how do u get rid of the worm completely

[lisa]

i downloaded the patch for windowsxp and i deleted the
msblast.exe from my taskmanager processes , but how come
it still appears there when i turn my computer on another
time? is it because i havent completely deleted the worm
from my computer?

 

[Andy Allred [MS]]

You're right Lisa, you still have the worm's executable on the system.

Task Manager is used to temporarily stop the process. As soon as you've
ended it in Task Manager you need to locate that file on your machine and
delete it. Then reboot, you should be fine after that.

At the bottom are the links to information that will help you, meanwhile
i've copied the steps required after you stop it in Task Manager here:
===============
To detect this virus, search for a file that is named Msblast.exe,
Nstask32.exe, Penis32.exe, Teekids.exe, Winlogin.exe, Win32sockdrv.dll, or
Yuetyutr.dll in the Windows\System32 folder, or download the latest
antivirus software signature from your antivirus vendor, and then scan your
computer.

To search for the these files:
1.. Click Start, click Run, type cmd in the Open box, and then click OK.
2.. At the command prompt, type dir %systemroot%\system32\filename.ext /a
/s, and then press ENTER, where filename.ext is Msblast.exe, Nstask32.exe,
Penis32.exe, Teekids.exe, Winlogin.exe, Win32sockdrv.dll, or Yuetyutr.dll.

Note Repeat step 2 for each of these file names: Msblast.exe,
Nstask32.exe, Penis32.exe, Teekids.exe, Winlogin.exe, Win32sockdrv.dll, and
Yuetyutr.dll. If you find any of these files, your computer may be infected
with the worm. If you find one of these files, delete the file, and then
follow the steps in the "Recovery" section of this article. To delete the
file, type del %systemroot%\system32\filename.ext /a at the command prompt,
and then press ENTER.
==================
Please review the following for more info:

"What you should know about the Blaster Worm:
http://www.microsoft.com/security/incident/blast.asp

826955 Virus Alert About the W32.Blaster.Worm
http://support.microsoft.com/?id=826955

823980 MS03-026: Buffer Overrun in RPC May Allow Code Execution
http://support.microsoft.com/?id=823980

--
Andy

This posting is provided "AS IS" with no warranties, and confers no
rights.
=====================================================

 

[izzy]

you probably haven't deleted it from your autostart

do ALL of these steps:

MANUAL REMOVAL INSTRUCTIONS

1. Terminating the Malware Program

This procedure terminates the running malware process
from memory.

Open Windows Task Manager, press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs, locate the process:
MSBLAST.EXE

Select the malware process, then press the End Process
button.
To check if the malware process has been terminated,
close Task Manager, and then open it again.
Close Task Manager.

2. Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the
malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type
Regedit, then press Enter.

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:
"windows auto update" = MSBLAST.EXE

Close Registry Editor.

NOTE: If you were not able to terminate the malware
process from memory as described in the previous
procedure, restart your system.



then, do a search for msblast.exe and delete any files
found.

then go to www.microsoft.com and dowload the patch for
the worm (just see home page, top left)