British Banger,
I think someone here at my work has the same problem. I'll check with him. But I am sure that you are not suppose to use the 64-bit version. That's for systems like Itanium 2.

Leo

 

well, my co-worker said our IT told him to bring the system back to them. So I don't know the fix for it. sorry

 

British banger..

You need to disable the file restore option in XP.. See once you repalce a system file XP trys to replace it.. Well slight problem with that as it is trying to replace it with a bad copy.. Give me one sec and i will post the url to a how to so that you can disable it.

 

http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

 

For full instructions

It is also possible to remove the worm manually with the following steps:

1. Turn off Windows XP System Restore by following this guide:
http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

2. Terminate the msblast.exe process using the Task Manager

3. Delete msblast.exe from Windows System Directory

4. Remove the following registry value

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n\windows auto update'



5. Apply the Microsoft patch.

You might also want to turn on Windows XP's internal firewall to prevent access to port 135:
http://www.microsoft.com/windowsxp/h...e_firewall.asp

 

Thanks for the responses iblu and dredizzle.

I'm trying to follow your directions dredizzle, but i don't know how to do the last one (The removing the registry value). Thanks a lot, my computer Is really screwed up!

James

 

go to start and run
type in regedit

 

whoops sorry. sorta forgot that step.. Just 2nd nature.

 

Thanks Iblu and dredizzle, I think it worked.

My computer is finally back under my control!

 

Okay nevermind, it didn't work, msblast keeps on appearing in the windows system32 folder, and in the task manager.

I am pretty certain that I did all the steps correctly, maybe you could elaborate on step #3. For this step I just did a search and found msblast inside Windows/system32, and deleted it.

Thanks all

 

British Banger,
This to follow instruction from this link.
http://securityresponse.symantec.com...ster.worm.html

or

http://securityresponse.symantec.com...er.b.worm.html

or

http://securityresponse1.symantec.co...ster.worm.html
If doesn't work search for W32.Blaster on the internet for other removal instructions...

 

make sure you install a software firewall like zonealarm. it is free and it will stop you from furthur infections. You may infact have cleaned it up only to get infected again cause you have no firewall installed.

 

Thanks guys, I downloaded zonealarm and it worked, no more virus.

Thanks again for all your help!

James

 

Actually, XP 64 is tailored for the Intel crushing Opteron and Athlon64 AMD processors.

AMD is a company fixing to come alive. I am a huge advocate. Intel has nothing on the AMD64 core. Especially when MS is writting the 64 bit programs to be optimized on the new AMD architecture.

 

Edit, sorry now I see this is up in the messages, I missed it in a quick scan - Sorry

------

I haven't tried this myself but I understand that this will stop the count down to the PC rebooting once you see the window pop up.

Hit the Start menu, select run type in "command" to bring up the command box, then type in "shutdown -a" press enter. There is a space between the n and the - . Then you can go get the patch. I haven't been hit to try it though, a tec support person told me about the command.

Peaty