Other variants of Blaster Worm:
- W32.Blaster.A.Worm
- W32.Blaster.B.Worm
- W32.Blaster.C.Worm
- W32.Blaster.D.Worm
- W32.Blaster.E.Worm
- W32.Blaster.F.Worm
In order to remove Blaster worm from the infected computer you need to install Microsoft patch and then run W32.Blaster.Worm removal tool or remove the worm manually. Accidental computer shut downs prevents the required patch and removal tools from being downloaded and installed. Thankfully, there is an easy way to stop this. Please follow W32.Blaster.Worm removal instructions below.
Important! If you've got the following notification, your computer is infected with a rogue antivirus program and not the original W32.Blaster.Worm.
To remove the rogue antivirus program from your computer, please follow this removal guide.
However, if you believe that your computer is infected with the W32.Blaster.Worm, please follow the removal instructions below.
Download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.
W32.Blaster.Worm removal instructions:
1. Select Start -> Run (or press WinKey+R)
2. Type in: shutdown -a
3. Click OK or press Enter.
4. Download and install Microsoft patch MS03-039.
5. Then run W32.Blaster.Worm Removal Tool. You can choose one of these:
6. Restart the computer and re-connect to the internet. You should run Blaster Worm Removal Tool again to ensure that your computer is clean.
7. Download recommended anti-malware software (direct download) and run a full system scan to remove this worm from your computer.
The worm can download additional malware onto your computer. We have to make sure that your computer is not infected with other malicious software, specifically trojan downloaders.
W32.Blaster.Worm manual removal instructions:
1. Download and install Microsoft patch MS03-039.
2. Press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager or a screen where you can select the Task Manager to be run.
3. Click on the Processes tab.
4. Look for a process(es) named msblast.exe, penis32.exe, teekids.exe, mspatch.exe, mslaugh.exe, enbiei.exe in the list
5. Click the process(es) to highlight it and then click the End Process button. Close Task Manager.
6. Open Windows Registry Editor (click Start -> Run. Type Regedit and click OK or press Enter).
7. Locate the HKLM\Software\Microsoft\Windows\CurrentVersion\Run entry.
8. In the right hand pane select windows auto update = msblast.exe and delete it.
9. Restart the computer and re-connect to the internet.
10. Download recommended anti-malware software (direct download) and run a full system scan to remove this worm from your computer.
The worm can download additional malware onto your computer. We have to make sure that your computer is not infected with other malicious software, specifically trojan downloaders.
W32.Blaster.Worm files and registry values:
Files:
- C:\Windows\System32\msblast.exe
- C:\Windows\System32\penis32.exe
- C:\Windows\System32\teekids.exe
- C:\Windows\System32\mspatch.exe
- C:\Windows\System32\mslaugh.exe
- C:\Windows\System32\enbiei.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "windows auto update"="msblast.exe"
103 comments:
ok i cant do any of that.... this worm keeps closing any window whether its my utillaty or task messnger, + i found the files but dniess me access to dealet it plz respond what do i do?!?!?!
you have to go in safe mode
I can't open the registry editor in normal or safe modes because of this stupid worm...is there another way to do this?
I have the same prob . When I go into safe mode I can't find any of the files its telling me to delete. Any clues on what to do next?
If you open run and type in regedit it should open. From there go to edit-> find -> and search for each of the listed exe's you should fine one of them. I searched for msblast and found it. Delete the entry and the worm will close allowing you to run the removal tool!
hello, I have Windows Vista and I don't know a lot about computers but I'm learning. I have the worm and I am not able to open anything. I go to safe mode with network and i run the FIXBLAST and I get a msg that W32. Blaster.Worm has not been found oun my computer. At one point when I was on regular mode the icon read Defender instead of Security protection. This is so difficult! Any advise?
have the same prop only task manager will open cannot find the file needed to delete the worm
have the same w32/blaster.com worm problem i am only able to get task manager on the screen with background picture not showing any programs cannot acces start menu have working mouse and keybord at the moment.
Safe mode? Can't find any of the files in the registry and obviously can't get on the internet to download any patches. Regular mode? Can't open any windows because the worm won't allow me to. No IE, no Task Manager...nothing. Any other suggestions?
regedit wont work for me,how do i get it in safe mode
when i do safemode and do task manager the .exe files arent there help!!!
I'm having the same issue. regedit doesn't work and the task manager window closes automatically as well.
Any other advice?
I can't do anything. I try and go to task manager and won't let me do anything. Task manager pops up and closes quickly. Can't get online, can't open any files. Please help anyone.
This is what I did: Go into safemode with networking, Go to run or your program bar in the start menu, type in Regedit and press enter, locate the HKLM\Software\Microsoft\Windows\CurrentVersion\Run, then look for Security Protection, and delete it. Then go through your program files and find all the defender shortcuts it may have created and delete them. Then just restart your computer and connect to the internet to install the patch. I literally just did all of that and it's fixed now.
How do I go into safe mode?
hold down f8 when starting up the pc
Any clues on how to identify defender shortcuts in the program files?
i can't open anything because this worm !
Yes how do I go into safe mode??Thanks
I can't open anything at all, not the Internet or anything else on my computer! It's the only one I own! It says Iexplorer is infected by w32/blaster worn
I am in smode, to regedit, but how to locate that HKLM?
Please help
I started my computer up in safe mode and downloaded the patch to get rid of the worm and it says the worm cannot be found. When I start my computer up regularly, the worm is still there. There also isn't anything in my processes in safe mode that's apparently supposed to be there. I can't open anything if it isn't in safe mode,so trying to download anything any other time isn't an option. So now what?
If you are running Windows XP, all I did was start up in safe mode by tapping F8. Chose Safe Mode with networking. Opened System Tools from the Start menu. Opened system restore and restored to an old system checkpoint. Restarted and works fine now.
Why wont it let me download the patch?
i have windows 7 i need the link for the worm blaster on it
I have a brand new laptop running windows 7 and have this malware. If MS have fixed this, how have i got the worm?
How to you locate the HKLM files i only can see HKEY files???
HKLM = HKEY_LOCAL_MACHINE
HIART= IT TURNED THE KEYBOARD OFF AND MOUSE PAD ON LAPTOP
I did exactly what Anonymous posted on 8/23 @ 9:41 posted and it worked. I tried everything else and nothing worked. This was the only thing that helped.
Tried all this and its not working . Before I can type commands it automatically shuts down and in safe mode I can't do too much either ugh
Unfortunately I appear to be in much the same boat. Normal mode is an utter, unworkable disaster with only the "Security Protection" miraculously able to work. Safe mode worked the first time I ran it, but granted none of the results indicated in the above-mentioned fixes. By the time I tried Safe Mode with networking, my laptop too had succumbed to an inability to have a functioning mouse or keyboard upon start up. Consequently, all of the fixes mentioned herein have been rendered ineffectual. Any suggestions? -JH
All you have to do is go into safe mode and do a system restore to a few days earlier. I just did it and it worked perfectly.
i can't go to the safe mode, by pressing f8...what else can i do?
where and how can i download the patch?
Did the system restore. Works perfectly now.
will system restore work on windows 7
Thank you! I also started computer in Safe Mode and performed a System Restore and the worm is gone! I have Windows Vista.
System Restore does work for windows 7
I got rid of this virus by simply going to Microsoft's website and downloading the "microsoft safety scanner". The virus is also known as FakeRean. I booted in safe mode, downloaded the tool, and ran a scan. So far, so good.
I have Windows 7 and I cannot get into Safe Mode, what do I do now?
Windows 7
to start in safe mode - when you are pushing the power button keep tapping the F8 and it will open in safe mode - key down to Safe Mode with Networking and try fixing from there.
I am doing the same right now myself.
Windows 7
push power button while constantly pressing the F8 - at same time - this will start safe mode
Just did a System Restore by hitting F8 during start up, accessing Safe Mode with Networking, and now don't seem to be getting any errors whatsoever or anything about the worm. Should I still run any malware programs just to be safe? Also, how may this worm be contracted?
If you are running Windows XP, all I did was start up in safe mode by tapping F8. Chose Safe Mode with networking. Opened System Tools from the Start menu. Opened system restore and restored to an old system checkpoint. Restarted and works fine now.
August 23, 2011 9:41 AM
IT WORKS.....
o.k. I have it too. I think worse than most. it has taken over my windows c: drive. it has moved c: drive to d:drive.which is a dvd-rw. it has created removable storage drives, examples: drive e:-f:-g: and so on. this is to hold all the programs and files. but as we all know the dvd-rw does not have the room to store that much info.going deep into files I can see the virus. I have followed the path to which ones are corrupt.in doing so I found microsoft office had been used to create fake icons. (re: drives e: & f: and so on) It has also created fake desktop icons. some of which hold the files for the virus. ((in the properties of the icons(right click icon) the bytes are way to big for a short cut icon)). all this adds up to is the c: drive still has all the programs in it. this tells me the virus has created a loop (bypass) of the c:drive, to make it look like its in the d:drive. It has also created a fake usb port.(I'm on wireless hook up through a usb port) This is to ensure that I cant log onto the internet. It has control of administrators tools. so most programs and files cant be deleted by me. here is where it gets tricky!! start-up- in safe mode or even on the recovery disc, pulls up the fake d:drive. so in the safe mode you are seeing the corrupted files. do to that it opens the d:drive, so any changes you make are only fake!! the recovery disc wants to start in the d:drive instead of the c:drive. and it pops up to tell me that d:drive cant read the disc.( funny, cause that is what the d:drive is there for. being a dvd-rw drive and all). in the files that are corrupted, even if it lets you delete it. it has backup! right click the file and open properties, click previous. and it has more files to choose from. and they can not be deleted. it restores itself! I'm not a computer expert and know little about programs and files. but this worm has ticked me off!!! and I am determined to solve this without sending it to a computer store. and spending hundreds on it!! will keep you posted on what I find. and am open to help! average guy in Ohio
If you go back to an old system checkpoint (not even quite sure I know what that means) will you lose all your documents etc?
When a problem comes like worms or so (and you're not able to run/use Task Manager) i suggest to use a Linux distro on Live CD.
It a good think also to navigate System Information folders, that are not accessible on a machine that run Windows..
Hope this helps
Hey everyone. So, I did that thing for the people with Windows 7 (safe mode/system reboot/etc), but it doesn't work as smoothly as some other people. This blue screen pops up, restarts, and then again with the blue screen. Any suggestions? Should I still download the patch?
MY LAPTOP IS WINDOWS 7 AND WHEN I TURN ON THE COMPUTER AND PUSH F8 IT DOES NOT WORK AND WHEN I PUSH START AND RUN AND TYPE IN SHUTDOWN A OR THE OTHER THING IT DOES NOT WORK I CAN NOT DO SYSTEM RESTORE CUZ THE WORM BLOCKS EVERYTHING THAT I CLICK ON EVEN EXPLORER I THINK MY COMPUTER IS SCREWED BUT DOES ANYONE HAVE ANYTHING BETTR???
Hi had this virus yesterday , with alot of work I got it, now I had to download stopzilla and it has the files in quarantine...now I would like to remove stopzilla, but if I delete that program will the virus make it's way back on my system? I did not purchase stopzilla btw ....
thanks
Hey there,
So I have nearly all the problems described above and tried everything you explain.
I cant do anything in normal mode. The worm closes every window!
In safe mode it seems not to exist.
I cant perform a system restore because I cant find an old version where to restore to...
Anymore tipps?
Once I resolve this OR not. This Saturday, I am converting into iMac. More expensive, but this PC platform is too aggravating. Done with it!
ATTENTION EVERYONE!!! i just deleted the program on my computer. this may be temp but it will give u time to get on internet and get a anti malware program. first reboot computer (manually) when the options - start normally safe mode, choose Safe Mode. then get on. go to your computer option. type in the bar %appdata% down below should be a program with the shield icon and a bunch of random words like xeahdghirhgw. delete that. also there may be an icon to. delete that also
My computer got infected, then when I restarted it is stuck "loading windows". Any tips?
OMG I am completely computer challenged and the safe mode with networking plus restore to an earlier time worked!!! I can't believe it. <3 going out to all the helpful comments.
do not download anything to remove blaster worm.... go take it out of the registry .... and restart the computer....if you cannot get to it star the computer in safe mode.. thanx yours truly THE COMPUTER GOD :)
im now restarting my comp to a earlier system, not sure if it will work been doing this for 3 hours
I have a not so legit copy of win7 and I had to restart in safe mode and I was able to pick a restore point and it worked!
I got rid of the problem easily by following the directions of anonymous, August 23, 2011 9:41 AM. Went into safe mode and went back to a restore point. Solved!
Doing a restore piont on the comp seems to work well, i have been able to go into the windows folder and see the system 32 folder havent tried to maually delete these files yet tho am on a library comp now but will try when i get home now that i know which exe s to look for be sure you know exactly what to delete out i was able to find and edit the files that the worm had listed too by following the worms own infection folder path found a few files didnt find some but for those of you that cant delete the files make your window about half size where you can see part of your desctop then clik the file you want to delete then hit CUT from the folder its in and PASTE IT onto your desktop then you can drag it into or delete it into your recycle bin that worked for me if it was blocked from a standard delete, hope this helped guys good luck.
ok so i hav the worm or w.e. i cant open ANYTHING. cant open internt or ne thing. says eiexplorer worm message. soooo how do i fix it or download patch without having internet??? plz let me no. i hav a ton of homework to do online and cant get to it
how do i download the patch
It's not the worm, you have a rogue anti-malware program called "Privacy Protection" or something like that. Restart your computer in safe mode with networking, download STOPzilla. Then go back into normal mode again and run it.
i have windows 7 and its on here is it the same way as any other type of windows?
Yes, I noticed yhat the roque program called privacy protection was trying to tell me I needed to pay 59.95 to fix the worm blaster 32 problem. This should be illegal to do. Going into safe mode and restoring my computer to an earlier date fixed the problem.
I did the same as Anonymous on August 23, 2011 at 9:41 am and it worked on my Toshiba Laptop with windows vista. I first restarted my laptop and while it was restarting I pressed F8 button a few times and went to newtwoking safety mode and pressed enter. I then went to the start menu and opened "system restore" and restored to an old system checkpoint. Restarted and it works great.
Ok, just did the restore thing and it seems to be working. Thank you to everyone who posted on how to get rid of that stupid worm. Now, is there anything that needs to be done just in case?
Start computer in safe mode.
Click my computer
Type in search: .exe
Locate: privacy.exe and delete (also goes under Different names, but look at date modified) has a shield to make it look legit.
Start computer normal mode and then run virus software to remove the remaining files.
1o minutes or less all that is needed.
Exactly as anon said above...its not blaster worm in my case either ....super anti spyware download in safe mode ....run in normal...after run msconfig and disabling anything looking suspicious....worked
Wow! Got rid of it. Only helpful tip for me was the one posted by Anonymous on November 12, 2011 1:23 PM. Nothing was accessible- task manager, Run command, safe mode, registry... Then I tried this- Found the "Privacy.exe" file in "Application Data". Drag to desktop>>rename to something else>>restart>>Delete the renamed file immediately as soon as visible>>empty recycle bin. Then I removed the registry file "privacy.exe" located in HKEY "Current User". Look also in HKEY "Local Machine".
Boot in safe mode then search system restore.
Restore to an earlier date. I run vista on a sony vaio.
Just a word to the wise. The last thing I did on my computer prior to getting the worm was to update my adObe flash player 11x. Don't know of it helps but it looked official. As soon as I restored the computer. The dialog box for adobe popped back up. This tine I denied the update.
Thank you anon for ur posting on November 17@ 7:47pm, I'm running windows vista and it worked just as you said it would! I tried some of the earlier postings w no luck! Thank you again!
Thank you Anonymous who posted on 8/29 @ 9:41 am!!! Did exactly what you said and my Window Vista is up and running!:D
how do you get Windows XP to load in safe mode
@The Guy Above Me: When your computer is starting up, repeatedly press F8. You should get a screen asking you to choose how to start up windows. Using your arrows keys to scroll up and down and enter to select and option, go to safe mode or safe mode with networking (which allows you to use the internet). You will likely get a screen that shows various processes starting up; don't worry, this is normal. When Windows has completely started up, you might get prompted to return to regular Windows mode. Just say no. You should now be free to use Windows in safe mode.
well it worked for me. What I did was to keep hitting ctrl+alt+delete until I timed the taskmaster box so the arrow was over end task and hit it just right. It make take many times but you will catch it
Thank you thank you thank you for the advice of starting the computer in safe mode, and then restoring your computer to an earlier date. my computer now works again!!! :)
I am frustrated. Could someone please give me a step by step process on how to get rid of worm blaster. I have windows vista
I finally got rid of it, I didn't have to start my PC in safe mode. Well I did have trouble with accessing my files because the virus would try to stop every file I opened. So what I did is went to start menu> search>type in "privacy.exe" , when you locate it delete that sucker and empty the recycle bin. I then updated my malware program, I use Malwarebytes' Anti-Malware, ran a full scan of my system. Found the viruses and deleted them. I took note where in the system the anti-malware found the files. Restarted the PC , then went to start menu>run>type in "regedit">clicked on HKEY_CURRENT_USER, or wherever the virus was located and double checked if it's out of the registry, which it was.
Also had that darn worm. Started up the computer, kept hitting F8 right away (keep tapping it). Was able to take the computer back to a safe point in time. There is a little block you can check to get more safe times to come up. Now the worm is gone and it is working okay now. Thank you to everyone! (I have windows 7)
I've deleted all the privacy.exe files... Now what?
Thank you! I followed your directions and the procedure removed W32/Blaster.worm from my computer!
To prevent form getting more viruses use avast! antivirus(free edition), or Avira antivirus(free edition) and use Spybot search and destroy(download from safer-networking.org), Hitman pro, or malware bytes. Don't use spyware doctor it is a scam.
Hi All,
I'm using Windows XP 32bit, went into safe and normal mode and couldn't find the file anywhere. Restore point didn't work for me. However after performing the "shutdown -a" command I manually updated Mcafee's antivirus and Windows inmediately (it seems updates were blocked by the virus) . After that I went into safe mode again and ran the antivirus and Antimalware software and didn't find anything... It's been almost 24 hours and computer still working fine..Will post again if some arises..Thanks!!
i have windows xp professional (dell laptop) and when i start up my laptop in safe or normal mode, i go to start menu and click on all programs and it says 'empty'.. so i cant run anything..please help!!
-V-
Got the w32.blaster worm virus today went online and followed Anonymous 8/23 9:41 post and it has worked. It took me several tries to get into safe mode but finally after holding down f8 key and power button several times out of frustration much to my surprise the safe mode screen came up I went ahead and restored to last date shown and computer restarted and all seems to be fine. Keeping my fingers crossed!!!! I had this same virus on another computer last year and it cost me $149.00 to have it removed. THANK YOU ANONYMOUS YOU ARE MY HERO!!!!
system restore in safe mode works!
This worm has new random generated name.
What I did is hit ctrl-alt-delete as soon as I login to bring up task manager.
From task manager, find suspicious program, write down the exe name. Kill the process. Go to \users\yourUName\appdata\local, delete that piece of junk.
Go to regedit, find and delete that program.
Good luck.
Just tried hitting system restore whilst in safe mode but message keeps coming up saying this file does not have a program associated with it and telling me to create an association in the set associations panel. Help?
Safe mode F8,system restore on search,restating computer DONE....
Thank you, Thank you, Thank you so much 9:41 anon and the anon who related the worm to downloading faulty adobe software. You guys saved me from getting many zeros in school tomorrow. Again, thanks a lot.
Omg thx a lot u are the best I did exactly what u said and it work :-)
SAFEMODE and then restore did the trick!!!!
I’m posting this comment mainly to thank several people here that got me thru this nightmare! I have a laptop running Windows Vista. What worked for me is the comments by ITSweetie10, Josh, Anonymous: August 14, 2011 8:38 PM, November 17, 2011 7:47 PM , November 20, 2011 9:17 AM, and November 20, 2011 12:34 PM . It took me a while to get the whole “regedit” and what was HKEYLM. I figured out that HKEYLM registry just means HKEY_Local_Machine. From there open folder “Software”, then open folder named “Microsoft”, and then open folder “Windows”, and open folder “CurrentVersion”, then open folder “Run", and last open “windows auto update” then look for and delete the following files:C:\Windows\System32\msblast.exe, C:\Windows\System32\penis32.exe, C:\Windows\System32\teekids.exe, C:\Windows\System32\mspatch.exe, C:\Windows\System32\mslaugh.exe, C:\Windows\System32\enbiei.exe
I was able to locate an icon that looked like a shield named privacy.exe (or something like that). I was so happy that once I deleted some of those files my computer was able to start normal and was good! I didn’t want to restore so my last resort was what Anonymous August 23, 2011 9:41 had suggested. One other thing I should mention is that I accidentally deleted the MS Word program, while deleting some files ;( I cannot find MS Word in the programs in MSOffice ;( but at least I can create new docs by starting up existing docs. That’s an inconvenience but I’m so happy my laptop is good again! After my computer was back to normal, I renewed/updated the Norton system I had. It’s been a week now and my laptop is doing great! :D
did the same as Anonymous on August 23, 2011 at 9:41 am and it worked on my Dell Laptop with windows 7. I first restarted my laptop and while it was restarting I pressed F8 button a few times and went to newtwoking safety mode and pressed enter. I then went to the start menu and opened "system restore" and restored to an old system checkpoint. Restarted and it works great.
this is the reason why apple stock are sky rocketing and microsoft is in the dust.
The how to reomve W32.Blast.Worm (uninstall Guide) does not work.
When I am in saft mode there no such file to be found.
When I on the normal log in the bug is there.
I am not an Apple fan but I have to admit Apple does not have this type of worm nor problem.
@networkingstudent
use safe mode
hit F10 while your computer is loading up,select safe mode then hit enter.
(if F10 doesnt work try F8 i get thoose confused some times)
I did tha system restore and it worked omg im so happy thanks to tha ppl that said do this
System restore will not work in safe mode for me it says it is turned off and asks me to turn on in normal mode which I can't due to the window closing too quickly any suggestions?
I have Win XP. Can't access my computer due to Blaster. Can't go to safe mode because logon wants my password that I can't remember. Is there any help/hope for this? Thank you
Safe mode should come up with F8.
If not hard reset pc by pulling power. Restart pc and select safe mode. Then run Malware bytes from jump drive, and romove all objects once scan is completed. Good luck.
I have windows 8 and f8 does not work to start in safe mode what else can I do