Win32/worm blaster

Solved/Closed
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011
- Apr 4, 2011 at 08:19 AM
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
- Jun 29, 2014 at 07:27 AM
Hello,



I had a message on spyware protection come up saying I had win32 worm blaster virus and upgrade to stop threat.

I didn't upgrade as it seemed a bit dodgy.

Im running on PC windows xp.

I can't boot in safe mode and I cant run any .exe programms. I cant even run system restore. I cant download any programmes to stop it as they dont open. The only thing I can do is use internet explorer.

Any ideas welcome please

38 replies

jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:39 AM
I got the original message from spyware protection it looks like a shiled divided into our with blue red green and yellow. I came up win32/worm blast and started scanning my computer. Do you want me to do a scan with it again it seems to be the only thing that works other than internet explorer
4
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 06:15 AM
Well, this is positive news!

If we get your system back in shape, would it be possible for you to get me an invitation to the Royal Wedding, or at least have the opportunity to have tea and cucumber sandwiches with the new royal couple?

I will be back in 5
1
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 4, 2011 at 09:52 AM
Dear Jonboy,

Looks like it's not win32 worm blaster but a disguised scam as we frequently see. It's actually a rogue trojan horse running loose in the stable.

You have access to internet explorer, so you should be able to access the rogue killer tool.

Here is how to get rid of this scam rogue virus designed to get to your credit card account and it is a good thing you did not fall for it.

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.

To kill the processes:

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)

Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.

Please let us know about the results or I may throw a curse on your system which will cause to bark all the time.:)))

Best regards
0
Angie & Dan
Apr 4, 2011 at 10:25 PM
We had the same problem, and this seems to have worked! Thanks for the nice clear instructions... appreciate it!
0
shameful -downloader-of-free-boks
Oct 20, 2013 at 01:47 PM
This worked perfectly! Thank you! Thank you! Thank you!
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 04:25 AM
Problem is I cant run anything .exe

When downloading roguekill i even downloaded the other type extension files .scr .com but they wouldnt work either
0

Didn't find the answer you are looking for?

Ask a question
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 04:31 AM
Stand by while I search my data base. You do have a worm not a trojan.

We must end some running processes as the virus, to protect itself will prevent the running of some exe.

See you in a minute or 2
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 04:32 AM
Okay mate thanks your a star
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 04:40 AM
Follow these steps to download and run the tool:

Download the FixBlast.exe file from:

https://www.broadcom.com/support/security-center

Save to your Windows desktop.

Connect any removable USB devices which may be infected, ie pendrive, flash driver, etc.

Close all the running programs.

If you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.

Turn off System Restore.

Locate the file that you just downloaded.

Double-click the FixBlast.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.

NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.


Restart the computer.
Run the removal tool again to ensure that the system is clean.
then reenable System Restore.

Reconnect the computer to the network or to the Internet connection.

Run LiveUpdate to make sure that you are using the most current virus definitions.


When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:

Total number of the scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries


What the tool does
The Removal Tool does the following:

Terminates the associated processes
Deletes the associated files
Deletes the registry values added by the threat


Switches
The following switches are designed for use by network administrators:
/HELP, /H, /?
Displays the help message.
/NOFIXREG
Disables the registry repair (We do not recommend using this switch).
/SILENT, /S
Enables the silent mode.
/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the tool's output. By default, this switch creates the log file, FixBlast.log, in the same folder from which the removal tool was executed.
/MAPPED
Scans the mapped network drives. (We do not recommend using this switch. See the following Note.)
/START
Forces the tool to immediately start scanning.
/EXCLUDE=[PATH]
Excludes the specified [PATH] from scanning. (We do not recommend using this switch. See the following Note.)
/NOCANCEL
Disables the cancel feature of the removal tool.
/NOFILESCAN
Prevents the scanning of the file system.
/NOVULNCHECK
Disables checking for unpatched files.
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 04:58 AM
No good mate I dled the file. Pluged in a usb pendrive. Turned off the itnernet. Turned of system restore. Double click the fixblast file and its just dissapears again as before ?
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 05:12 AM
Excrement!

That takes the cake!

alt+crtl+delete

Click on the process tab

Can you spot any strange looking processes, some may be numerical, one may say hotfix, or any other that you encounter?
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 05:21 AM
Jonboy

The process might be called Msblast
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:23 AM
I cant do crt alt delete is dissappeard strainght away
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:24 AM
I see it for a second then its gone
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 05:34 AM
Yikes! We have a huge problem in our hands

When you got the message did it come from your antivirus?

When you got the message about win32 worm blaster, was there any other caracters naming the worm such as Win32 blasterA or blaster msblashH or any other?

I am trying to pinpoint the type of worm so that I get to know how to attack it by surprise from the rear flank and splash it with jet fuel.
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:41 AM
backdoor.win32.scrabp
trojan downloader win32/bredolab
mal/generic -a trojan agent
w32.blaster.worm
w32/child-porn.proxy/server
email-worm.brontok

I say its ound 26 critical virus
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 05:43 AM
This spyware protection is it part of your antivirus? What is you antivirus?
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 05:48 AM
If you

Click Start, click Run, type cmd in the Open box, and then click OK.
At the command prompt, type dir %systemroot%\system32\filename.ext /a /s, and then press ENTER,

do you see any files where filename.ext is :

Msblast.exe, Nstask32.exe, Penis32.exe, Teekids.exe, Winlogin.exe, Win32sockdrv.dll, or Yuetyutr.dll. ?
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:51 AM
When i type that in it say : Windows cannot find dir

My antivrus was AVG
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 05:52 AM
SORRY open run type cmd you see the little black screen then it dissapears
0
Ambucias
Posts
47362
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,284
Apr 5, 2011 at 06:01 AM
Looks it's not just a blaster worm because in most instances, that type of worm would keep restarting your system.

Do you have access to explorer?

Do you have a pendrive?
0
jonboy2011
Posts
19
Registration date
Monday April 4, 2011
Status
Member
Last seen
April 6, 2011

Apr 5, 2011 at 06:13 AM
Yes I have a pendrive and I have explorer
0