W32/Blaster.F

Download VIRUSfighter NOW
W32/Blaster.F Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 9/1/2003 • Type: Worm
• Virus characteristics first published: 9/1/2003 • Spreading mechanism: Network
• Virus characteristics latest update: 9/20/2005 • Overall risk: Low
• Alias: • Payload: Attempts a denial-of-service attack
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

Virus detection files to detect this worm were issued 1 September 2003.

1. Download and install Microsoft patch MS03-026. You may have to download this patch form a clean computer and bring it to your infected computer on a removable media like a floppy or a CD.

2. Download and run this tool.

Also, firewalls should be configured to stop inbound traffic on port 135/tcp at the perimeter; as well as traffic on port 4444.

Manual removal

1. Press Ctrl+Alt+Delete on your keyboard, click Task Manager and select the tab Processes. Right-click on the process Msblast.exe and select End process.
2. Return to Windows and click Start | Run
3. Type regedit and click OK
4. In the Registry editor, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value 'www.hidro.4t.com = enbiei.exe'
5. Close the Registry editor and restart your machine
6. Finally, you should update NVC, and run a manual virus scan. (Do not start the scan immediately after the download is finished. NVC needs a few minutes to install the updates). On Windows XP you should deactivate System Restore before you run the scan.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter