Hi all I've written a small script which should get rid of the msblast worm from a pc, feel free to download it if you haven't already made one yourselves Cheers ----------------------------------------- Email provided by http://www.ntlhome.com/ On Error Resume Next nResult = MsgBox("The Microsoft Patch Must be installed before you run this script (you must also have admin privilages on this machine), hit ok to continue", vbExclamation + vbOkCancel, "Kill Blast") if nResult = vbCancel then Wscript.Quit strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colProcessList = objWMIService.ExecQuery _ ("Select * from Win32_Process Where Name = 'msblast.exe'") For Each objProcess in colProcessList objProcess.Terminate() Next set fso = CreateObject("Scripting.FileSystemObject") set wshell = CreateObject("Wscript.Shell") fso.DeleteFile "c:\winnt\system32\msblast.exe" chkErrNum Err.Number, "c:\winnt\system32" str = wshell.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update") if Instr(str, "msblast") > 0 then wshell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update", "" else chkErrNum Err.Number, "The Registry" end if MsgBox "System is Clean", vbInformation, "Kill Blast" Wscript.Quit Sub chkErrNum(ErrNum, Area) if ErrNum = 0 then MsgBox "MsBlast Found and removed from " & Area, vbInformation, "Kill Blast" else MsgBox "Msblast not Found in " & Area, vbInformation, "Kill Blast" end if End Sub --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 08:23:25 PDT