Re: Having issues with 3rd party products deleting MSBlaster.exe variant A?
From: ProtoStrike (ldayberry_at_hotmail.com)
Date: 08/19/03
- Next message: james russel: "blaster"
- Previous message: Matt Scarborough: "Re: What is a sxe*.tmp File"
- In reply to: ProtoStrike: "Having issues with 3rd party products deleting MSBlaster.exe variant A?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Aug 2003 06:47:20 GMT
Fix for step #6 on the original send.
Hello,
Here is a manual, but a fix for removal of MSBlaster variant A that worked
for me. This process mainly comes from...
Trend Micro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=worm_msblast.a
I had to use it because I wasn't having success with 3 party applications.
Restoration of Windows XP/2000 operating systems has been achieved using
this process. Note: many of the issues that people are having do not
correlate to the symptoms the virus causes. This is just a guess, but I
believe some people aren't following procedure and are panicking while
trying to create their own fix which is possibly resulting in more harm than
the virus itself causes. Remember.the virus doesn't destroy valuable data,
but you can.
If your machine has the MSBlaster variant A, keeps rebooting, and won't
allow you enough time to make corrections while booted.here is a guaranteed
fix.
Step by Step Fix
1.. Start computer. After computer posts the BIOS, memory, etc. and
displays the initial Windows XP load screen, press F8. I usually hit F8 a
couple of times to make sure I get the text option screen for SAFE MODE, as
opposed to booting normally.
2.. Select SAFE MODE : Command Line and <press enter> .The machine will
boot to a text command line.
3.. Type CD C:\ <press enter>
4.. Type DIR /a /s MSBLAST.exe (If you have the virus it should display
"1 File Found" in the Directory of "C:\Windows\System32"
- If you don't find the file you don't have the virus and it's another issue
with the machine and you need not proceed to step 5.
- If you do find the MSBLAST.EXE file.proceed to Step 5
5.. Type CD C:\Windows\System32
6.. Type ATTRIB -R -A -S -H MSBLAST.EXE (put a space before each -
symbol)
7.. Type DEL MSBLAST.EXE
8.. Restart Machine
9.. Open Registry Editor. To do this, click Start, click Run, type
Regedit, then press <Enter>.
10.. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
11.. In the right panel, locate and delete the entry:
"windows auto update" = MSBLAST.EXE
12.. Close Registry Editor.
13.. Go to http://www.microsoft.com/security/protect/main.asp and follow
the directions to protect your machine against further attack.
1.. XP users.direction will be available here to enable your internet
connection firewall (ICF) which comes free with Windows XP
2.. Always have updated virus protection software installed. Don't be
cheap! Protect you data for $50 or so.
Regards!
- Next message: james russel: "blaster"
- Previous message: Matt Scarborough: "Re: What is a sxe*.tmp File"
- In reply to: ProtoStrike: "Having issues with 3rd party products deleting MSBlaster.exe variant A?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
