w32 blaster virus

July 1, 2011 at 11:28:47
Specs: Windows Vista
HELP PLEASE im ready to rip out my hair - My nephew has a W32 Blaster worm on his laptop I cannot download anything to remove it :(
He has Vista Home Basic. When i start his computer it goes right to telling me he has a virus a matter of fact 63 of them. I cant dl or remove anything.

See More: w32 blaster virus

July 1, 2011 at 13:43:28

You are most likely receiving a bogus infection warning, or a fake alert, from a Rogue security program.

Try the following:

To get into Windows Vista >Safe Mode with Networking<, as the computer is booting, tap the F8 key to bring up the Windows Advanced Options Menu, and select the option from there.

Now, download TDSSKiller
Save it to the Desktop.

Double-click* on TDSSKiller.exe to run the program.
Vista/Windows 7 users, right-click the file, and select: Run As Administrator

Click the 'Start Scan' button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

If no reboot is requested, click on: Report.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller. is created and saved to the root directory (usually Local Disk C:).

>>Please provide the contents of TDSSKiller in your reply.<<

After a reboot, go back into Safe Mode with Networking again.

Next, download RKill:

[If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:

Save to the Desktop.

Double-click on the RKill icon to run the tool.
Vista/Windows 7 users right-click and select: Run As Administrator.

A black DOS box briefly flashes and then disappears. This indicates the tool ran successfully.

If not, delete the Rkill file, then download and use another Rkill file:

If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs.

Note: You may need to make repeated attempts to use Rkill before it runs, as some malware variants try to block it.

Once the tool completes its work, the window closes and a log is displayed.

>>Please post the contents of the RKill log in your reply.<<

Note: If you get an alert that RKill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. Leave the alert on the screen and run RKill again. By not closing the alert, it sometimes allows you to bypass the malware's attempt to protect itself so that RKill can perform its routine.

Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:

Double-click mbam-setup.exe and follow the prompts to install the program. (For Vista or Windows 7, select: Run as Administrator)

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the Malwarebytes log in your reply so we can see where we are at, and plan any additional removal strategy, if necessary.<<

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 2, 2011 at 02:26:20
W32 Blaster worm is usually bundled with fake antispyware Malware Protection. You can follow this video to remove it completely http://www.youtube.com/watch?v=FJ6R...

Report •

July 2, 2011 at 08:51:07

Post #1 edited, missed a step. My bad!

How is it going?

Retired - Doin' Dis, Dat, and slapping malware.

Report •
Related Solutions

Ask Question