Solved how to remove W32/Blaster.Worm without patch

July 14, 2011 at 21:41:01
Specs: Windows Vista, Lenovo
My Lenovo Laptop got infected by the W32/Blaster.Worm a couple of days ago and ive tried all kinds of things to remove it. I tried running a scan with Mcafee and it says an error occured and wont even run the scan. For a while my enternet wouldnt work because it said the "Proxy Server" was not responding, So i think it might have attacked that, but i really dont know. It wont even let me on the enternet or anything. And on my task bar on the right it keepis popping up little notifications about all of the things that wont work like the enternet and my ITunes. i cant afford to download anything and if i could, i wouldnt be able to get on the enternet to do so. So please if you have any strategies to remove this, Help me out! thanks.

See More: how to remove W32/Blaster.Worm without patch

Report •

July 15, 2011 at 00:03:54

1. Remove the registry entries hidden by W32/Blaster.Worm.
Once you find some programs on your PC run abnormally, you should immediately check the following entries in the Registry, and directly delete the spyware-related registry entries.
2. It is probably a way to load the “W32/Blaster.Worm" malicious program, by hiding within the system WIN.INI file and the strings "run=" and "load=", so this must be carefully checked.
3. Clean up IE Temporary file folder where the original carrier of PC threats is possibly stored. Meanwhile, the malicious files generated by W32/Blaster.Worm are possibly located in the following Location:
C:\Program Files\Common Files
C:\Documents and Settings

Report •

July 15, 2011 at 09:38:20
✔ Best Answer
You can obviously get on the internet using whatever computer you are posting with now, so I would recommend downloading one of the Blaster removal tools (that were produced by most security companies) to this machine and then use a memory stick to transfer it to the poorly machine & run it that way. HERE is the Symantec one, for example.

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd

Report •

July 15, 2011 at 09:45:43

You are most likely receiving a bogus infection warning, or a fake alert, from a Rogue security program.

Try the following:

Get into Windows Vista Safe Mode with Networking:

Start your computer.
Tap the F8 key before Windows starts, to bring up the Windows Advanced Options menu

Use the arrow keys to select >Safe Mode with Networking<
Press: Enter

If you are able to get on the Internet, press on with the instructions that follow.

If not, copy and paste the URL of the file to download directly into the address bar in your browser, and then press: Enter
(Do not click on the Url, or you will get redirected.)
If the infection does not let you download files to the infected computer, or you still have no Internet connection, download the files/programs requested below to a clean computer and then transfer them to the Desktop of the infected computer. You can use a USB flash drive, or other removable media (CD/DVD, external drive).

Download RKill:

[If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:

Save to the Desktop.

Vista/Windows 7 users right-click and select: Run As Administrator.

A black DOS box briefly flashes and then disappears. This indicates the tool ran successfully.

If not, delete the Rkill file, then download and use another Rkill file:

If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs, as some malware variants try to block it.

Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon)

Save to the Desktop

For Vista or Windows 7, rihgt-click and select: Run as Administrator

Run Malwarfebytes’ AntiMalware and update the program.

Once updated, select 'Perform Full Scan' and click the 'Scan' button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the ‘Remove Selected’ button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the Malwarebytes log in your reply so we can see where we are at, and plan any additional removal strategy, if necessary.<<

Retired - Doin' Dis, Dat, and slapping malware.

Report •

Related Solutions

July 15, 2011 at 11:06:27
W32/Blaster.Worm is bundled with fake Malware Protection, before running malwarebytes, you still need to remove some main files of the virus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Malware Protection” the Malware Protection thing can also be something "random characters"

%Documents and Settings%\[User Name]\Application Data\[random characters].exe

Report •

July 15, 2011 at 11:16:40
the enternet works in safe mode. but i cant download the rkill thing. it says "the publisher could not be verified, are you sure you want to run this software?" so i click run, and it just flashes this black box. it looks like the command prompt. but im not sure.

Report •

July 15, 2011 at 11:23:51
okay, its working now but it didnt delete the worm. it removed a couple of things but i still can get on the enternet in normal mode.

Report •

July 15, 2011 at 11:23:58
Press on in Safe Mode with Networking and run Malwarebytes AntiMalware.

Post its results.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 15, 2011 at 13:44:36

If Malwarebytes does not do the job, download RogueKiller
(It scans running processes, and kills those that are malicious(:

Save it to your Desktop

Close all open programs.

For XP, simply double-click RogueKiller.exe
For Vista/Windows 7, right click the file and select: Run as Administrator

When prompted, type 1 and hit Enter.

An RKreport.txt should appear on your Desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the >RKreport.txt< in your reply.

We will take further action based on the results of this report.
Retired - Doin' Dis, Dat, and slapping malware.

Report •

Ask Question