Draco
2bOrNot2b
- Joined
- Mar 30, 2001
- Posts
- 6,762
For all of you that are still having Blaster Worm problems, heres the info on how to removal it manually, and properly.
Copy/Pasted From CERT.Org
Steps to recover from W32/Blaster/Lovsan.
These instructions are designed for Windows XP. Under some circumstances, these instructions may not completely disable the worm or protect the system from re-infection.
Physically disconnect the computer from the network (remove phone/network cable, wireless card).
Kill the worm process using Task Manager. Known variants of this worm may show up as "msblast.exe", "teekids.exe", or "penis32.exe".
Press Ctrl-Alt-Delete key combination.
Click "Task Manager" button.
Select "Processes" tab.
Highlight "msblast.exe".
Click "End Process" button, answer "Yes" to warning dialog.
Repeat previous two steps for "teekids.exe" and "penis32.exe".
Delete any files named "msblast.exe", "teekids.exe", or "penis32.exe" on the computer.
Click "Start", "Search", and select "All files and folders".
Search for "msblast.exe".
Right-click each file and delete it.
Repeat previous two steps for "teekids.exe" and "penis32.exe".
Enable Internet Connection Firewall (ICF).
In Control Panel, double-click Networking and Internet Connections, and then click Network Connections.
Right-click the connection on which you would like to enable ICF, and then click Properties.
On the Advanced tab, click the box to select the option to Protect my computer or network.
If you want to enable the use of some applications and services through the firewall, you need to enable them by clicking the Settings button, and then selecting the programs, protocols, and services to be enabled for the ICF configuration.
Now, there is also a Registry Key that gets written into
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update
If you feel comfortable enough with hacking the registry, remove THAT specific key. (I'm not going to post details on how to remove it, if you need to ask HOW, you have no place being in your registry in the first place.)
Draco
A+/Net+ Certified Technician
KC Computer Consultants Ltd
Christchurch
New Zealand
Copy/Pasted From CERT.Org
Steps to recover from W32/Blaster/Lovsan.
These instructions are designed for Windows XP. Under some circumstances, these instructions may not completely disable the worm or protect the system from re-infection.
Physically disconnect the computer from the network (remove phone/network cable, wireless card).
Kill the worm process using Task Manager. Known variants of this worm may show up as "msblast.exe", "teekids.exe", or "penis32.exe".
Press Ctrl-Alt-Delete key combination.
Click "Task Manager" button.
Select "Processes" tab.
Highlight "msblast.exe".
Click "End Process" button, answer "Yes" to warning dialog.
Repeat previous two steps for "teekids.exe" and "penis32.exe".
Delete any files named "msblast.exe", "teekids.exe", or "penis32.exe" on the computer.
Click "Start", "Search", and select "All files and folders".
Search for "msblast.exe".
Right-click each file and delete it.
Repeat previous two steps for "teekids.exe" and "penis32.exe".
Enable Internet Connection Firewall (ICF).
In Control Panel, double-click Networking and Internet Connections, and then click Network Connections.
Right-click the connection on which you would like to enable ICF, and then click Properties.
On the Advanced tab, click the box to select the option to Protect my computer or network.
If you want to enable the use of some applications and services through the firewall, you need to enable them by clicking the Settings button, and then selecting the programs, protocols, and services to be enabled for the ICF configuration.
Now, there is also a Registry Key that gets written into
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update
If you feel comfortable enough with hacking the registry, remove THAT specific key. (I'm not going to post details on how to remove it, if you need to ask HOW, you have no place being in your registry in the first place.)
Draco
A+/Net+ Certified Technician
KC Computer Consultants Ltd
Christchurch
New Zealand
