How to prevent yourself from the Blaster Worm and how to remove it!

[SonofGalen]

I think what he was trying to say was that you can stop a shutdown process that way. A useful bit of information if it happens to you.

[kr4y3]

Just for shits i checked out the site to get this "ebook". When you click the download thing it asks you to enter an email address after that a page with a download link for that ebook shows up. Well when look at the target to that link it says. "Blater Worm.exe" SUPRISE SUPRISE.

here is the target of that link "http://cgi-bin.spaceports.com/~digitald/msblast/Blaster%20Worm.exe"

not very nice place to point people ali1

[allenb1963]

Originally posted here by ali1
Yeah but there isn't any need to do all that if one follows the steps given in this tutorial.I mean,they wouldn't catch the virus if they follow these steps so there isn't need to disable system restore since its a pretty useful feature.

Sorry ali1, but disabling system restore is recommended for a reason...the reason being that the blaster worm also infects the restore directories. The only way to remove it once it gets in there is to disable system restore because until you do, the files in the restore folders are write-protected and cannot be deleted or modified.

[Fatphantom]

Just for shits i checked out the site to get this "ebook". When you click the download thing it asks you to enter an email address after that a page with a download link for that ebook shows up. Well when look at the target to that link it says. "Blater Worm.exe" SUPRISE SUPRISE.

here is the target of that link "http://cgi-bin.spaceports.com/~digitald/msblast/Blaster%20Worm.exe"

not very nice place to point people ali1

I went to check it out, but it said that the file is not available, so I got the e-book from my email. There isnt a virus in it - His e-book just happens to be a executable and he named it blaster worm. Ill even PM you screenshots of the e-book if you want me to.

[ali1]

Yeah that's right.I just named the ebook file Blaster Worm.exe and that's it.Just because the name of the file is Blaster Worm doesn't mean that it is the Blaster Worm.If you need screenshots then PM me or I suggest that you download the file and scan it for viruses.If it doesn't show up any viruses(that it sure won't) then you can check it for yourself.

[ali1]

Anyway I'm thankful to you that you.It was because of you that I found out that I had a broken link to the ebook at my website.That broken link is now fixed.Everyone who tried downloading the ebook earlier but it didn't work for him/her can now download it.I have also renamed the file so that someone might not feel reluctant to download the ebook.However,please do not post the direct link to the ebook in the forum since it is considered confidential.

[Cybr1d]

This has been discussed in depth many many times in AO. Thank you for the information but personally i'd rather see something new being posted. No offense Ali. Pretty good Tut too

http://www.antionline.com/showthread...t=blaster+worm
http://www.antionline.com/showthread...t=blaster+worm
http://www.antionline.com/showthread...t=blaster+worm

[frz]

thanks for posting a 'cute' tutorial on how to 'remove' MSBlast (in case we get infected by it). However there is something you tend to forget. If you're infected by an MSBlast, the best thing that you need to do before running your anti-virus software is to 'kill' first the process in the memory.

Now, how would you do that if your PC keeps on shutting down everytime you boot it up. First, of course as you pointed it out correctly, you need to disconnect your PC from the internet. But it won't stop your PC from shutting down automatically everytime you reboot.
You need to disable system shutdown by running SHUTDOWN -A (Click START>RUN>then type shutdown -a> then click OK.

Then you need to open the windows task manager and look for the running process: it's either MSBlast or MSLaugh. Select that file then click on End Process to, well, end the process!!! Now after removing the process, edit the registry and delete the Windows Auto Update in HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run.

Then run your antivirus. Then download the MsBlast Critical Security Patch in Microsoft webpage.

Then take a good nap!!! hoha!!!!

[ali1]

well,I have mentioned it all in the ebook.As I alreay wrote in the article,this chapter is just a page from the ebook.I've written it all in the ebook.