Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Blaster.D


Threat Risk LOW LOW
Destructivity NONE NONE
Detection files published 18 Aug 2003 03:00:00
Description created 19 Aug 2003 12:45:00
Description updated 05 Sep 2003 04:18:00
Malware type WORM
Spreading mechanism NETWORK
Summary None



The spreading mechanism is identical to the one used in W32/Blaster.A.

Payload Details





Download and install Microsoft patch MS03-026. You may have to download this patch form a clean computer and bring it to your infected computer on a removable media like a floppy or a CD. Also, firewalls should be configured to stop inbound traffic on port 135/tcp at the perimeter; as well as traffic on port 4444. Manual removal 1. Press Ctrl+Alt+Delete on your keyboard, click Task Manager and select the tab Processes. Right-click on the process Msblast.exe and select End process. 2. Return to Windows and click Start | Run 3. Type regedit and clik OK 4. In the Registry editor, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value ‘windows auto update = penis32.exe’ 5. Close the Registry editor and restart your machine 6. Finally, you should update NVC, and run a manual virus scan. (Do not start the scan immediately after the download is finished. NVC needs a few minutes to install the updates). On Windows XP you should deactivate System Restore before you run the scan.

Last Updated: 12 Nov 2015 11:06:12