Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W32/Blasterworm warning

19 May 2013   #1
Teleclast

Windows 7 Home Premium x64
 
 
W32/Blasterworm warning

Dell Inspiron 1545 currently being worked on.

Currently on it has McAffee, 'Advanced System Security', and 'Internet Security 2013'. This is a friend's PC I was trying to fix, all she wants is the pictures, and I could reformat while saving the flatfiles I assume and be safe, but she doesn't have the Dell files to reinstall Win7. Upon loading up it attempts to scan with 'Internet Security 2013' and asks for activation, I assume this is a type of smitfraud and ignore it, but I also assume that she already did do something like that to have the program in the first place.

Furthermore, there is a constant Security Warning stating that almost everything is infected with W32/Blasterworm, I'm not sure if this is accurate or not and am wary of putting anything on this system without knowing exactly what I'm dealing with, looking up information I see that this was 'solved' but get mixed results from different websites. This PC due to the Blasterworm info can't run iexplore, chrome, or almost anything.

Thank you for any help.


My System SpecsSystem Spec
.
19 May 2013   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Symantec has a removal tool for blaster.

W32.Blaster.Worm Removal Tool | Symantec

Probably most of the problems are being caused my McFubar (McAffee) itself. It would be a wise move to remove it & go with another AV. Many posts in here have shown nothing but trouble using McAffee.

Another option if you prefer, is to run Windows Defender Offline. This is a boot AV which will examine the entire PC & weed out any viruses. Be sure to make this on an clean, uninfected PC.

It would be a good idea to run both programs, as viruses tend to invite other viruses onto a PC & you may, at this point, have more then just blasterworm.

Windows Defender Offline
My System SpecsSystem Spec
19 May 2013   #3
Teleclast

Windows 7 Home Premium x64
 
 

Thank you very much I will run those now and report back.
My System SpecsSystem Spec
.

19 May 2013   #4
cottonball

Windows 7 Home Premium
 
 

Teleclast,

Internet Security 2013 is a computer infection.

You may need to download the following to a clean USB pendrive, and the move them to the infected PC.

Also, on the infeted PC, you could try to download the programs in Safe Mode with Networking;
  1. Restart the computer, and tap the F8 key while it is restarting.
  2. After your computer displays the hardware information and runs the memory test, the Advanced Boot Options menu appears.
  3. Use the arrow keys to select Safe Mode with Networking and press ENTER

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the version with the x64.
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.

Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.





Also download the Farbar Recovery Scan Tool
Select the 64-bit version.


Save it to your Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply. <<---


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---
My System SpecsSystem Spec
19 May 2013   #5
Teleclast

Windows 7 Home Premium x64
 
 

Symantec tool states that it did not find Worm.blaster on the computer, I am now running RogueKiller and will provide the log once completed.

All 4 files are now added as attachments.


Attached Files
File Type: txt RKreport[1]_S_05192013_02d1538.txt (3.4 KB, 3 views)
File Type: txt FRST.txt (26.1 KB, 3 views)
File Type: txt Addition.txt (16.7 KB, 2 views)
File Type: log FixBlast.log (55 Bytes, 2 views)
My System SpecsSystem Spec
19 May 2013   #6
cottonball

Windows 7 Home Premium
 
 

Teleclast,

The warning that Blaster is in the system is bogus, and part of the Internet Security 2013 fake notifications. There is nothing for Symantec to find.

Two steps follow. You may still need to download the following to a clean USB pendrive, and then move them to the infected PC, or, try to download the programs in Safe Mode with Networking.

Let's press on with RogueKiller...

•Please quit all programs
•Right-click the RogueKiller file and select 'Run as Administrator'
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, press the [Delete] button.
Please post the new RKreport (Mode: Delete) in your reply.
(It is created on the Desktop.)



Follow with Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click: Finish

MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

-->> When done, please give an update of how it is going.
My System SpecsSystem Spec
19 May 2013   #7
cottonball

Windows 7 Home Premium
 
 

Also, please press on with Downloading Farbar Service Scanner


Save to the Desktop.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows DefenderPress: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply
My System SpecsSystem Spec
19 May 2013   #8
Teleclast

Windows 7 Home Premium x64
 
 

Here's the Delete log, running mbam now on that PC, will run FSS right after.


Attached Files
File Type: txt RKreport[2]_D_05192013_02d1822.txt (3.7 KB, 5 views)
My System SpecsSystem Spec
19 May 2013   #9
cottonball

Windows 7 Home Premium
 
 

When done with MBAM and FSS, please run RogueKiller once again, do a Scan, and post its new RKreport (Mode Scan).
My System SpecsSystem Spec
20 May 2013   #10
Teleclast

Windows 7 Home Premium x64
 
 

Here's the new logs, mbam came up with finding nothing twice before running FSS/RK again.


Attached Files
File Type: txt RKreport[1]_S_05202013_02d1313.txt (2.1 KB, 5 views)
File Type: txt FRST.txt (26.1 KB, 5 views)
My System SpecsSystem Spec
Reply

 W32/Blasterworm warning




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
SFC Warning
Hi guys, As we commonly use SFC to troubleshoot problems across the board, I think it's best that you're aware of how the latest variant of the ZeroAccess malware interferes with SFC. If SFC fails (and not just says it found corrupt files, it has to fail), ask for the full CBS log, not...
System Security
W32/Blasterworm Attack Help Please?!?
Ok, so my laptop has been attacked by this virus and a program called Spy Protect. None of my applications will open, i tried to put in a disk that have avg, but it won't execute the file. I even tried going to the task manager and shutting down defend or the msblast.exe process, but the virus...
System Security
A warning!!
Don't know if anyone has come across the site called RemoveVirus.*** and I haven't put the link in just in case it's a threat itself. But it goes on for several pages of security suites that have GUI's that look awfully similar to ones we use - one looks very much like the Kaspersky ISS and...
System Security
Warning!
What's this?please help.
General Discussion
Win 7 rc Warning????
This is just odd. It has happened twice now. First on my x86 pc and just now on my Studio xps laptop. Windows action center alerts me to the fact that I do not have the most recent ,up to date version of Firefox. I do. 3.5.2 as well as the latest flash. I was thinking that I might as well install...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App