msblast.exe

Discussion in 'Computer Support' started by king doodle squat, Nov 15, 2003.

  1. does anyone know what this is please?

    tia

    kds :)
     
    king doodle squat, Nov 15, 2003
    #1
    1. Advertisements

  2. Searching http://www.google.co.uk it looks like a virus
     
    Steven Pilbeam, Nov 15, 2003
    #2
    1. Advertisements

  3. king doodle squat

    °Mike° Guest

    <Canned response>

    Boot into Safe Mode and start your registry editor:
    Start / Run / regedit

    Navigate to:
    HKEY_LOCAL_MACHINE
    +Software
    +Microsoft
    +Windows
    +CurrentVersion
    +Run

    In the right-hand pane, look for any entry/ies that include
    MSBLAST.EXE, PENIS32.EXE or TEEKIDS.EXE and
    DELETE it/them.
    These are the files associated with the different variants:
    Variant A - msblast.exe
    Variant B - penis32.exe
    Variant C - teekids.exe

    You just disabled the worm from running at startup, so boot into
    normal mode again, and turn off ALL system restores to purge
    your system.

    Open Windows Explorer to the ..\Windows\System32\ or
    ...\WinNT\System32\ folder and DELETE *any* of the
    files named above.

    Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
    and find the reference to the above file/s (any reference will
    be similar to: <filename.exe>-<alphanumerics>.PF), for example,
    msblast.exe-0235D8H6.pf, and DELETE it/them.

    Now you can download and install the patch, configure your
    firewall and update your virus scanner.

    Virus Alert About the Blaster Worm and Its Variants
    http://support.microsoft.com/default.aspx?kbid=826955

    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/default.aspx?kbid=826369

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
     
    °Mike°, Nov 15, 2003
    #3
  4. king doodle squat

    Dave Watson Guest

    Dave Watson, Nov 15, 2003
    #4
  5. king doodle squat

    Boomer Guest

    Boomer, Nov 15, 2003
    #5
  6. Cheers Guys,

    Looks like its time to get it shifted then!
     
    king doodle squat, Nov 15, 2003
    #6
  7. king doodle squat

    Dr. Bill Guest

    MS = MicroSoft from Bill Gates
    Blast = Big explosion
    So, those bad people, who made it, are going to arse Bill Gates with
    dynamite I think?
     
    Dr. Bill, Nov 15, 2003
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.