OP
- Joined
- Feb 1, 2002
- Location
- Orlando FL
- Thread Starter
- #41
Hmm I just checked and there is no such key in my registry.
-
Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!
Remote Procedure Call?
- Thread starter dreamtfk
- Start date
Here are the registry keys according to nai.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill
This will appear in regedit as:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe
Or you can search the registry with the registry searching tool to see if it's hiding somewhere else.
I bet we'll be seeing an more destructive variation pretty soon.
Patch & clean your machine and get a firewall program.
Running broadband sans firewall is pretty dangerous these days.
Sygate personal firewall is a really nice little program that doesn't use up too much sys resources.
www.sygate.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill
This will appear in regedit as:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update" = msblast.exe
Or you can search the registry with the registry searching tool to see if it's hiding somewhere else.
I bet we'll be seeing an more destructive variation pretty soon.
Patch & clean your machine and get a firewall program.
Running broadband sans firewall is pretty dangerous these days.
Sygate personal firewall is a really nice little program that doesn't use up too much sys resources.
www.sygate.com
- Joined
- May 27, 2002
- Location
- Purdue University, IN
i think its "shutdown -a" to abort the shutdown caused by this
- Joined
- Jan 24, 2002
- Location
- Toronto, Canada
its "Shutdown /a"
- Joined
- Dec 22, 2002
- Location
- Conwy North Wales
Go here and on the forst page there is a tool that remowves the virus and sorts the regitery it all there and it's easy it must be I did it 
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
- Joined
- Mar 29, 2002
cjc_75 said:
Its not an email attachment or anything near so clumsy (the really sad thing is that those kinds of viruses actually spread), this one uses an algorithm to generate random IPs based of the infected computers IP, it then opens a connection to those IPs and sends itself to them.
Now I got confused.
I just recently got this problem as well about 4-5 days ago.
But then there is no such thing like MSBLAST.exe in any directory. No startup registry. I even search for "msblast" in the registry and it's not anywhere. How about that ?
What could be the problem ?
One thing I notice : if I enable XP Firewall, the problem disappears
I just recently got this problem as well about 4-5 days ago.
But then there is no such thing like MSBLAST.exe in any directory. No startup registry. I even search for "msblast" in the registry and it's not anywhere. How about that ?
What could be the problem ?
One thing I notice : if I enable XP Firewall, the problem disappears
Last edited:
- Joined
- Jan 24, 2002
- Location
- Toronto, Canada
It could already have been removed. Just restart, press CTR-SHIFT-ESC, see if MSBLAST is running in one of the processes. If not, then you dont have it.
Similar threads
