Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Computer is already infected with Blaster
- Thread starter euston
- Start date
![[lipstick]](/data/assets/smilies/lipstick.gif "[lipstick] [lipstick]")
Follow these instructions carefully and you'll sucessfully remove the blaster virus from your computer. If at any time you get the shutdown message you can stop it by going to Start > Run and type shutdown -a. Press enter, and this will abort any shutdown currently in progress.
1) If you see MSBLAST.EXE, TEEKIDS.EXE, PENIS32.EXE or MSPATCH.EXE in Task Manager then end the process immediately. This will stop the worm process that is currently running.
2) Remove the worm from the registry by clicking on Start > Run, then type regedit
Next find the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
In the righthand pane select windows auto update = msblast.exe and delete it if it exists.
3) Search the hard drive for
and rename it to something else like
. Finding this file does not mean that there is a virus, but it does prevent the virus from using the TFTP service which you probably won't need anyway.
4) Search the hard drive for MSPATCH.EXE, MSBLASTER.EXE, TEEKIDS.EXE or PENIS32.EXE deleting all the files if found.
5) Next, make sure that the anti-virus software is up to date and perform a full scan of the system (this could take a while). This will detect and remove any viruses that may be present. Please see your Anti-Virus vendor's website for more info or see the links at the bottom of this page.
6) Now install the Microsoft patch which you can download from You'll be required to reboot.
Hope this helps!
-=L9NUX=-
-= There's no place like 127.0.0.1 =-
1) If you see MSBLAST.EXE, TEEKIDS.EXE, PENIS32.EXE or MSPATCH.EXE in Task Manager then end the process immediately. This will stop the worm process that is currently running.
2) Remove the worm from the registry by clicking on Start > Run, then type regedit
Next find the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
In the righthand pane select windows auto update = msblast.exe and delete it if it exists.
3) Search the hard drive for
Code:
tftp.exe
Code:
tftp.old4) Search the hard drive for MSPATCH.EXE, MSBLASTER.EXE, TEEKIDS.EXE or PENIS32.EXE deleting all the files if found.
5) Next, make sure that the anti-virus software is up to date and perform a full scan of the system (this could take a while). This will detect and remove any viruses that may be present. Please see your Anti-Virus vendor's website for more info or see the links at the bottom of this page.
6) Now install the Microsoft patch which you can download from You'll be required to reboot.
Hope this helps!
-=L9NUX=-
-= There's no place like 127.0.0.1 =-
- Status
Similar threads
- Locked
- Question