Lsasblaster (Lsas.blaster.keyloger) is malicious software that installs on the victims computer without permission, then attempts to force the victim to purchase a software solution. Many victims suspect that the program also has plans to steal your credit card information when you attempt to purchase a bogus solution. There are several things you can try to remove the lsasblaster “worm.” (1) You can download Norton Internet Security 2010 and use as a removal tool or (2) you can attempt to remove the worm on your own.
For a free 30-day Norton Internet Security trial, visit Softpedia.com. The following link will take you directly to the trial download: http://www.softpedia.com/get/Security/Firewall/Norton-Internet-Security.shtml
To remove the worm on your own, try the following steps, which were published at Kioskea.net by an angry victim of the Lsasblaster (Lsas.blaster.keyloger) worm.
Once the computer is started, we discovered it would still let us in to the C drive. Being able to access this helped a lot. Once in I had to reverse the steps listed in another post on here:
|No Paywall Here!
All About Worms is and always has been a free resource. We don't hide our articles behind a paywall, or make you give us your email address, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to pay our research authors, and to run and maintain the site, so if something you read here was helpful or useful, won't you consider donating something to help keep All About Worms free?
1) Go to the c:\windows \temp file. DELETE EVERYTHING listed in the temp file. You may find a few it will not allow you to delete, rename etc. Leave this Window Open and open a new window for step 2
2) Go to the Start\Search option and do a search for *.tmp. Make sure you type it *.tmp….. Delete EVERYTHING the search finds. IF it would NIT allow me to delete it, in the opened “C” drive window follow the path to the file it would not allow me to delete.
3) EMPTY the Recycle bin. You more than likely will also have to do this from the “C” drive window as you desk top is the dreaded blue window of death
4) Now you should be able to CNTRL+ALT+DELETE. At the very top of the processes there will be a numbered process, end this.
5) Now we did have a few .tmp files that would not allow me to delete them. So I went into their properties and changed what they could access.
6) Empty the recycle bin again.
7) Now IF you do not have a spyware destroyer, GET ONE .. DO NOT restart you system…. We used Spy Bot Seek and Destroy… It worked… After downloading your chosen spyware removal tool, scan immediately, again DO NOT restart until you have done a scan. We actually did a complete system scan with Spy Bot, IOBit 360, and Iobit Care. Spy Bot asked IF we wanted it to scan on restart, we said Yes…
8) Now we restarted the system, normally, Spy Bot kicked in, scanned the system. Quarantined the issues. The system booted just fine. We updated all Security Software.. Scanned the system again.