Previous
Worm Exploits Major Windows Flaw
Talkback I was hit by the MSBLAST.EXE worm at 8.28pm (BST) 11 Aug 2003. I have been using Windows NT and then 2000 since 1997 and have never had a worm/virus problem before, despite the fact that I don't have anti-virus software installed (would it have...
[August 13, 2003, 22:56]
Protecting Yourself From The MSBlast Worm
Talkback Dont worry about the MSBLAST.EXE-09FF84F2.pf file you can delete it if you want it does nothing, i downloaded my own copy of MSBLAST.EXE to have a look at the file. It came with a similar pf file called MSBLAST.EXE-1C3A3376.pf but i have yet to...
[November 1, 2003, 12:06]
Update Windows Today - Before It Gets Blasted
Talkback I TRIED TO FOOL THE VIRUS BY DELETING OFF AND CREATING A msblast.exe FILE AND SETTING TO READ ONLY AND HIDDEN. THIS WORK IN THE SENCE IT STOPPED THE MSBLAST.EXE BEING COPIED TO MY PC AGAIN BUT THE VIRUS IS VERY CLEVER.
[August 21, 2003, 14:28]
MSBlast Echoes Through Asia
Talkback Got a Windows XP box, started the computer with F8 (at startup), choosed the Command line only and then removed from Windows\Prefetch the file listed with "dir MSBLAST*.pf", then went to Windows\System32 and removed msblast.exe.started Regedit...
[August 15, 2003, 9:43]
Networks Must Counter Triple Threat
News Find and highlight msblast.exe from Processes tab. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer.
[August 21, 2003, 12:40]
Cleaning Up After The MSBlast Worm
Talkback I had a free trial of a firewall software and fired it and connected to the internet.msblast.exe was detected by the firewall software and I diasabled msblast.exe from sending any info in or out. Very helpful article and very precise.
[August 13, 2003, 16:03]
Protecting Yourself From The MSBlast Worm
News When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer. At this time, antivirus vendors are still analyzing...
[August 12, 2003, 10:15]
Cleaning Up After The MSBlast Worm
News If there is a process named "msblast.exe" running on the system, then it has been infected by the worm. After the system has rebooted it will be necessary to delete the worm's executable file, msblast.exe.
[August 12, 2003, 14:59]
FBI Arrests MSBlast Worm Suspect
News Parson also admitted that he renamed the original 'MSBlast.exe' executable 'teekids.exe' after his online name 'teekid. Federal law enforcement officials confirmed on Friday that they have arrested a suspect in the MSBlast worm attack that...
[September 1, 2003, 8:45]
Preventing And Removing The Nachi Worm
News Nachi (w32.nachi.a, also known as Welchia, worm_msblast.d, and Sachi) exploits the same Microsoft DCOM RPC Windows flaw as MSBlast, but it removes traces of that worm and even downloads the correct version-specific DCOM RPC patch to prevent...
[August 20, 2003, 10:15]
MSBlast Still Spreading Strongly
News In reality, the rate at which the MSBlast worm -- named for the worm's filename, "msblast.exe" -- is compromising computers seems to have dropped only slightly, Ellis said. Earlier reports that network traffic caused by the MSBlast worm dropped 30...
[August 18, 2003, 8:40]
Cleaning Up After The MSBlast Worm
Talkback I seem to have that msblast worm but I dont see msblast.exe on my task manager! Some strange things happen to my PC! I'm not sure if it is a worm but the RPC on my services always automatically stop when I'm online and sometimes even when I'm not...
[August 13, 2003, 21:26]
Cleaning Up After The MSBlast Worm
Talkback I hadn't bothered to check the numerous helpful sites on this lit'l bastard msblast.exe. PG, But I seem to recall Dan Rather talking about it.but I digress. My win2k system was hoplessly compromised, so I re-formatted and reinstalled win2k.
[August 13, 2003, 15:17]
Protecting Yourself From The MSBlast Worm
Talkback i have the worm virus on my computer and i have found the file msblast.exe on my hard drive.the virus won't let me copy, past, cut etc, and it will not allow me to access some programs on my computer and the worst part of all is that i cannot...
[August 13, 2003, 10:22]
Cleaning Up After The MSBlast Worm
Talkback Deleting the file msblast.exe file from the System32 file folder was not all that easy. I also did as you sugested with the Processes tab and MSBlast was not there. After I shut Norton down I did a system search for msblast and found nothing.
[August 13, 2003, 5:41]
Protecting Yourself From The MSBlast Worm
Talkback What is MSBLAST.EXE-09FF84F2.pf it is in my C:\WINDOWS\Prefetch file. I have cleaned up the worm but this is still on my computer in this file. I don't know if i should delete it or not.
[August 13, 2003, 4:41]
Cleaning Up After The MSBlast Worm
Talkback My WIN2K system has been infected with the blaster worm, but I don't see the msblast.exe or mblast.exe in my Task Manager. I ran the fixbalst Tool from Symantec but I get the message "W32.Blaster.Worm has not been found on your computer" When I m...
[August 16, 2003, 10:04]
Protecting Yourself From The MSBlast Worm
Talkback Please terminate the process msblast.exe from taskmanager.and then try to delete this file. It won't you fetch updates from Mirosoft site (and that's the purpose of this worm). Otherwise boot in safe mode and then delete this file.
[August 13, 2003, 13:36]
Cleaning Up After The MSBlast Worm
Talkback I did delete the file MSBlast.exe from the Registry. I'm trying to clean up the MSBlast worm from my computer. Hi, But, I'm unable to logon to the following web-site as suggested : http://windowsupdate.microsoft.com/
[August 13, 2003, 18:53]
Cleaning Up After The MSBlast Worm
Talkback MsBlast.exe is also a Write protected file so thats why it might not let you delete it. Hey guys! If anyone is still having problems with the computer rebooting due to the virus, go to: Start, Run type in "COMMAND" you then will get a DOS prompt...
[August 15, 2003, 15:41]
