Networks must counter triple threat

• Tags:
• Msblast,
• Blaster,
• Msblast.exe,
• Nachsia

John McCormick

Published: 21 Aug 2003 12:40 BST

• 
• 
• 
• 
• 

Symantec has also made available a free Blaster removal tool that deletes instances of the worm files and eliminates the registry values it adds. Other vendors' sites with removal instructions or tools include F-Secure, McAfee, and Trend Micro.

For those who can read this report but can't stay online long enough to download either the patch or one of the removal tools, here is some hands-on help offered by Global Hauri, which markets ViRobot Experthi.

Global Hauri's Blaster removal instructions

Disconnect your computer from the network.

Reboot the computer in Safe mode by hitting the [F8] function key (top row of the keyboard) while rebooting and choosing the Safe Mode option.

Wait until boot process is completed in Safe mode.

Open Task Manager by simultaneously pressing [Ctrl][Shift][Esc] and then select the Processes tab.

Find and highlight msblast.exe from Processes tab.

To kill msblast.exe, click the End Process button in the bottom of the Processes window.

Click Start and select the Search button. (It looks slightly different in WinNT, Win2K, and WinXP.)

Choose All Files and Folders, type msblast.exe, and then search the entire hard disk. (If you have more than one drive, search them all.)

Delete all msblast.exe instances from the search window.

Reboot in Normal mode and plug in to the network.

Now you will be able to install antivirus software (or update the latest antivirus definitions) and the Microsoft security patch. For advanced users, Global Hauri recommends this extra step: Go to the registry and remove the key reg. msblast.exe from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed