[thelist] The New Worm - need some help to clean it
Michael Pemberton
mpember at mpember.net.au
Mon Aug 11 23:50:49 CDT 2003
Anthony Baratta <Anthony at Baratta.com> wrote:
> At 07:33 PM 8/11/2003, patrick wrote:
> >tom,
> >also hunt up the registry:
> >1) Delete msblast.exe (usually found at: winnt\system32\msblast.exe)
> >2) delete the Registry key:
> >"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\windows
> >auto update" . That key should contain the "msblast.exe" process, and is
> >what starts it up again on reboot.
>
> I second this approach, only do it within "Safe Mode".
>
> ---
> Anthony Baratta
> President
> Keyboard Jockeys
>
> "Conformity is the refuge of the unimaginative."
If your running 2000 or XP, the first step is to reboot into a "Safe Mode"
Command Prompt. This is where you can rename the msblast.exe. I actually
just went through this process for the third time friend today.
By renaming it, windows should now be unable to execute it. My extension of
choice was .vir for obvious reasons.
---
Michael Pemberton
evolt at mpember.net.au
More information about the thelist
mailing list