BLEEPINGCOMPUTER NEEDS YOUR HELP!
BleepingComputer is being sued by Enigma Software because of a negative review of SpyHunter.
A case like this could easily cost hundreds of thousands of dollars. If we have ever helped you in the past, please consider helping us. To learn more and to read the lawsuit, click here.
CONTRIBUTE TO OUR LEGAL DEFENSE
All unused funds will be donated to the Electronic Frontier Foundation (EFF).
LET OTHERS KNOW
Infected by the W/32 Blaster worm - Vista laptop please advise on how to remove
Posted 26 January 2011 - 12:29 PM
I have recently got the W/32 blaster worm on my laptop (Vista operating systeM) and don;t seem to be able to get rid of it. I keep getting the following error messages:
TCrdMain.exe cannot srart - File TCrdMain.exe is infected with the W/32 Balster Form Pelase Activate Spyware protection to protect your computer.
I have tried the following to resovle the issue:
Created an Ubuntu Install disk and booted up the infected laptop from that. Used the Ubuntu anti-virus software to scan the laptop. It found no viruses! I also tried to logon to the Internet from Ubuntu. This was successful and I could download Dr spyware but when I ran the executable file I got the following message: "End-of-central-directory signature not found. either this is not a zipfile or its constitutes one disk or a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk of the archive".
I have also tried to run numerous pieces of software from the net (Kaspersky AVG etc)but my laptop shuts them down as soon as they start to run.
Fianlly I tried to run Spyware Dr and AVG from a USB stick when the laptop was in safe mode - but to no avail. the laptop wnated to access the internet, which of course it couldn't as the laptop was in safe mode.
Any advice on how to get rid of this worm, would be most gratefully received! Thank you.
Edit: Moved topic from Vista to the more appropriate forum. ~ Animal
BC AdBot (Login to Remove)
Posted 26 January 2011 - 01:50 PM
Microsoft addressed this vulnerability with a security update several years ago. Blaster targets computers with out-of-date software, and those computers remain at risk of infection until the update is installed. However, if your machine has been kept updated with all service packs and critical patches and you do not have these symptoms, I doubt you actually have this infection.
You are most likely receiving a bogus warning message or fake alert from a Rogue security program indicating that your computer is infected. These rogue programs are one of the most common sources of malware infection encountered today.
Please reboot in "safe mode with networking", then download Malwarebytes' Anti-Malware (v1.50.1) and RKill by Grinler, saving them to your desktop.RKill.exe Download Link
RKill.com Download Link
RKill.scr Download LinkRenamed versions if the above do not work:
iExplore.exe Download Link
eXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download LinkRKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.
Reboot normally, then proceed as follows:
- Double-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs.
- Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.
- A log file will be created and saved to the root directory, C:\rkill.log
- Copy and paste the contents of rkill.log in your next reply.
Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.
Perform a Quick Scan in normal mode with Malwarebytes' Anti-Malware and follow these instructions. Check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
BleepingComputer is being sued by Enigma SpyHunter. Help defend its right of Free Speech!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users