Worm lsas.blaster.keyloger
Closed
cindy
-
Mar 5, 2010 at 11:11 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 28, 2010 at 03:47 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 28, 2010 at 03:47 PM
2 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,167
Mar 6, 2010 at 05:52 AM
Mar 6, 2010 at 05:52 AM
Hello Cindy,
No, no, don't wipe anything out, there is a solution, here are two of them:
1. Did you try this manual removal:
•To remove Lsas.Blaster.Keylogger manually:
•Press CTRL+ALT+DEL to open Task Manager
Kill Spyware Processes:
692527612.exe, 1313928688.exe, 1806188250.exe•Delete these Files and Folders:
C:\Documents and Settings\All Users\Application Data\1929146152\1313928688.exe
C:\Documents and Settings\All Users\Application Data\1372029626\1806188250.exe
C:\Documents and Settings\All Users\Application Data\870894309\692527612.exe
2. That Blaster is a worm still in your system and preventing connection to Internet, in the registry for instance. Several Windows updates addressed the issue.
I suggest that you turn your clock back, something like a month which should give you time access to Internet in order to download all of the Windows updates you may be missing and rerun Malwarebyte after a fresh update.
See if this works and please let me know.
Best regards
P.S. If the above don't work, please comeback for a 3rd method.
No, no, don't wipe anything out, there is a solution, here are two of them:
1. Did you try this manual removal:
•To remove Lsas.Blaster.Keylogger manually:
•Press CTRL+ALT+DEL to open Task Manager
Kill Spyware Processes:
692527612.exe, 1313928688.exe, 1806188250.exe•Delete these Files and Folders:
C:\Documents and Settings\All Users\Application Data\1929146152\1313928688.exe
C:\Documents and Settings\All Users\Application Data\1372029626\1806188250.exe
C:\Documents and Settings\All Users\Application Data\870894309\692527612.exe
2. That Blaster is a worm still in your system and preventing connection to Internet, in the registry for instance. Several Windows updates addressed the issue.
I suggest that you turn your clock back, something like a month which should give you time access to Internet in order to download all of the Windows updates you may be missing and rerun Malwarebyte after a fresh update.
See if this works and please let me know.
Best regards
P.S. If the above don't work, please comeback for a 3rd method.
dont wipe you hard drive
find a working computer to make an avira rescue cd
download avira rescue cd and burn to cd:
https://www.avira.com/en/free-antivirus-windows
(put blank cd in drive and then open the file that you downloaded)
restart your computer with cd in drive but before windows loads go to setup
the first thing you see at startup is either a logo and is will say something like
"press f2 go to setup" it may not be 'f2" for you though
you have to press that button before that logo goes away and windows starts
once you have accessed the setup menu use the arrow keys to go to the "boot" tab
put your cd drive above your hard drive in the list and the go to "exit" and select "exit saving changes"
make shure you have the cd in the cd drive and let the computer boot from the cd.
if you use the avira cd it will be in german, click the union jack in the botton left corner for english.
perform a full scan
when its finished, shut down the computer and eject the cd before startup.
hope that windows boots up normally.
at this point i usually like to download "malwarebytes anti malware" and "superantispayware" and use them to clean up the remains of the virus
find a working computer to make an avira rescue cd
download avira rescue cd and burn to cd:
https://www.avira.com/en/free-antivirus-windows
(put blank cd in drive and then open the file that you downloaded)
restart your computer with cd in drive but before windows loads go to setup
the first thing you see at startup is either a logo and is will say something like
"press f2 go to setup" it may not be 'f2" for you though
you have to press that button before that logo goes away and windows starts
once you have accessed the setup menu use the arrow keys to go to the "boot" tab
put your cd drive above your hard drive in the list and the go to "exit" and select "exit saving changes"
make shure you have the cd in the cd drive and let the computer boot from the cd.
if you use the avira cd it will be in german, click the union jack in the botton left corner for english.
perform a full scan
when its finished, shut down the computer and eject the cd before startup.
hope that windows boots up normally.
at this point i usually like to download "malwarebytes anti malware" and "superantispayware" and use them to clean up the remains of the virus
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,167
Mar 28, 2010 at 03:47 PM
Mar 28, 2010 at 03:47 PM
Joel,
Thank you for your contribution, however, I am afraid that in this instance it would definately not work as the suggested rescue system is Linux.
Thank you for your contribution, however, I am afraid that in this instance it would definately not work as the suggested rescue system is Linux.
Mar 28, 2010 at 02:43 AM
Can you help with the third solution
Thanks
Claire
Mar 28, 2010 at 05:52 AM
Please
1.boot in safe mode
2. Go to: c:\Documents and Settings\All Users\Application Data
3. Try to locate a numerical file there that is all numbers such as: 85331323 or 46937130
4. Delete it.
5. Reboot
6. You should now be able to download Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
7. Install and update Malwarebyte
8. Please request a FULL system scan
9. Delete the items found.
10. Turn off system restore for about 45 seconds and turn it back on
11. Create a fresh restore point.
Please, I would much appreciate your feedback.
Sincerely