Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

w32 blaster worm help


  • Please log in to reply
No replies to this topic

#1 endorphinz

endorphinz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 16 November 2011 - 12:55 AM

I'm sure it's been a topic of a thread already, but a quick search didn't bring up an obvious thread title (at least obvious to me).

I suddenly had ALL of the programs on my computer unable to open, and I get the balloon saying that the program I'm trying to open has been infected with the w32 blastsr worm (usually written as w32/blaster.worm). I'm in safe mode right now, but need to get rid of this virus asap. Some of my google search results in safe mode are redirecting me as well. I'm on Windows XP.

I did a malwarebytes scan twice (rebooted in regular mode in between scans). The log for the first scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/16/2011 12:23:39 AM
mbam-log-2011-11-16 (00-23-39).txt

Scan type: Quick scan
Objects scanned: 170753
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Brian\local settings\Temp\82A.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\local settings\Temp\MRT.exe (Trojan.Inject) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\local settings\Temp\~!#825.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.



The log for the second scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8172

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/16/2011 12:44:58 AM
mbam-log-2011-11-16 (00-44-58).txt

Scan type: Quick scan
Objects scanned: 168153
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\privacy.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\local settings\Temp\829.tmp (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\local settings\Temp\~!#826.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\local settings\Temp\~!#828.tmp (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.

I'll be rebooting again to see if this last scan did any good, but if anyone can give some advice on how to rid my computer of this thing it would be hugely appreciated.

Thanks.

Edited by endorphinz, 16 November 2011 - 12:57 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users