Retro Blaster Worm Removal
Blaster worm, aka MSBlast, Blaster.worm, Lovesan, initially developed by group of Chinese hackers, gained its extreme notoriety as it was modified to B variant by Jaffrey Lee Parson in 2003, who was then 18 years old teenager from USA. The scripts of Blasrter.worm concealed encrypted message that scoffed at Microsoft and its co-founder Bill Gates. In particular, there was the string that read as follows:
“billy gates why do you make this possible ?”
Originally, the technique of reverse engineering of Microsoft patch for vulnerability resulted in creation of the infection. The malware exploited buffer overrun detected by Polish group of hackers. The buffer related vulnerability enabled the worm to be propagated as attachment to spam message without needing the message recipient to open the attachment.
here are two patches for the buffer vulnerability available: MS03-026 and MS03-039. The infection was used to attack one of Microsoft website. The corporation decided for temporary shut-down of the attacked page. The harm caused by the attack would be incomparably greater, had the attacker managed to target eventual url of the page. Nevertheless, according to the most conservative estimate, the losses resulted from the worm distribution tended towards half a billion US dollars (in prices of 2003!). Whereas Microsoft did not report considerable damage to its website, users of its software were less unlucky as computers infected with the worm often were forced to reboot on routine basis soon after system loading. The worm made compromised Windows OS produce alert notifying on inevitable reboot in 60 seconds.
Blaster worm Removal Manual
Incomplete or incorrect extermination of files and registry values constituting the infection, e.g. deletion of harmless files and registry entries instead of those specified below due to mistyping, is quite possible. Furthermore, resent observations on fake security tools have shown that this kind of malware might strike back, i.e. make harm to computer system in response to attempt of deleting its components.
If you are a Windows user, secure your computer system before proceeding to the adware extermination by means of system and registry backup prior to launching deletion of the adware components.
4 easy steps to remove fake antivirus:
Step1. System Backup
- Windows XP Here
- Windows Vista Here
- Windows 7 Here
Step2. Killing Processes (in Windows)
You must kill Blaster worm processes:
Once system and registry backup is complete, make sure the infection you want to get rid of is not currently running any processes; otherwise kill its processes in the Task Manager.
Step3. Exposure and Detection and Deletion of Blaster worm Files
Once the targeted infection is idle, you need to find its relevant entries. Some of them might be hidden as the malware often attributes such value to its files in order to reduce the risk of their deletion.
C:\Windows\System32\penis32.exe
C:\Windows\System32\teekids.exe
C:\Windows\System32\mspatch.exe
C:\Windows\System32\mslaugh.exe
C:\Windows\System32\enbiei.exe
*This malicious software creates the folders and files with random names, most likely you will not find in their files and folders with names such as in the example above, but they will look something like this.
How to Expose and Detect Files
Step4. Delete System Registry Values
Edit System Registry deleting the following entries:
Disclaimer
TOP Anti-malware:
Categories
- Adware (138)
- Browser Hijackers (80)
- Pop-ups and fake alerts (132)
- Rogue software (91)
- Trojan horses (145)
- Worms (4)
Monthly archive
- June 2011 (1)
- July 2011 (25)
- August 2011 (12)
- September 2011 (7)
- October 2011 (9)
- November 2011 (13)
- December 2011 (7)
- January 2012 (5)
- February 2012 (4)
- March 2012 (5)
latest security news
Checked by:
