IT Help Central - Division of Information Technology
Texas Tech University

HELP!!!

IT Help Central

[ Hours of Operation ]
[ Safe Computing ]
[ Customer Survey ]
[ Security Bulletins ]
[ Instructions ]
[ Request Assistance ]
[ Our Team ]
[ Employment ]
[ Strategic Plan ]
[ Site Map ]

Related Sites

[ Texas Tech ]
[ IT Division ]
[ High Tech ]
[ Raiderlink ]
[ Computer Labs ]
[ Training ]
[ TTUHSC Help Desk ]
[ Network Access ]

General Info

[ New Students ]
[ Text-Only Version ]
[ Buying the Right Computer ]

 

ASC
Room 101
2903 4th Street

W32.Blackmal.E@mm is a mass-mailing worm that attempts to spread through network shares and lower security settings.

It disables and ends several antivirus programs, if they are installed on the affected computer.  It also attempts to delete files belonging to several antivirus programs, peer-to-peer file sharing programs and other Internet applications, which effectively makes them cease to function.  Additionally, it monitors the network traffic of certain connections related with antivirus programs and email services.

It is easy to recognize once this worm it has infected the computer, as it shows the following symptoms:

  • If it detects an antivirus program installed, it displays the text Update Please wait in the Task bar.
  • If Tearec.A does not detect any antivirus program installed, it opens a compressed file called SAMPLE.ZIP, which is empty. Its aim is to mislead users and make them think it is only a damaged file.

Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX

It is recommended that you view the full article related to this vulnerability at Symantec.com

Quick Fix Instructions

  1. Download the FixBmalE.exe file from IT Help Central.
  2. Save the file to a convenient location, such as your downloads folder or the Windows desktop.
  3. To check the authenticity of the digital signature, refer to the "Digital signature" section.
  4. Close all running programs.
  5. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  6. If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this write-up for further details.

    Caution    : If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
     
  7. Double-click the FixBmalE.exe file to start the removal tool.
  8. Click Start to begin the process, and then allow the tool to run.

    NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.
     
  9. Restart the computer.
  10. Run the removal tool again to ensure that the system is clean.
  11. If you are running Windows Me/XP, then re-enable System Restore.
  12. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
  13. Run Live Update to make sure that you are using the most current virus definitions.

For specific details on each of these steps, please follow this link.

 
Call for Help 742-4357
Copyright 2008 Texas Tech University, All Rights Reserved.
Maintained by: Information Technology Division.
TTU Compliance with the Digital Millennium Copyright Act,
TTU Privacy Policy, Texas Public Information Act
Contact: Webmaster.
Updated: January 31, 2006. 		Report abuses using the following links:

Unsolicited Bulk Email (UBE/UCE)/Spam.
Copyright Violations.