how to remove the msblast.exe from computer?
Thread poster: karine Richardson
karine Richardson
Local time: 06:01
English to French
+ ...
Aug 14, 2003

my computer also been hit by the worm and hopefully I have managed to sort the problem out thanks to the patch link. However, when I perform a search on the system the program is still on my computer but I don't seem to be able to remove it or delete it as access is denied. Has anybody got any suggestions?

Direct link Reply with quote
 

Geneviève von Levetzow  Identity Verified
Local time: 07:01
Member (2002)
French to German
+ ...
In French... Aug 14, 2003

Message from Wanadoo :



Bonjour,

Le ver "Blaster" se propage sur Internet depuis le 12 août 2003. Il
cherche à exploiter une vulnérabilité des systèmes d'exploitation
Windows* et peut entraîner notamment une prise de contrôle à distance
et des redémarrages intempestifs de votre ordinateur.

Wanadoo réagit rapidement en vous proposant sur son Assistance en
ligne toutes les explications pour désactiver le ver "Blaster". Je
vous invite à consulter toutes les informations utiles mises à votre
disposition à l'adresse suivante :

http://assistance.wanadoo.fr/reponse640.asp

Par ailleurs, j'attire votre attention sur la nécessité de mettre à
jour régulièrement votre système d'exploitation afin de vous prémunir
contre ce type de risque.

Je vous remercie de votre confiance,

Marc Julien
Directeur de la communication client



* Systèmes d'exploitation pouvant être concernés : Windows 2000, XP,
NT, Windows server 2003. Pour plus de renseignements, vous pouvez
également consulter le site de Microsoft France.


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 08:01
Member (2003)
English to Latvian
+ ...
The link to the removal tool Aug 14, 2003

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Uldis


Direct link Reply with quote
 

Terry Thatcher Waltz, Ph.D.  Identity Verified
Local time: 01:01
Chinese to English
+ ...
I don't know if it's true or not... Aug 14, 2003

I have seen people on other fora saying that some of the removal tools were also targeted (don't know how true that is).

OPEN WINDOWS IN "SAFE" MODE by pressing F8 during startup.

You can remove those files by searching for them using "Search" and entering "msblast*.*"

You should find 2 files. One is plain old "msblast.exe"; the other is a longer name, but it also starts with "msblast".

Then just delete the two files, and then immediately empty your Recycling Bin, too.

You can't delete the files under normal mode in Windows, as they are protected in some way.

At least this was my experience; your mileage may vary.

Terry


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 08:01
Member (2003)
English to Latvian
+ ...
New version Aug 14, 2003

of the worm spreads today, technically all is the same, only the worm file is named TEEKIDS.EXE, not MSBLAST.EXE and is packed with FSG compressing utility instead of UPX, which was used by yesterdays version. And probably in nearest days new versions will appear. So manual searching for MSBLAST.EXE may not always bring results.

Uldis
OPEN WINDOWS IN "SAFE" MODE by pressing F8 during startup.

You can remove those files by searching for them using "Search" and entering "msblast*.*"

You should find 2 files. One is plain old "msblast.exe"; the other is a longer name, but it also starts with "msblast".

Then just delete the two files, and then immediately empty your Recycling Bin, too.
Terry


Direct link Reply with quote
 

Terry Thatcher Waltz, Ph.D.  Identity Verified
Local time: 01:01
Chinese to English
+ ...
Ouch! Aug 14, 2003

Thanks for the heads-up. Will you post other file names as they become available/known? I think it's a big help to the community!



[Edited at 2003-08-14 19:56]


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 08:01
Member (2003)
English to Latvian
+ ...
FYI-Microsoft extinguishes Windowsupdate.com website Aug 16, 2003

Some new info:

"According to media reports Microsoft has confirmed that it has decided to kill off its Windowsupdate.com web address. The website was due to suffer a denial of service attack on 16 August by computers infected by the W32/Blaster-A worm.
Sean Sundwall, a spokesman for Microsoft said: "One strategy for cushioning the blow was to extinguish Windowsupdate.com. We have no plans to ever restore that to be an active site."
According to Microsoft, consumers can update their computers by visting the web address http://windowsupdate.microsoft.com or the main Microsoft website page at http://www.microsoft.com where information is available on downloading patches as well as advice on setting up firewall protection."

Uldis


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

how to remove the msblast.exe from computer?

Advanced search






TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums