Showing results for 
Show  only  | Search instead for 
Did you mean: 

W32/Blaster.worm please help

Jump to solution

I have the  W32/blaster.worm on my computer. I am running mcafee total protection on 3 computers upgraded a month ago .  It occured yesterday when I went onto web site and clicked a video on the screen indicating how to take better pictures.

The display comes up spyware protection and wants me to subscribe,

I ran mcafee runs a full scan a finds 1 problem but won't fix.

I cannot open a  programs says infected with w32/blaster.worm

tried running in safe mode and safe mode with networking and the computer shuts off goes black reboot and the same thing again, stays on about 30 seconds

the computer will stay on if i log onto normal mode ,the account that the virus  is on.

downloaded the file and unable to run tried renaming and still no luck on the efffected login account

tried the same thing with no luck

I never tried a system restore , i don't want to loose pictures

turned off system restore, turned on firewall still all no good

please help


1 Solution

Accepted Solutions
Level 11
Report Inappropriate Content
Message 12 of 15

Re: W32/Blaster.worm please help

Jump to solution

Peter is correct when saying “…I suppose variants could appear in the wild at any time.”

Ok, let's per share.

I guess the detection of W32/Blaster.worm has been made by your McAfee AV product, correct ? I’m asking it because there are myriad names for threats and each company, when they discover detection, gives a threat a name.  Often more than one company will "discover" the detection at about the same time, and a virus will get different names from different companies.  So what one company would detect something as may differ significantly from what another company will detect it as. 

You said you are using a McAfee Total Protection upgraded a month ago. Are your both Engine and DAT files up to date ? This is very important, as we have hundreds of new malware and malware variants daily. It is also extremely recommended that you have your system patched.

Regarding “Prefetch”, they are not directly executable files, and though they may be related to a virus or trojan file, they are not, on their own, malicious in nature. 

"Prefetch files are essentially a resource list. Any time a program is executed, Windows XP will attempt to find a pre-existing prefetch file, and if it's available, it will use it to make the application load up faster. The file will also be updated after it is accessed, so that the more an application is used, the bigger the drop in loading time (to a point). If the application doesn't already have an associated prefetch file, Windows XP will create one. Those files are stored in the \%windir%\prefetch directory."

Quote From

We recently detected a FakeAlert Trojan variant (FakeAlert-Rena) which also uses a filename “defender.exe” to infect its victims. You can read more about it .

Based on it, I would like to suggest you to run our standalone tool  - Stinger - available at

Our FakeAlert Stinger tool is available at

Hope this helps!


View solution in original post

14 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 15

Re: W32/Blaster.worm please help

Jump to solution

Okay, don't panic. Malwarebytes will be able to get rid of this, we just have to figure out how to get it to run on your system.

First, Malwarebytes advises that you run their program in normal mode, not safe mode :

"Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails.

If you installed MBAM in safe mode, you should reinstall it."

The removal instructions for this rogue program are here : if you were unsuccessful before, check that what you did then is what they are advising you to do in these instructions.

Was the account you were using one that had full administrator privileges? If not, you should try again in one that does; this will allow Malwarebytes to access all files in all user accounts. Beware of going onto the web using such an account in everyday use, since if a virus does hit you then it automatically has access to your whole system, instead of only to those files that a limited-privilege account is allowed to use.

Let us know if you're still unable to make progress, and we'll devise some way to get this to work.

Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 15

Re: W32/Blaster.worm please help

Jump to solution

Follow-up suggestion : this fake program will be named "defender.exe" and should be in C:\documents and settings\{username}\application data

The actual path might be slightly different depending on your operating system. If you find that file, delete it and then try downloading and running Malwarebytes. You may have got rid of the program but there will be registry entries to clean out.

Re: W32/Blaster.worm please help

Jump to solution

logged back onto user account with virus searched and found defender.exe , in the application files as you said and deleted

but another file also  showed up and was unable to delete says origin is prefetch ?

my next move is to try and run malwarebyte, my fear is if i go on internnet the prfetch will load defender back onto computer

should i get malwarebytes from another computer and put on infected computer? ...hopefully fix computer

Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 15

Re: W32/Blaster.worm please help

Jump to solution

You know, this is something that everybody overlooks, me included. And yet I know about this, because when I had an infection I watched the Microsoft techs go in and do exactly this :-

Go to C:\Windows\Prefetch and delete all entries in that folder whose date/time is earlier than whenever it was you last started your PC.

Then check again to make sure that that file isn't among the entries that are left.

(You will almost certainly need Administrator privileges to delete those files).

Then run Malwarebytes.

Re: W32/Blaster.worm please help

Jump to solution

I was logged as administrator when i got worm

deleted files in prefetch

running malware in full scan still waiting outcome

advice will this program  malware run with mcafee?

should i buy full version from malwarebytes, thought total protection covered everthing surfing net until now

what other programs do you recommend to have with mcafee  to surf net?

Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 15

Re: W32/Blaster.worm please help

Jump to solution

1. The free version of Malwarebytes is an on-demand scanner and it is fully compatible with McAfee.

2. The paid-for version of Malwarebytes runs all the time in memory and it is not compatible with McAfee, because they will interfere with each other's operations. Malwarebytes is not a full anti-virus product, whereas McAfee is. I have found the quote from Malwarebytes about this; it is at the end of this reply. Malwarebytes is very good at detecting certain types of malware infection, and it will clear things that McAfee does not handle well. BUT McAfee will give you protection against the most damaging threats, which Malwarebytes does not handle at all. That is why we recommend you stay with McAfee, but use Malwarebytes as a free helper. Personally, I run a weekly scan with Malwarebytes just to be sure that nothing has slipped past my McAfee protection. So far, Malwarebytes has found nothing serious, but it did wrongly identify a genuine Windows file as a Trojan once. So always check the messages that you get from Malwarebytes, and if in doubt come here (or go to the Malwarebytes forums) and ask for confirmation.

3. There are many other programs that you can use as backups to McAfee. They are not alternatives to McAfee. I have Spybot and SuperAntiSpyware as well as Malwarebytes, and each of those has its own specialist areas of expertise. The best protection you can have is to make sure that you always have the latest updates for your software - Windows, McAfee, Firefox, Chrome, Java, and Adobe especially. There are programs you can download which will monitor your software and make sure that all necessary updates are automatically downloaded and installed - try Filehippo Updatechecker, or Secunia PSI (which others here recommend). If you use Firefox I would advise that you get the NoScript Add-on for your browser.

And that quote from Malwarebytes :

A quote from one of the lead developers of MalwareBytes (Bruce Harrison) :
As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

"No, MBAM can't replace your existing antivirus software and is not designed to."

Edit - The emphases are mine

Message was edited by: Hayton on 16/02/11 16:57:13 GMT
Level 7
Report Inappropriate Content
Message 8 of 15

Re: W32/Blaster.worm please help

Jump to solution

Hello - New user here.  Some great information.  Thanks to those who take the time to provide it!

I had this same issue with the fake Blaster Worm yesterday.  I was able to run McAfee while the computer was clearly infected, the scan picked up nothing.  I rebooted in safe mode and was able to use System Restore to roll back the computer to the last back up (March 11).  Whatever was in my computer now seems to be gone.  I ran another full scan with McAfee and nothing was found (no surprise there...).

My question relates to the following:  I am still nervous that there may be somehting lingering in my PC.  I am hesitant to input any passwords, use online banking, etc.

I am not 100% confident McAfee scans given it didn't see the virus while it was active.  Are there any methods you guys would recommend to be certain that my computer is clean?  Or am I being paranoid?



Re: W32/Blaster.worm please help

Jump to solution

I would say that using System Restore has successfully given you back a clean machine.  But now you should temporarily disable System Restore to delete the infected restore point and then make sure that everything is updated, Windows, McAfee etc.

Keep an updated copy of Malwarebytes Free handy for such occasions.

Message was edited by: Ex_Brit on 17/03/11 7:51:45 EDT AM

Re: W32/Blaster.worm please help

Jump to solution

okay, so i had the same problem...
i removed the defender exe, and also removed the prefetch...

but my CPU usage, which was around 7-10% usually, is now upwards of 20% at all times, even when i have no additional applications running...

is there something wrong? is my computer still infected?

Running, Windows 7 (updated) and McAfee security centre (updated)

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community