The W32.Blaster.Worm (also known as MSBlast or Lovsan) is a historic network worm that heavily infected legacy Windows systems (like Windows XP and 2000) by exploiting a vulnerability in the Remote Procedure Call (RPC) service. Because it forced infected PCs to endlessly crash and reboot, major security vendors released highly specialized, lightweight utility tools to target and destroy this specific threat without relying on heavy full-suite installations.
The top 5 tools historically used to remove the W32.Blaster worm from Windows are detailed below. 1. Symantec FixBlast Utility
Developed specifically by Norton/Symantec, FixBlast.exe is the most widely recognized standalone tool for this specific infection.
How it works: It targets the active memory processes of msblast.exe, completely terminates them, and deletes the malicious file from the Windows\System32 directory.
Key feature: It cleans out the modified Windows registry values that the worm used to launch itself automatically upon system startup. 2. Microsoft Malicious Software Removal Tool (MSRT)
Microsoft’s native utility tool, available via Microsoft Support, features definitions built to eradicate MSBlast and its immediate variants.
How it works: It scans the critical background folders of the OS in the background.
Key feature: Unlike temporary third-party scripts, it reverses the specific structural changes made by the exploit to default Windows configurations. 3. Trend Micro SysClean (TSC)
Trend Micro provided a localized, script-based portable engine known as the Trend Micro Clean Tool.
How it works: It checks for individual network-worm strains—specifically labeling the threat as WORM_MSBLAST.A.
Key feature: It isolates individual workstations while cleaning the OS, ensuring that a machine does not immediately re-infect neighboring computers on the local network via port 135. 4. McAfee Stinger / SuperDAT Utility
McAfee deployed targeted scanning files (historically utilizing SuperDAT command-line routines) to deal with the worm, which they categorized as W32/Lovsan.worm.
Virus alert about Blaster worm and its variants – Windows Server
Leave a Reply