
Prescottbob

Windows 7 home premium 64 bit
 
 



My System SpecsSystem Spec
14 May 2013   #308
Prescottbob

Windows 7 home premium 64 bit
 
 

trash Post #307 I didn't do something right!
My System SpecsSystem Spec
14 May 2013   #309
Prescottbob

Windows 7 home premium 64 bit
 
 

SystemLook.txt

This should be the right one!


My System SpecsSystem Spec
14 May 2013   #310
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

After this computer is clean. This might be asking to much but if someone could post what infections were found and where in the system.

What programs or methods removed the problems.

My thoughts are this nasty Backdoor Trojan planted itself in Windows Defender and kept turning Windows Defender on so the torjan could do it nasty things. What a great way to hide a infection; inside a security program.
My System SpecsSystem Spec
Reply

 Do I have the w32 Blaster?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
W32 Blaster Worm
Hello, My computer has caught this worm and is driving me crazy, it starts with the spyware protection software which tells me I have many viruses. Im aware its a scam but i cant seem to resolve the problem in safe mode using spybot & uniblue registry cleaner. Please could someone help me,...
System Security
blaster.worm help
my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
System Security
Facebook blaster pro
Hi,recently i have remove facebook blaster pro.but when i start my pc a pop up of it show up.it run firefox from himself.Plz help me?
Software
worm blaster
my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
System Security
Sound Blaster
My sound chip on my motherboard seem to have gone kaput, got a Creative Sound Blaster Audigy SE. Apparently it don't work with Win7, yet its all right on my Vista partition. Trying to find a driver that will make it compatible with 7. Anyone had that problem.
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App