Author:
Evaluation:
Published: 16.11.2010.
Language: English
Level: Secondary school
Literature: n/a
References: Not used
  • Presentations 'MSBlast Worm', 1.
  • Presentations 'MSBlast Worm', 2.
  • Presentations 'MSBlast Worm', 3.
  • Presentations 'MSBlast Worm', 4.
  • Presentations 'MSBlast Worm', 5.
  • Presentations 'MSBlast Worm', 6.
  • Presentations 'MSBlast Worm', 7.
  • Presentations 'MSBlast Worm', 8.
  • Presentations 'MSBlast Worm', 9.
  • Presentations 'MSBlast Worm', 10.
  • Presentations 'MSBlast Worm', 11.
  • Presentations 'MSBlast Worm', 12.
Extract

Detection
The worm is very easily detected by users.

Pressing control-alt-delete, then clicking on "Task Manager" and selecting the "Processes" tab will bring up a list of processes running on the machine. Clicking on "Image Name" will sort the processes alphabetically. If there is a process named "msblast.exe" running on the system, then it has been infected by the worm.

How remove MSBlast worm
Disconnect your computer from the local area network or Internet
Terminate the running program
Open TaskManager by CLTR+ALT+DEL
Locate one of the following programs
MSBLAST.exe
PENIS32.exe
TEEKIDS.exe
MSPACH.exe
ENBIEI.exe
Close task manager
Install the patches for the DCOM RPC Exploit
Block access to TPC port 4444 at the firewall.
Remove the registry entries
Delete the infected files, search (msblast*.*) delete this files.
Reboot PC, update AntiVirus.
Now check for the worm again, if it returns, complete steps once more.…

Author's comment
Atlants