Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Blaster.C

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 13 Aug 2003 02:04:00
Description updated 05 Sep 2003 04:17:00
Malware type WORM
Alias
Spreading mechanism NETWORK
Summary None

W32/Blaster.C

Spreading

The spreading mechanism is identical to the one used in W32/Blaster.A.

Payload Details

The payload is identical to the one found in W32/Blaster.A.


Analysis

n/a

Removal

1. Download and install Microsoft patch MS03-026. You may have to download this patch form a clean computer and bring it to your infected computer on a removable media like a floppy or a CD. Also, firewalls should be configured to stop inbound traffic on port 135/tcp at the perimeter; as well as traffic on port 4444. Manual removal 1. Press Ctrl+Alt+Delete on your keyboard, click Task Manager and select the tab Processes. Right-click on the process Msblast.exe and select End process. 2. Return to Windows and click Start | Run 3. Type regedit and clik OK 4. In the Registry editor, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value ‘windows auto update = penis32.exe’ 5. Close the Registry editor and restart your machine 6. Finally, you should update NVC, and run a manual virus scan. (Do not start the scan immediately after the download is finished. NVC needs a few minutes to install the updates). On Windows XP you should deactivate System Restore before you run the scan.


Last Updated: 12 Nov 2015 11:06:11