I am having a problem with my pc. I have a security warning on my computer that a malicious program has been detected. I have mcafee Internet security and have done a full scan which detected no issues. I am not able to open anything on my pc. The message I get is that I am infected with w32/blaster.worm and it takes me to a malware protection site which costs $59.95/year. I am not very good with computers so am not sure if this is a scam or what to do next as I can't do anything on my pc (I have written this on my phone). Can anyone help?
Let me know the Operating System and Service Pack installed on that computer.
on 29/5/11 4:40:28 PM IST
Moved this to Malware Discussion > Home User Assistance.
With an up to date machine Blaster should not even take hold, what operating system and service pack have you got on it?
I suspect instead it's one of the many fake antimalware applcations that's floating around which bypass most antivirus applications.
If you can't boot then try booting into Safe Mode with Networking (number 2 on the menu you will see after tapping F8 repeatedly while booting up)
1st thing to try is to see if you can use System Restore to go back to before all this started happening. It's found under Start/All Programs/Accessories (in Vista and Windows 7 look for System Tools).
It can be initiated in that mode. If successful, temporarily disable System Restore to delete the infected restore point.
Try downloading and running the free version of MBAM as Jay has suggested but make sure you update it first. It is one of the few tools that will install, update and run all in that mode.Message was edited by: Ex_Brit on 29/05/11 7:18:45 EDT AM
Hi guys, thanks for the help, when I say I'm not good with computers I mean I know nothing about this sort of thing. I can use a spreadsheet and the Internet and that is it. I believe the operating system is windows and I have no idea what a service pack is? I just tried the system restore thing Peter suggested above and it said file rstrui.exe is infected by w32/blaster.worm
As I said, try doing what I suggested in 'Safe Mode with Networking'. Try option 2 - Malwarebytes. and don't forget to update it first. It will install, update and run all in that mode.
You can check your exact version of Windows including whatever service pack is installed by right-clicking Computer (My Computer in XP) and selecting 'Properties'. It will tell you there.
Copy that down and post it here in a reply please.
A service pack is a major update that Microsoft issues for all operating systems from time to time to upgrade them to be compatible with newer software/hardware and to be more secure plus improve performance.
Windows vista home premium, not sure what service pack is - is not obvious from that screen.
I have booted up in safe mode with networking and it gives me a recommended restore point of last night which is when the problem originally occurred - should I choose a different restore point?
Yes an earlier one than that if possible.
Then please visit Windows Update and it would appear that your system is no longer supported, either by Microsoft or McAfee.
That window I pointed to should include something like the red circled item here:
For more information see:
After doing all that make sure that Windows Updates is turned on and set to receive updates for Windows and other products using Microsoft Update and that way your machine should more-or-less be kept up to date without too much fuss.
I don't know what version of Internet Explorer you are using but that is another vulnerability. You can tell by opening it and going to Help/About. You should be using IE9. That can be obtained through Windows Update using the settings I just recommended or a direct download from the IE website.
You should also make sure that any browser add-ons are the latest versions, such as any toolbars you use, plus Java, Shockwave Flash etc. etc.
Message was edited by: Ex_Brit on 29/05/11 10:49:48 EDT AM
erial n umber removed for security reasons"The message I get is that I am infected with w32/blaster.worm". It's a fake warning.
Jayadeep NR and Ex_Brit were right saying that "Malware Protection" is a fake anti-virus application. Reboot your computer in safe mode with networking and run a full system scan with Malwarebytes Antimalware or any other malware removal tool. For more information, please read this blog post: How to Remove "Malware Protection" (Uninstall Guide)
Security code removed for possible risks - Moderator
Good luck!Message was edited by: Ex_Brit on 29/05/11 8:54:39 EDT PM
You can also use this serial Security code removed for possible risks - Moderator to register Security Center in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.
To register what Security Center? If you mean the fake antimalware one then that's simply cementing it in place on your machine, surely? Where is that serial number from?
Message was edited by: Ex_Brit on 29/05/11 8:55:16 EDT PM