These may be the same instructions you have Em...don't know what else to tell you
he worm is relatively easy to clean up after detection.
Step one is to patch the infected system against the vulnerability that allowed the worm to "get in" in the first place. This process requires the user of the computer to have administrator level access to the system.
Once the user is logged in again with administrator rights, what they need to do is load up Internet Explorer, and direct the browser to windowsupdate.microsoft.com. The user will be prompted by some pop up windows, directed through a fairly easy to understand and intuitive process.
The next step is to reboot the system.
After the system has rebooted it will be necessary to delete the worm's executable file, msblast.exe. However, its process must be stopped before it can be deleted.
Once the user logs back in with administrator rights, they should load up the "Task manager" again as described above. Click on the "Image Name" field under the "Processes" tab and click once on the "msblast.exe" process. Press "End Process" to stop it from running.
The worm's executable file will be found in the system32 directory, which is a subdirectory of (by default) the "winnt" directory in Windows 2000 machines, and the "windows" directory in Windows XP installations.
Use Windows Explorer to navigate to the system32 directory, locate the mblast.exe file and delete it. Reboot your system. Done!
The final step, removing the registry key created by the worm, is optional. It isn't really that important -- the key simply causes the worm to start every time the system is re-booted, but once the worm file itself is deleted it's redundant anyway.
This is done manually by using the registry editor. It is important to note that making incorrect changes to the registry can have catastrophic consequences.
Load the registry editor by clicking on the start button, navigating to "Run..." and typing in "regedit". Run regedit and navigate to the following "key".
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right hand section of the registry editor, the following value will be found:
"windows auto update"="msblast.exe"
Delete it.
Reboot. Done!
