Solved W32/Blasterworm warning

Dell Inspiron 1545 currently being worked on.

Currently on it has McAffee, 'Advanced System Security', and 'Internet Security 2013'. This is a friend's PC I was trying to fix, all she wants is the pictures, and I could reformat while saving the flatfiles I assume and be safe, but she doesn't have the Dell files to reinstall Win7. Upon loading up it attempts to scan with 'Internet Security 2013' and asks for activation, I assume this is a type of smitfraud and ignore it, but I also assume that she already did do something like that to have the program in the first place.

Furthermore, there is a constant Security Warning stating that almost everything is infected with W32/Blasterworm, I'm not sure if this is accurate or not and am wary of putting anything on this system without knowing exactly what I'm dealing with, looking up information I see that this was 'solved' but get mixed results from different websites. This PC due to the Blasterworm info can't run iexplore, chrome, or almost anything.

Thank you for any help.

Symantec has a removal tool for blaster.

W32.Blaster.Worm Removal Tool | Symantec

Probably most of the problems are being caused my McFubar (McAffee) itself. It would be a wise move to remove it & go with another AV. Many posts in here have shown nothing but trouble using McAffee.

Another option if you prefer, is to run Windows Defender Offline. This is a boot AV which will examine the entire PC & weed out any viruses. Be sure to make this on an clean, uninfected PC.

It would be a good idea to run both programs, as viruses tend to invite other viruses onto a PC & you may, at this point, have more then just blasterworm.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html?filter

Thank you very much I will run those now and report back.

Teleclast,

Internet Security 2013 is a computer infection.

You may need to download the following to a clean USB pendrive, and the move them to the infected PC.

Also, on the infeted PC, you could try to download the programs in Safe Mode with Networking;

1. Restart the computer, and tap the F8 key while it is restarting.
2. After your computer displays the hardware information and runs the memory test, the Advanced Boot Options menu appears.
3. Use the arrow keys to select Safe Mode with Networking and press ENTER

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the version with the x64.
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.

Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.





Also download the Farbar Recovery Scan Tool
Select the 64-bit version.


Save it to your Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---

Symantec tool states that it did not find Worm.blaster on the computer, I am now running RogueKiller and will provide the log once completed.

All 4 files are now added as attachments.

Teleclast,

The warning that Blaster is in the system is bogus, and part of the Internet Security 2013 fake notifications. There is nothing for Symantec to find.

Two steps follow. You may still need to download the following to a clean USB pendrive, and then move them to the infected PC, or, try to download the programs in Safe Mode with Networking.

Let's press on with RogueKiller...

•Please quit all programs
•Right-click the RogueKiller file and select 'Run as Administrator'
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, press the [Delete] button.
Please post the new RKreport (Mode: Delete) in your reply.
(It is created on the Desktop.)



Follow with Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click: Finish

MBAM automatically starts and you are asked to update the program.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

-->> When done, please give an update of how it is going.

Also, please press on with Downloading Farbar Service Scanner


Save to the Desktop.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows DefenderPress: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply

Here's the Delete log, running mbam now on that PC, will run FSS right after.

When done with MBAM and FSS, please run RogueKiller once again, do a Scan, and post its new RKreport (Mode Scan).

Here's the new logs, mbam came up with finding nothing twice before running FSS/RK again.

My apology for the delay.

Please go back to Post #7, run the Farbar Service Scanner, and provide its results.

Thanks.

Very sorry, posted the wrong results in that last post, I DID run FSS:

No need to apologize.

Did Malwarebytes Anti-Malware find anything?

Do you still have Internet Security 2013 giving you notices that the system is infected with Blaster?

Please give an update of what problems you are currently having.

MABM found nothing, Internet Security 2013 is seemingly gone (none of the recent scans showed it, no pop ups related to it, can run internet browsers and everything else that was broken fine, etc).

Teleclast


Click here DDS

:ar: Click on Download Now button

:ar: When the download is complete . Drag the DDS program from the Downloads folder to your Desktop

:ar: Right-click the DDS icon on the Desktop choose Run as administrator to run the tool.

:ar: Place a check next to attact.txt and click Start . When done, DDS will open two logs
DDS.txt
Attach.txt

:ar: Save two logs onto your desktop and upload them with your reply

Good to know the system is usable.

Please run the AdwCleaner program:
AdwCleaner Download

It searches and removes unwanted toolbars, programs, adwares, and browser hijackers.

After downloading, save AdwCleaner to the Desktop
Right-click on adwcleaner.exe and select: Run As Administrator
Click the Delete button.

When done, a text file opens.

Please post the content of the AdwCleaner[Sn].txt in your reply.

Note: You can also find the reports at C:\AdwCleaner[Sn].txt (S = supress, n = order number), or, C:\AdwCleaner[Rn].txt (R = research, n = order number)

~~~~
Now, please remove the copy of Farbar Rcovery Scan Tool, and anyFRST.txt found on the Desktop, and download a new, updated copy of: Farbar Recovery Scan Tool
Select the 64-bit version.

Save it to your Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the most recent FRST.txt in your reply. <<---