How to Remove Blaster Worm on Windows XP and 2000 The Blaster Worm (also known as MSBlast, Lovsan, or Poza) is a notorious piece of malware that targets a critical security vulnerability in the Remote Procedure Call (RPC) interface of Windows XP and Windows 2000. The most obvious symptom of an infection is a disruptive system pop-up stating that NT AUTHORITY\SYSTEM has initiated a shutdown, causing the computer to restart every 60 seconds.
To completely eliminate the worm, you must stop the active countdown, isolate your machine, delete the malicious files and registry keys, and patch the operating system vulnerability. Step 1: Stop the 60-Second Shutdown Loop
If your computer keeps restarting, you must abort the shutdown process to give yourself time to clean the system. Click Start, then select Run. Type cmd and press Enter to open the Command Prompt.
Type the following command exactly as written and press Enter: shutdown -a Use code with caution.
This aborts the pending system shutdown, allowing you to work uninterrupted. Step 2: Isolate the Computer
The Blaster Worm aggressively scans network ports to infect neighboring computers.
Disconnect your network cable (Ethernet) or disable your dial-up/Wi-Fi connection immediately.
This isolates the machine, preventing the worm from downloading variants or infecting other systems on your local network. Step 3: Terminate the Malicious Process
Before you can delete the worm files, you must kill its active memory thread.
Press Ctrl + Shift + Esc (or Ctrl + Alt + Delete) to open the Windows Task Manager. Click on the Processes tab.
Look for msblast.exe (or variants like teekids.exe or penis32.exe).
Select the process, click End Process, and confirm the action. Step 4: Remove Malicious Registry Entries
The worm modifies the system registry to automatically boot up every time Windows starts.
Virus alert about Blaster worm and its variants – Windows Server
Leave a Reply