Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: blastcln

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Removal Tool: Blaster/Nachi

This thread has been marked as locked.
Midnight_Voice blastcln
Member 18th Oct, 2012 19:09
Ranking: 42
Posts: 82
User Since: 1st Oct, 2010
System Score: 96%
Location: UK
Last edited on 18th Oct, 2012 19:16

I see there's already been a thread about Blaster being EOL (which would imply PSI 2.0 I think) but I have had the issue in 3.0. Only on XP machines though.

PSI 3.0, unhelpfully, doesn't refer directly to blastcln, or do anything useful; it merely points you the MSRT - Malicious Software Removal Tool - which you can download and run as often as you like without PSI 3.0 acknowledging that you've done what it asked in any way, and without it having (what turns out to be) blastcln.exe turning up like a bad penny every time you think you've finished. Even if you've rerun a scan.

You can, of course, delete this Nov 2008 program from Windows/System32, but then Windows will detect that it's been 'damaged' and put it back again :-(

Apart from ignoring it in PSI (unsatisfactory if that means that PSI 3.0 will henceforth ignore any MSRT issues, as it well might), it is possible to get rid of it though, by searching for and deleting the BLASTCLN.EX_ program that Search Companion (the doggy) will find for you if you specify that it should search hidden and system files.

And then delete blastcln.exe from Windows/System32, and ignore the protests that Windows will make when it finds you've blatted BLASTCLN.EX_, so Windows has nothing to resurrect blastcln.exe with, confirming instead that this is what you want to happen. And then empty the Recycle Bin. And then hope that Windows won't go and refetch the darned thing from off the web somewhere

While I understand the impetus behind PSI 3.0, and it's usually much to be preferred to PSI 2.0, where I can set-and-forget 3.0 on the machines of the non-techies I support, and know that generally this will keep them pretty safe and sound as regards updating vulnerable programs, I've been out twice this week to do the above for friends rather apprehensive about the messages PSI was giving them.

And wished for 2.0, perhaps, or at least some of the info it used to give, to help them better with problems, like the above, that 3.0 wasn't describing very well :-(

--
A computer program can do anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running Windows XP Mode 32-bit)

SteveSecunia14 RE: blastcln
Member 19th Oct, 2012 01:07
Score: 4
Posts: 30
User Since: 10th Oct 2012
System Score: 93%
Location: US
Last edited on 19th Oct, 2012 02:49
Cause: Microsoft has stop supporting that version of the tool.

I was having the same problem on my xp sp3 home addition pc. Until I did this

Fix:
Reboot your pc into safemode.
log on to your account.
Do a search for the File: blastcln
Set up the search results as follows.
Click on All files and folders.
where it says: (All or part of the file name) type in blastcln
where it says: (Look in) select My Computer
where it says: (More advanced options put a check mark in:
Search system folders
Search hidden files and folders
Search subfolders
Click on search.
After the search has finished. Delete all files found. Then empty the recycle bin.
Reboot
Run a PSI full scan.
You'll have no more problems with MSRT Blaster/Nachi and Secunia
Was this reply relevant?
+0
-0
Anthony Wells RE: blastcln
Expert Contributor 19th Oct, 2012 03:46
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

HI M_V ,

The full history is in this thread with the above method found in the last post ; you might want to delete the "back up" file first before the PSI detected file , to be sure , to be sure :-

http://secunia.com/community/forum/thread/show/133...

Let us know what works for you .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+5
-1
Midnight_Voice RE: blastcln
Member 19th Oct, 2012 15:45
Score: 42
Posts: 82
User Since: 1st Oct 2010
System Score: 96%
Location: UK
on 19th Oct, 2012 03:46, Anthony Wells wrote:
HI M_V ,

The full history is in this thread with the above method found in the last post ; you might want to delete the "back up" file first before the PSI detected file , to be sure , to be sure :-

http://secunia.com/community/forum/thread/show/133...

Let us know what works for you .

Anthony


Hi Anthony

I see you've moved my posting to the Programs Forum, where I had been searching, and posting, in PSI.

It did not occur to me that there might be some other forum where PSI issues get discussed, or that it might be more general than PSI - my bad :-(

But I've looked in vain for where I might read an outline of what each Forum is and isn't for - can you point me at one?

As regards what works for me, it's what I described in my posting above. And it turns out that this is pretty much what SteveSecunia14 describes, except that:-

he boots into Safe Mode, and I haven't
and
I explicitly say you should delete the backup BLASTCLN.EX_ before finally deleting the system32 blastcln.exe, and he doesn't.

I figure there might be a window of opportunity here for the system32 entry to be re-established if I didn't explicitly delete the BLASTCLN.EX_ first, even in a Select All/Delete action.

But maybe that can't happen - or maybe Windows won't re-establish the system32 entry when running in Safe Mode?

Final question; all this came about because blastcln.exe is being regarded as EOL by Secunia (there seems to be some doubt as to whether this is quite what Microsoft were saying or not, but let that pass).

Fine; but could I have known that from PSI 3.0? This was simply telling me that the program needed updating; is there something or somewhere I could have clicked to get more information, e.g. whether it was EOL, or needed a security update, or what the issue with it was?

PSI 3.0 is very good at hiding the gory details, and most of the users I support couldn't cope with them anyway, and are happy for an auto-update to make the issues go away without ever being concerned about what they were.

But when I need to dig, it would be nice to think I could dig without having to put PSI 2.something back on those user's machines.

Final, final question - I see I'm a release of PSI 3.0 behind now. Why isn't PSI telling me this - or if it is, where do I look to find that information?

Best Regards

Roy



--
A computer program can do anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running Windows XP Mode 32-bit)
Was this reply relevant?
+1
-0
SteveSecunia14 RE: blastcln
Member 20th Oct, 2012 06:57
Score: 4
Posts: 30
User Since: 10th Oct 2012
System Score: 93%
Location: US
Last edited on 20th Oct, 2012 07:12
But maybe that can't happen - or maybe Windows won't re-establish the system32 entry when running in Safe Mode?

Roy - You are correct. Windows won't re-establish the system32 entry, as well as the other files. When choosing to remove the blastcln file from safe mode. As long as you follow my instructions in my post above.

Regards,
Steve
Was this reply relevant?
+1
-2
Anthony Wells RE: blastcln
Expert Contributor 22nd Oct, 2012 15:18
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again M_V ,

Where people post seems to be pretty much at random and there are no set rules . but It is still frowned upon to post comments directly under an Advisory , but that's about it ; imagination is all .

I did not move your Forum allocation (that would be Maurice or Secunia) . I always look under "All Threads" @ top lhs of this page , to be sure , to be sure .

I have no idea why the PSI detection rules have suddenly pulled the Blastcln.exe as EOL ; there are several threads raising the old KB being there or not or the SP3 reinstall etc. the answer is simply your choice , the software has been superceded , so either get rid or set an "ignore rule" ; the rest is smoke and mirrors .

As Maurice also says (more or less) the PSI has always been poor at displaying/differentating EOL , fully patched , fully patched but vulnerable and zombies ; they now ignore any potential danger in vulnerable software "embedded" in another programme , but that's a different piece of cake .

New (platform) versions are usually emailed to you and posted here on the Forum . Version updates are often , if not always , announced here as well but not by email .

Maurice used to post links to Secunia supported versions of the PSI platform 1.x , 2.x and the latest 3.x in his signature ; after some problems with other Forum members , Maurice has revised this and his signature leads to a "Protected" Skydrivepage were you can find version links and related relevant data links :eg: Manual and FAQ's .

Hope that covers your questions adequately :)

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
WarningU2 RE: blastcln
Member 26th Oct, 2012 06:16
Score: 6
Posts: 14
User Since: 26th Nov 2008
System Score: N/A
Location: CA
So to confirm the correct action is to ignore the EOL program? Wouldn't it make more sense for the solution that is available is to 1) ignore the EOL program and 2) point to the new tool? Just saying.
Was this reply relevant?
+1
-0
Anthony Wells RE: blastcln
Expert Contributor 26th Oct, 2012 13:41
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

In the Cyberworld as anywhere , it is not simply a question of black or white ; the Secunia PSI checks for and displays any vulnerabilities it may find on your computer . Secunia have always made clear that it will suggest options but never tell you what to do .

With any EOL software you can :-

1)Remove the software and lose the use of it .

2)Update or upgrade to a fully-patched version (with or without unpatched known vulnerabilities) ; the PSI may display a vendor and/or product link for your perusal .

3)set an "ignore rule" in the PSI and risk the software becoming vulnerable in the future .

In the case of Blastcln.exe , there is no option 2.

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-1
WarningU2 RE: blastcln
Member 27th Oct, 2012 04:43
Score: 6
Posts: 14
User Since: 26th Nov 2008
System Score: N/A
Location: CA
Re option to upgrade ... absolutely as the link does but it should either remove and or ignore the program. If you run the solution provided it still leaves the vunerable program.

Take care too.

Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability