I couldn’t stay connected long enough to get the patch either, the second the card was connected the countdown began I had to download the patch with another machine. The patch stopped the countdown but all the msblast stuff was still running and all still in the registry…I am angered that a puny insignificant subject would perpetrate such an unholy transgression upon my beloved computer. >

I am glad it is fixed now

I use Trend Micro too, Larry............. no problem here. 

My computer all of a sudden just shut off. When I turned it on, it would restart over and over again. I used XPs "load last good configuration" thing, the problem seemed to have been resolved...but when I reboot,same thing; it will restart over and over again. I can't find any MSBlast though, Norton anti-virus can't find it either.

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
”windows auto update" = MSBLAST.EXE
Close Registry Editor.

restart your system.

Dacemtl....you'll need the latest Definitions to find it...dated 'today'...11 August 2003...

In addition to that, if you or anyone else is still having a problem with it, Symantec has a removal tool and instructions here: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

hmmmmm. In Australia it is even on the radio!

I didn't get it but my cable provider did. I've had no internet service for the whole day. It went down around 1:00 pm and just came back a few minutes ago - 12:10 am. Comcast told me they were 'helping' microsoft because there were tens of thousands of customers having this problem. The key to getting the patch is to (within the sixty seconds) go to your internet connection config and activate the ms firewall (advanced tab). That will prevent the shutdown so you can get to the website and download the patch.
I recently rebuilt my system so I believe I had the patch already installed. My problem was the server for the Comcast node got the bug.

A friend of mine just complained to me about RPC acting funny. Now I know why.

Anyhow, I've disabled it by default, so I can't be hit.

ok i removed it from my start in regidit .. but somehow it comes back in .. damn that bug .... who started it by the way .. ill sue him

The Windows update merely disables the virus.. and patches the hole in XP causing it, however it does NOT delete it. (no harm done with it there.. but deleting it is much safer than letting it hang around)

to DELETE the virus .exe file, download this program:

http://download.nai.com/products/mcafee-avert/stinger.exe

or, if you are paranoid (lol.. alot of forums im trying to give this to arent clicking the link)click the below link for more information about the Stinger virus removal tool (only kills this virus, and a few others...)

http://vil.nai.com/vil/stinger/

i had this virus also, but stupid me.. instead of waiting to hear news about it (which is near impossible.. its such a pain to be rebooted within 60 seconds of startup) i brought it to Bestbuy.. and paid 30 dollars for nothing, which ill be getting back tomorrow afternoon.. they charged me for a 'System Tune-Up' which was 30 dollars.. but for that much money i could buy something more useful, like the full windowblinds set for a little more.. but anyway, after i got it home, i tried it again, and it was still rebooting me.. then i discovered msblast.exe in my win32 folder, deleted it, deleted it from my bin, and viola..

if you dont have this virus, you WILL get it, nearly guarenteed.. so patch up, and save yourself the hassel of money-hungy tech support employees. >


im not sure if theres an image code on this site, but in case your unsure if this is your case, look at this screen shot:

http://www.mtmc4fun.com/temp/Image1.jpg

again.. download the patch, fix the restarting problem, then download the program to delete the virus completely, you shouldnt trust the shredding files from the recycling bin feature.

edit: sorry if there was already removal tool links in this topic, im just making sure.. all in one bundle, lol

Thankyou to who ever gave the link for the patch .. i downloaded it now .. and lets hope it gets rid of that annoying bug .. and ya iam just doin an online scan .. i think norton now really is sucky ...

Dont forget to delete the exe, either manually (use Start>search..mblast.exe) or using the program from the provided link in the post above yours

If you are already infected, here is a step by step fix.

W32.Blaster.Worm fix

1.) Disconnect your Cable/DSL/Dial Up modem from your tower
2.) Press CTRL + ALT + DELETE and then click on the processes tab.
3.) Locate the MSBLAST.exe process
4.) Click Start | click Run | type in msconfig
5.) Click Services
6.) Locate the entry for msblast.exe
7.) Uncheck the box to the left of it
8.) Locate the entry for Messenger
9.) Click Apply | Close | Exit with out restarting Windows
10.) Click Start | Run
11.) Type in regedit and click Okay
12.) Hit the F3 key
13.) Type in mablast.exe and hit Enter
14.) When the registry editor finds an instance, it will show up in the right hand pane. Delete it
15.) Hit F3 again and delete the entries. Continue until the registry editor has finished searching the entire registry
16.) Click Start | Search | All Files and Folders
17.) Type in msblast.exe. you should find two instances of this file. Delete them both and empty the recycle bin
18.) Go into the control panel and open your Network Connections.
19.) Right click on the Local Area Connection and left click on Properties
20.) Click on the Advanced tab
21.) Check the box to enable the Internet Connection Firewall
22.) Click Okay, close all your windows and restart your system
23.) Reconnect your Internet connection
24.) Go to Microsoft Security Bulletin MS03-026 http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp and download the patch. Don’t forget to save it to removable media
25.) Get yourself up to date with the necessary Windows updates
26.) Get a decent firewall and anti virus program

sorry typo. all that read mablast should read msblast

Edit your post.. theres a little pencil writing on a pad icon at the bottom of your post

Does anyone know 'where' one actually aquires this worm? If there is something inside a download, or your mail, or from a website?

I noticed that it only hit my computer with a 60 second countdown when I logged onto a certain number with my ISP. When I logged onto my ISP with a different #, it worked properly. I've since downloaded the Windows Update and Norton Anti-Virus updates. Kind of strange.

Heard about this worm on the local radio, and was in direct contact with a friend in canada, using peer-to-peer connection exchanging fotos
The next thing that happened was the 30 second warning and away went my web connection.

Thanks to those who have helped resolve this nasty irritant. seems some people still have it in for bill gates hey!?

"Probing Your Port", are computer people really serious or underneath they're all just perverts???

I've not had it, but i've got a hardware firewall that i've got checking port 135... so far nothing.. Guess i'm just lucky!!!

This worm knocks on your door through port 135, which by default is open on NT systems.

Blegh, just noticed that I am indeed running the RPC-service. Probably essential then.

Yeah, one of the "nice" things about dependencies in the NT systems is that some of these seemingly uneeded services, are.

If you're running a firewall (whether soft or hard) that shields and blocks your ports to the internet (port 135 in this case) you should be protected. If you got infected because you didn't patch but you have a firewall, check your firewall's configuration. (Rules based firewalls like Kerio and even Norton can have holes if you don't tighten up your rules sets.)

Am I the only one that patches? Wasnt this on the news EVERYWHERE! Jeez... just makes me mad I saw it on techtv's The Screen Savers like 80 million times... It took me a min maybe 2 to patch... And 10 of my n00b friends got it... I just make fun of them tell them they got rcped!

hey...u dont need to download this patch...just enable the FIREWALL of ur internet connection (inbuilt with WindowsXP) and see the result!

"I just make fun of them tell them they got rcped"

dang that sounds familiar . . . oh yeah! Goldeneye 64!