W32 Blaster Worm Removal

Protect Your Computer Now!

By: - Software - July 14, 2011
w32 blaster worm removal protect your computer now

One of the world’s worst worm viruses was first detected in late summer of 2003.  The W32 Blaster worm virus spread by taking advantage of the BID 8205 or Microsoft’s DCOM RPC Interface Buffer Overrun Vulnerability issue.  Initially the answer to the W32 Blaster worm removal process was a Microsoft security-based patch, the MS03-026.  However, it continued to attack computers that had varied Microsoft operating systems.  It could not do anything to Unix, Apple and some other specialized OS platforms.  It would try to get a copy of the virus maker’s msblast, penis32, teekids, mspatch, mslaugh and/or your enbiei execution files from the virus maker, downloading these files into your system folder, attacking other computers through localized networks and the Internet by running scans from your computer for computers that were equally as vulnerable as yours.  Please note that other names for this worm include W32 Blaster.A.Worm, W32 Blaster.B.Worm, W32 Blaster.C.Worm, W32 Blaster.D.Worm, W32 Blaster.E.Worm, and W32 Blaster.F.Worm.

If you have the W32 Blaster virus in a system that is run with Windows XP, for example, the virus can stop the display of the Windows message that alerts you to a restart of your system by your operating system because of a RPC or remote procedure call.  As such your computer can restart itself due to the virus about every 3 minutes without any warning.  This will prevent you from saving any work or logging off.  Worse, it can mean that anything you were working on that was not saved will be totally lost.  So, what can you do? Well, first, to initiate W32 Blaster worm removal, you must install the patch mentioned earlier by pressing WinKey and R simultaneously.  You should type: ‘shutdown –a’.  Second, you should click on okay and press your enter button.  You can then download the patch and run a worm removal tool from one of the options, preferably either the Symantec or McAfee tools.  Third, start up your computer again and get back onto the Internet, running the worm removal software one more time to be sure that your system has been thoroughly cleaned.  To ensure that you are fully protected, do not rely solely on your existing anti-virus software.  To ensure proper W32 Blaster worm removal, you should download Malwarebytes Anti-Malware, Spybot S D, and SpyBlaster softwares, having them run scans after installing them and then set them to do daily scans to avoid trouble.

W32 Blaster worm removal can also be done manually if your system has been overly compromised.  You should still download the recommended protection software for future use, keeping open and installed working copies on a USB flash drive and CD.  Then, to ensure that the W32 Blaster virus remove procedure has been done properly, install the patch as instructed earlier.  Use control-alt-delete at the same time or control-alt-shift simultaneously until the task manager tab begins running.  Then, click the tab for processes and look for the execution files mentioned at the beginning of this article.  Click on the ‘end process’ tab and close your manager.  Open your editor for your Windows Registry, clicking start and then run.  Type in ‘regedit’, followed by clicking on okay and your enter button.  Search for the following entry, ‘HKLMSoftwareMicrosoftWindowsCurrentVersionRun’, looking to your right pane for the ‘windows auto update = msblast.exe’, deleting it.  Again, restart your computer, connect back to the Internet, download the important protection software mentioned previously, and run the relevant scans.  You should also delete the following registries, if they have not been done so already, including:

  • C:WindowsSystem32enbiei.exe
  • C:WindowsSystem32msblast.exe
  • C:WindowsSystem32mslaugh.exe
  • C:WindowsSystem32penis32.exe
  • C:WindowsSystem32mspatch.exe
  • C:WindowsSystem32teekids.exe
  • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun “windows auto update”=”msblast.exe”

Photo: early computer – copyright 2005, Boffy b – reproduced under Creative Commons Attribution Share-Alike License 3.0 Unported, http://en.wikipedia.org/wiki/File:IBM_PC_5150.jpg