1 2 Previous Next 14 Replies Latest reply on Sep 22, 2011 5:12 AM by exbrit

    W32/Blaster.worm     please help

      I have the  W32/blaster.worm on my computer. I am running mcafee total protection on 3 computers upgraded a month ago .  It occured yesterday when I went onto web site photography.com and clicked a video on the screen indicating how to take better pictures.

       

      The display comes up spyware protection and wants me to subscribe,

      I ran mcafee runs a full scan a finds 1 problem but won't fix.

      I cannot open a  programs says infected with w32/blaster.worm

      tried running in safe mode and safe mode with networking and the computer shuts off goes black reboot and the same thing again, stays on about 30 seconds

      the computer will stay on if i log onto normal mode ,the account that the virus  is on.

      downloaded the malwarebytes.com file and unable to run tried renaming and still no luck on the efffected login account

      tried the same thing with rkill.com no luck

      I never tried a system restore , i don't want to loose pictures

      turned off system restore, turned on firewall still all no good

       

       

      please help

       

       

      d

        • 1. Re: W32/Blaster.worm     please help
          Hayton

          Okay, don't panic. Malwarebytes will be able to get rid of this, we just have to figure out how to get it to run on your system.

           

          First, Malwarebytes advises that you run their program in normal mode, not safe mode :

          "Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails.

          If you installed MBAM in safe mode, you should reinstall it."

           

          The removal instructions for this rogue program are here : if you were unsuccessful before, check that what you did then is what they are advising you to do in these instructions.

           

          Was the account you were using one that had full administrator privileges? If not, you should try again in one that does; this will allow Malwarebytes to access all files in all user accounts. Beware of going onto the web using such an account in everyday use, since if a virus does hit you then it automatically has access to your whole system, instead of only to those files that a limited-privilege account is allowed to use.

           

          Let us know if you're still unable to make progress, and we'll devise some way to get this to work.

          • 2. Re: W32/Blaster.worm     please help
            Hayton

            Follow-up suggestion : this fake program will be named "defender.exe" and should be in C:\documents and settings\{username}\application data

             

            The actual path might be slightly different depending on your operating system. If you find that file, delete it and then try downloading and running Malwarebytes. You may have got rid of the program but there will be registry entries to clean out.

            • 3. Re: W32/Blaster.worm     please help

              logged back onto user account with virus searched and found defender.exe , in the application files as you said and deleted

              but another file also  showed up defender.exe-2708cefc.pf and was unable to delete says origin is prefetch ?

              my next move is to try and run malwarebyte, my fear is if i go on internnet the prfetch will load defender back onto computer

              should i get malwarebytes from another computer and put on infected computer? ...hopefully fix computer

              • 4. Re: W32/Blaster.worm     please help
                Hayton

                You know, this is something that everybody overlooks, me included. And yet I know about this, because when I had an infection I watched the Microsoft techs go in and do exactly this :-

                 

                Go to C:\Windows\Prefetch and delete all entries in that folder whose date/time is earlier than whenever it was you last started your PC.

                 

                Then check again to make sure that that file isn't among the entries that are left.

                 

                (You will almost certainly need Administrator privileges to delete those files).

                 

                Then run Malwarebytes.

                • 5. Re: W32/Blaster.worm     please help

                  I was logged as administrator when i got worm

                  deleted files in prefetch

                  running malware in full scan still waiting outcome

                   

                  advice will this program  malware run with mcafee?

                  should i buy full version from malwarebytes, thought total protection covered everthing surfing net until now

                  what other programs do you recommend to have with mcafee  to surf net?

                  • 6. Re: W32/Blaster.worm     please help
                    Hayton

                    1. The free version of Malwarebytes is an on-demand scanner and it is fully compatible with McAfee.

                     

                    2. The paid-for version of Malwarebytes runs all the time in memory and it is not compatible with McAfee, because they will interfere with each other's operations. Malwarebytes is not a full anti-virus product, whereas McAfee is. I have found the quote from Malwarebytes about this; it is at the end of this reply. Malwarebytes is very good at detecting certain types of malware infection, and it will clear things that McAfee does not handle well. BUT McAfee will give you protection against the most damaging threats, which Malwarebytes does not handle at all. That is why we recommend you stay with McAfee, but use Malwarebytes as a free helper. Personally, I run a weekly scan with Malwarebytes just to be sure that nothing has slipped past my McAfee protection. So far, Malwarebytes has found nothing serious, but it did wrongly identify a genuine Windows file as a Trojan once. So always check the messages that you get from Malwarebytes, and if in doubt come here (or go to the Malwarebytes forums) and ask for confirmation.

                     

                    3. There are many other programs that you can use as backups to McAfee. They are not alternatives to McAfee. I have Spybot and SuperAntiSpyware as well as Malwarebytes, and each of those has its own specialist areas of expertise. The best protection you can have is to make sure that you always have the latest updates for your software - Windows, McAfee, Firefox, Chrome, Java, and Adobe especially. There are programs you can download which will monitor your software and make sure that all necessary updates are automatically downloaded and installed - try Filehippo Updatechecker, or Secunia PSI (which others here recommend). If you use Firefox I would advise that you get the NoScript Add-on for your browser.

                     

                     

                    And that quote from Malwarebytes :

                    A quote from one of the lead developers of MalwareBytes (Bruce Harrison) :
                    ...
                    As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
                    ...
                    Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

                    "No, MBAM can't replace your existing antivirus software and is not designed to."

                     

                    Edit - The emphases are mine

                     

                     

                    Message was edited by: Hayton on 16/02/11 16:57:13 GMT
                    • 7. Re: W32/Blaster.worm     please help

                      Hello - New user here.  Some great information.  Thanks to those who take the time to provide it!

                       


                      I had this same issue with the fake Blaster Worm yesterday.  I was able to run McAfee while the computer was clearly infected, the scan picked up nothing.  I rebooted in safe mode and was able to use System Restore to roll back the computer to the last back up (March 11).  Whatever was in my computer now seems to be gone.  I ran another full scan with McAfee and nothing was found (no surprise there...).


                      My question relates to the following:  I am still nervous that there may be somehting lingering in my PC.  I am hesitant to input any passwords, use online banking, etc.

                       

                      I am not 100% confident McAfee scans given it didn't see the virus while it was active.  Are there any methods you guys would recommend to be certain that my computer is clean?  Or am I being paranoid?


                      Thanks!

                       

                      -Justin

                      • 8. Re: W32/Blaster.worm     please help
                        exbrit

                        I would say that using System Restore has successfully given you back a clean machine.  But now you should temporarily disable System Restore to delete the infected restore point and then make sure that everything is updated, Windows, McAfee etc.

                         

                        Keep an updated copy of Malwarebytes Free handy for such occasions.

                         

                        http://www.malwarebytes.org/mbam.php

                         

                        Message was edited by: Ex_Brit on 17/03/11 7:51:45 EDT AM
                        • 9. Re: W32/Blaster.worm     please help

                          okay, so i had the same problem...
                          i removed the defender exe, and also removed the prefetch...

                          but my CPU usage, which was around 7-10% usually, is now upwards of 20% at all times, even when i have no additional applications running...

                          is there something wrong? is my computer still infected?

                           

                          Running, Windows 7 (updated) and McAfee security centre (updated)

                          1 2 Previous Next