Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Blaster.F


Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Attempts a denial-of-service attack
Detection files published 31 Aug 2003 03:00:00
Description created 01 Sep 2003 05:01:00
Description updated 05 Sep 2003 04:16:00
Malware type WORM
Spreading mechanism NETWORK
Summary None



Spreading mechanism identical to Blaster.A, except for the file name used. This variant uses the name "enbiei.exe".

Payload Details

The worm contains code to attempt a denial-of-service attack at the same trigger date(s) as the A variant. However, while the A variant targeted, this variant targets a Romanian site.




Download and install Microsoft patch MS03-026. You may have to download this patch form a clean computer and bring it to your infected computer on a removable media like a floppy or a CD. Also, firewalls should be configured to stop inbound traffic on port 135/tcp at the perimeter; as well as traffic on port 4444. Manual removal 1. Press Ctrl+Alt+Delete on your keyboard, click Task Manager and select the tab Processes. Right-click on the process Msblast.exe and select End process. 2. Return to Windows and click Start | Run 3. Type regedit and click OK 4. In the Registry editor, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value ' = enbiei.exe' 5. Close the Registry editor and restart your machine 6. Finally, you should update NVC, and run a manual virus scan. (Do not start the scan immediately after the download is finished. NVC needs a few minutes to install the updates). On Windows XP you should deactivate System Restore before you run the scan.

Last Updated: 12 Nov 2015 11:06:15