how to remove the msblast.exe from computer? Thread poster: karine Richardson
|
|---|
my computer also been hit by the worm and hopefully I have managed to sort the problem out thanks to the patch link. However, when I perform a search on the system the program is still on my computer but I don't seem to be able to remove it or delete it as access is denied. Has anybody got any suggestions?
| | | | | In French... | Aug 14, 2003 |
Message from Wanadoo :
Bonjour,
Le ver "Blaster" se propage sur Internet depuis le 12 août 2003. Il
cherche à exploiter une vulnérabilité des systèmes d'exploitation
Windows* et peut entraîner notamment une prise de contrôle à distance
et des redémarrages intempestifs de votre ordinateur.
Wanadoo réagit rapidement en vous proposant sur son Assistance en
ligne toutes les explications pour désact... See more Message from Wanadoo :
Bonjour,
Le ver "Blaster" se propage sur Internet depuis le 12 août 2003. Il
cherche à exploiter une vulnérabilité des systèmes d'exploitation
Windows* et peut entraîner notamment une prise de contrôle à distance
et des redémarrages intempestifs de votre ordinateur.
Wanadoo réagit rapidement en vous proposant sur son Assistance en
ligne toutes les explications pour désactiver le ver "Blaster". Je
vous invite à consulter toutes les informations utiles mises à votre
disposition à l'adresse suivante :
http://assistance.wanadoo.fr/reponse640.asp
Par ailleurs, j'attire votre attention sur la nécessité de mettre à
jour régulièrement votre système d'exploitation afin de vous prémunir
contre ce type de risque.
Je vous remercie de votre confiance,
Marc Julien
Directeur de la communication client
* Systèmes d'exploitation pouvant être concernés : Windows 2000, XP,
NT, Windows server 2003. Pour plus de renseignements, vous pouvez
également consulter le site de Microsoft France. ▲ Collapse
| | | | Uldis Liepkalns 
Latvia
Local time: 16:07
Member (2003)
English to Latvian
+ ...
| | I don't know if it's true or not... | Aug 14, 2003 |
I have seen people on other fora saying that some of the removal tools were also targeted (don't know how true that is).
OPEN WINDOWS IN "SAFE" MODE by pressing F8 during startup.
You can remove those files by searching for them using "Search" and entering "msblast*.*"
You should find 2 files. One is plain old "msblast.exe"; the other is a longer name, but it also starts with "msblast".
Then just delete the two files, and then immediately empty... See more I have seen people on other fora saying that some of the removal tools were also targeted (don't know how true that is).
OPEN WINDOWS IN "SAFE" MODE by pressing F8 during startup.
You can remove those files by searching for them using "Search" and entering "msblast*.*"
You should find 2 files. One is plain old "msblast.exe"; the other is a longer name, but it also starts with "msblast".
Then just delete the two files, and then immediately empty your Recycling Bin, too.
You can't delete the files under normal mode in Windows, as they are protected in some way.
At least this was my experience; your mileage may vary.
Terry ▲ Collapse
| | |
|
|
|
Uldis Liepkalns
Latvia
Local time: 16:07
Member (2003)
English to Latvian
+ ...
of the worm spreads today, technically all is the same, only the worm file is named TEEKIDS.EXE, not MSBLAST.EXE and is packed with FSG compressing utility instead of UPX, which was used by yesterdays version. And probably in nearest days new versions will appear. So manual searching for MSBLAST.EXE may not always bring results.
Uldis
OPEN WINDOWS IN "SAFE" MODE by pressing F8 during startup.
You can remove those files by searching for them using "Search" and entering "msblast*.*"
You should find 2 files. One is plain old "msblast.exe"; the other is a longer name, but it also starts with "msblast".
Then just delete the two files, and then immediately empty your Recycling Bin, too.
Terry
| | | |
Thanks for the heads-up. Will you post other file names as they become available/known? I think it's a big help to the community!
[Edited at 2003-08-14 19:56]
| | | | Uldis Liepkalns
Latvia
Local time: 16:07
Member (2003)
English to Latvian
+ ...
| FYI-Microsoft extinguishes Windowsupdate.com website | Aug 16, 2003 |
Some new info:
"According to media reports Microsoft has confirmed that it has decided to kill off its Windowsupdate.com web address. The website was due to suffer a denial of service attack on 16 August by computers infected by the W32/Blaster-A worm.
Sean Sundwall, a spokesman for Microsoft said: "One strategy for cushioning the blow was to extinguish Windowsupdate.com. We have no plans to ever restore that to be an active site."
According to Microsoft, consumers can ... See more Some new info:
"According to media reports Microsoft has confirmed that it has decided to kill off its Windowsupdate.com web address. The website was due to suffer a denial of service attack on 16 August by computers infected by the W32/Blaster-A worm.
Sean Sundwall, a spokesman for Microsoft said: "One strategy for cushioning the blow was to extinguish Windowsupdate.com. We have no plans to ever restore that to be an active site."
According to Microsoft, consumers can update their computers by visting the web address http://windowsupdate.microsoft.com or the main Microsoft website page at http://www.microsoft.com where information is available on downloading patches as well as advice on setting up firewall protection."
Uldis ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » how to remove the msblast.exe from computer? | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
| | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
