Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Blaster.B


Threat Risk LOW LOW
Destructivity HIGH HIGH
Payload Identical to Blaster.A
Detection files published
Description created 13 Aug 2003 12:38:00
Description updated 05 Sep 2003 04:17:00
Malware type WORM
Spreading mechanism NETWORK
Summary None



The spreading mechanism is identical to the one used in W32/Blaster.A.

Payload Details

The payload is identical to the one found in W32/Blaster.A.




1. Download and install Microsoft patch MS03-026. You may have to download this patch form a clean computer and bring it to your infected computer on a removable media like a floppy or a CD.. Also, firewalls should be configured to stop inbound traffic on port 135/tcp at the perimeter; as well as traffic on port 4444. Manual removal 1. Press Ctrl+Alt+Delete on your keyboard, click Task Manager and select the tab Processes. Right-click on the process Msblast.exe and select End process. 2. Return to Windows and click Start | Run 3. Type regedit and clik OK 4. In the Registry editor, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value ‘windows auto update = teekids.exe’ 5. Close the Registry editor and restart your machine 6. Finally, you should update NVC, and run a manual virus scan. (Do not start the scan immediately after the download is finished. NVC needs a few minutes to install the updates). On Windows XP you should deactivate System Restore before you run the scan.

Last Updated: 12 Nov 2015 11:06:12