Help my lap tops bin infected with W32 Blaster worm

[sbwhart]

My lap tops has been infected with a virus when I try to open a programe I just get a security warning about Malicious program

and that it can not start due to W32 Balster worm.

Can any of you Guys help me out.

If I had my way I'd hang the bastard who do this stuff,  up by their balls until their eyes opo out.

Stew

[DavidA]

Can you start up in 'Safe Mode' ? 

Dave.

[lordedmond]

This may help Stew


http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99


Stuart

[saw]

You can try this: http://www.malwarebytes.org/mbam.php
I hope it will help you 

[sbwhart]

Thanks for your suggestions Guys, but unfortunately the virus won't let me get onto the internet to down load the patch in-fact I can't do anything on it I'm well a truly stuffed.

A well pissed off Stew

[raynerd]

Stew, might not work but you could try:

Reboot laptop and keep tapping the F8 key - it`ll boot up in safe mode.
Select to open up in "Safe Mode"
Go to Start --> Accessories --> System Tools --> System Restore

.......and then select an earlier date to restore the computer to. It`ll then reboot your computer.

It might work...certainly worth a try!!

Chris

[saw]

I would say do as craynerd told you, but don't rebot, turn the computer of for 5 minutes. If you just rebot, you can still have the virus in the memmory and that will not help you.

[andyf]

Hi Stew,

Apparently, it is a very common worm, so your local computer shop probably has a geek who can kill it off. The instructions below are on the interweb, but I have no idea whether or not they work.

Andy

Please follow the instructions below if you would like to remove W32.Blaster.Worm manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If W32.Blaster.Worm remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Enable your firewall. If you don't have a firewall installed, click here. [dunno where that takes you]
Start your computer in safe mode.
Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'windows auto update', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%SystemDir%\msblast.exe

Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Download all service packs and critical updates from www.windowsupdate.com.
 

[John Rudd]

Stew,

My eldest daughter's  lappie was infected last week...
I too tried to remove it manually by doing a regedit.........

Sadly, it was ineffectual...

So as a last resort I'm having to re-install Windoze     and really I think that is the only real way to ensure its gone, including reformatting the hdd...

So, if you have backup discs for your machine, mebbe worth a shot...?

[Bogstandard]

The boot up in safe mode and system restore to an earlier copy usually works well.

Where people go wrong, is that after you have done it, do a quick check to make sure everything is working as it should, then you must go to Control Panel/System/System Restore and turn off system restore for all disks.

What happens is that the virus will automatically be saved in your system restore files, where your virus protection can't get to it or touch it, and at the first opportunity, the virus can pop up again.

Once you have turned off sytem restore, you will lose all your restore points, but the virus contained within will be deleted as well, so you can then turn back on system restore, and it will start a new file from scratch.


Bogs

[Pete49]

Some blackpowder down the dvd slot a small trail of bp and a match.
A bit too permanant some would say.
Google it as there is a simple removal method that I used on my old laptop
Cheers
Pete

[Divided he ad]

Dunno what the hell it was but I had some malware thing hit my comp' yesterday.... wiped out the ability to run EXE files??  luckily could run files as an administrator (right click on the short cut and selected it from the popup menu..... else I wouldn't have been able to get the info from here!


Using the method Chris and Bogs described I have managed to recover from it all....

Took me a couple of hours and a few of these     Ran full antivirus and anti rootkit sweeps on the restore before I did the bit described by Bogs....


Had to re-install my firefox browser from the program file that was in my machine... Couldn't open a web page till I'd done that.
Then I downloaded and installed the upto date version and then had to re-install my bookmarks from the bookmarks back up... Thought I'd lost them all 


Thankfully it all seems to be ok now 




I think it'd be nice to get my hands on one of these programming types who makes these virus thingies               






Hope you get yours sorted Stew.







Ralph.

[sbwhart]

Yah oooooo  my little lap top is out of hospital and working like a good un.

 

I'm going to get a pussy up and hunt down the bum who put the crap on the net.

A happy Stew

[andyf]

I'm going to get a pussy up and hunt down the bum who put the crap on the net.

A happy Stew

To save any transatlantic offence (or offense, even) it might be an idea to amend that to "posse", Stew 

Glad you got it sorted; in case it ever happens to me, how did you do it?

Andy

[sbwhart]

I wasnt thinking of that sort of pussy

Blush

You havn't seen the size of our cats
 


Stew

[Divided he ad]

   fair do's Stew I damn near colapsed in pain laughing at that 



Ralph.

[Rob.Wilson]

I wasnt thinking of that sort of pussy

Blush

You havn't seen the size of our cats
 


Stew

I right o Stew   


Rob

[sbwhart]

I'm going to get a pussy up and hunt down the bum who put the crap on the net.

A happy Stew

To save any transatlantic offence (or offense, even) it might be an idea to amend that to "posse", Stew 

Glad you got it sorted; in case it ever happens to me, how did you do it?

Andy

Sorry Andy I was so busily laughing it my pussy slip I forgot to answer your ?.

To be honest I didn't fix it, the IT specialist at the school my wife use to teach at fixed it he used the malwarebytes program you guys suggested.

Thanks for all your help.

Stew

[Divided he ad]

   

Sorry Andy I was so busily laughing it my pussy slip I forgot to answer your ?.

   


And  I thought that it couldn't get funnier.... Stew you're a star 








Ralph.

[John Swift]

Hi  sbwhart

after reading your post I've had a look at my computers

and on both ,the adobe FP_AX_CAB_installer was infected 

I used  stinger10101504   from mcAfee


http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/stinger.aspx


the report for my machine - the scan took several hours !!!

Scan initiated on Fri Apr 08 00:20:04 2011
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
     Found the FakeAlert!fakealert-REP trojan !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe is infected with the FakeAlert!fakealert-REP virus !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe could not be repaired.
  Number of clean files: 1302528
  Number of infected files: 1



looking in the "windows folder" on the C drive

its in the folder " downloaded  programs files "

the file is {E288E8F-427F-9522-AC9BF37916A7}

its use while installing the PDF reader

now fixed , I uninstalled the old reader and now have the latest :-  adobe reader x


thanks for the alert

     John