Blaster Worm Detection and Removal

What is the Blaster Worm?

Blaster is a type of computer program which spreads automatically across network connections. Programs of this type are called worms and are distinct from viruses in that they do not require any action on the part of the infected user to help them spread.

How can I tell if I have the Blaster Worm?

Symptoms of the worm include :

  • PC crashes with messages about RPC failures.
  • PC reboots at random intervals while connected to the network.
  • PC sends lots of data over the network while it should be idle.

If you are suffering any or all of those sysmptoms you may be infected with the blaster worm. To find out for sure, scan your computer with an up to date anti-virus program or download and run STINGER from Mcafee which will detect and remove Blaster in addition to many other worms.

How do I get rid of the Blaster Worm?

First, download and run STINGER to make sure you get rid of all copies of the worm from your PC.

Now, find and remove the detected files from registry key shown below :

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run

Be careful only to remove the files that were detected by stinger as infected with the Blaster worm – the others listed are necessary for your PC to work correctly, do not delete them!

Finally, reboot your computer to remove the worm from memory.

How can I avoid getting infected or re-infected with Blaster?

The best solution is to firewall ports 135, 137,139 and 445 at the minimum, however you should also patch the vulnerability that blaster exploits. Download and run the appropriate patch for your operating system after you install the latest service pack (minimum is SP6 for NT4 or SP2 for Win2K. XP does not require any service pack to be installed before the patch).