http://www.sophos.com/support/disinfection/blastera.html#3
To remove W32/Blaster-A manually on Windows 95/98/Me and Windows NT/2000/XP:
- ensure you have installed Microsoft patch MS03-026 and implemented as many of the other steps from Sophos as is feasible.
- press Ctrl+Alt+Del
- in Windows NT/2000/XP click Task Manager and select the Processes tab
- look for a process named msblast.exe in the list
- click the process to highlight it
- click the 'End Process' (in Windows 95/98/Me 'End Task') button
- close Task Manager.
Search for the file msblast.exe in the Windows system folder (usually a subfolder of Windows or WINNT) and delete it.
In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
- At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
- Before you edit the registry, you should make a backup. If in doubt, contact your network administrator. Incorrect editing of the Windows Registry can cause system failure.
- Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
in the righthand pane select
windows auto update = msblast.exe
and delete it if it exists.
- Close the registry editor.
You should reboot your computer and repeat the above process to ensure all traces of the worm have been removed from your system.
If you have any problems removing W32/Blaster-A after following these instructions, please contact technical support.
To remove W32/Blaster-A on other platforms please follow the instructions for removing worms.