Question about worm removal...

Kathy · Guest

A few weeks ago I posted to the NG asking questions about my in-laws computer having connection problems, well, she called me the other night and I went over there to see if I could do anything to fix her computer... well, I unchecked the box that tells the modem to disconnect after so many minutes. After that I seen she had about ten things in the systray, so I told her she doesn't need all of these things starting up at startup. So, I ran the msconfig and went into the Startup folder to uncheck some things... guess what I found? The msblast.exe (worm)... I tried my best to download the patch and finally did, but that doesn't help unless the worm is completely removed. She has NEVER updated any windows updates or her NAV updates. I tried like hell to update the NAV files, but each time it tells me there was a problem with the Internet connection, well, there is no *** problem, unless this could be the worm preventing me from getting the NAV updates? Anyway, what a mess her computer is right now and I am the one that has to clean up the mess just because some people are too *** lazy to get the updates!

Now I already know about the FixBlast tool, but I want to remove the worm manually because I want this to be a learning experience for me. I know the step by step procedures, but what I really want to know is will I have to do this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP and they don't have broadband connection, just dial-up...

Thanks in advance,
Kathy
A+

Kenny · Guest

Follow ALL the instructions here:
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.worm.re
moval.tool.html
This is an updated version of the FIXBLAST tool.
The MS patch has also been updated also, the link for it is on the Symantec
link.
--

Kenny

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message
news:vm1ur2c793hla9@corp.supernews.com...
A few weeks ago I posted to the NG asking questions about my in-laws
computer having connection problems, well, she called me the other night and
I went over there to see if I could do anything to fix her computer... well,
I unchecked the box that tells the modem to disconnect after so many
minutes. After that I seen she had about ten things in the systray, so I
told her she doesn't need all of these things starting up at startup. So, I
ran the msconfig and went into the Startup folder to uncheck some things...
guess what I found? The msblast.exe (worm)... I tried my best to download
the patch and finally did, but that doesn't help unless the worm is
completely removed. She has NEVER updated any windows updates or her NAV
updates. I tried like hell to update the NAV files, but each time it tells
me there was a problem with the Internet connection, well, there is no ***
problem, unless this could be the worm preventing me from getting the NAV
updates? Anyway, what a mess her computer is right now and I am the one that
has to clean up the mess just because some people are too *** lazy to get
the updates!

Now I already know about the FixBlast tool, but I want to remove the worm
manually because I want this to be a learning experience for me. I know the
step by step procedures, but what I really want to know is will I have to do
this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP
and they don't have broadband connection, just dial-up...

Thanks in advance,
Kathy
A+

Ghost · Guest

In article <vm1ur2c793hla9@corp.supernews.com>, "Kathy"
<computermonkeyNOSPAM@inbox.net> wrote:

natural_4u · Guest

Like Ghost said... it's best done in safe mode but not mandatory.

Last month I was on a Windows 98 to Windows 2000 upgrade project... and wouldn't you know... in the middle of the project some computers were infected by the blaster worm. I removed them without going into safe mode. They were using a software called OfficeTrend for their anitvirrus. I had to download the Win 2K patch and new virus definitions on a computer that was not infected and burned it onto a CD. From there on I applied it to the infected computers and was doing good.

If you have a burner maybe you can do the same... ?!?!?!?

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message news:vm1ur2c793hla9@corp.supernews.com...
A few weeks ago I posted to the NG asking questions about my in-laws computer having connection problems, well, she called me the other night and I went over there to see if I could do anything to fix her computer... well, I unchecked the box that tells the modem to disconnect after so many minutes. After that I seen she had about ten things in the systray, so I told her she doesn't need all of these things starting up at startup. So, I ran the msconfig and went into the Startup folder to uncheck some things... guess what I found? The msblast.exe (worm)... I tried my best to download the patch and finally did, but that doesn't help unless the worm is completely removed. She has NEVER updated any windows updates or her NAV updates. I tried like hell to update the NAV files, but each time it tells me there was a problem with the Internet connection, well, there is no *** problem, unless this could be the worm preventing me from getting the NAV updates? Anyway, what a mess her computer is right now and I am the one that has to clean up the mess just because some people are too *** lazy to get the updates!

Now I already know about the FixBlast tool, but I want to remove the worm manually because I want this to be a learning experience for me. I know the step by step procedures, but what I really want to know is will I have to do this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP and they don't have broadband connection, just dial-up...

Thanks in advance,
Kathy
A+

Kathy · Guest

Thank you so much for the responses :-) I figured it may be best to do it in Safe Mode, but I wasn't sure. My son has a cd burner on his computer and I thought about this (burning the updates on a cd), but I put the windows patches on two floppies for now and I am going to try removing the worm later.

The other night while I was over there I tried getting the NAV virus definitions and it wouldn't let me... Would it be the worm that was preventing me from getting the new virus definitions?

Also, seeing I already put the patch onto the computer would I have to put the patch on again after I remove the worm?

And, I should not reboot the computer at all until the worm is removed as it would still be in memory?

In my opinion, that little worm is a nasty little sucker!

Sorry for all of the questions, but this is my first time removing a worm :-)

Kathy
A+
"natural_4u" <ask@me.com> wrote in message news:ORi8b.938643$ro6.18714855@news2.calgary.shaw.ca...
Like Ghost said... it's best done in safe mode but not mandatory.

Last month I was on a Windows 98 to Windows 2000 upgrade project... and wouldn't you know... in the middle of the project some computers were infected by the blaster worm. I removed them without going into safe mode. They were using a software called OfficeTrend for their anitvirrus. I had to download the Win 2K patch and new virus definitions on a computer that was not infected and burned it onto a CD. From there on I applied it to the infected computers and was doing good.

If you have a burner maybe you can do the same... ?!?!?!?

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message news:vm1ur2c793hla9@corp.supernews.com...
A few weeks ago I posted to the NG asking questions about my in-laws computer having connection problems, well, she called me the other night and I went over there to see if I could do anything to fix her computer... well, I unchecked the box that tells the modem to disconnect after so many minutes. After that I seen she had about ten things in the systray, so I told her she doesn't need all of these things starting up at startup. So, I ran the msconfig and went into the Startup folder to uncheck some things... guess what I found? The msblast.exe (worm)... I tried my best to download the patch and finally did, but that doesn't help unless the worm is completely removed. She has NEVER updated any windows updates or her NAV updates. I tried like hell to update the NAV files, but each time it tells me there was a problem with the Internet connection, well, there is no *** problem, unless this could be the worm preventing me from getting the NAV updates? Anyway, what a mess her computer is right now and I am the one that has to clean up the mess just because some people are too *** lazy to get the updates!

Now I already know about the FixBlast tool, but I want to remove the worm manually because I want this to be a learning experience for me. I know the step by step procedures, but what I really want to know is will I have to do this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP and they don't have broadband connection, just dial-up...

Thanks in advance,
Kathy
A+

Simon Telrenner · Guest

btw, you can download the virus updates to a cd also..... Then you don't
have to download anything on the slow machine.

--
Kendal R. Emery, MCSE, Network+, A+, MCNGP #19
Systems Administrator
Coordinated Home Care
kemery@coordinatedhomecare.me.com
remove me to email to me
"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message
news:vm3ug64rr2gla6@corp.supernews.com...
Thank you so much for the responses :-) I figured it may be best to do it in
Safe Mode, but I wasn't sure. My son has a cd burner on his computer and I
thought about this (burning the updates on a cd), but I put the windows
patches on two floppies for now and I am going to try removing the worm
later.

The other night while I was over there I tried getting the NAV virus
definitions and it wouldn't let me... Would it be the worm that was
preventing me from getting the new virus definitions?

Also, seeing I already put the patch onto the computer would I have to put
the patch on again after I remove the worm?

And, I should not reboot the computer at all until the worm is removed as it
would still be in memory?

In my opinion, that little worm is a nasty little sucker!

Sorry for all of the questions, but this is my first time removing a worm
:-)

Kathy
A+
"natural_4u" <ask@me.com> wrote in message
news:ORi8b.938643$ro6.18714855@news2.calgary.shaw.ca...
Like Ghost said... it's best done in safe mode but not mandatory.

Last month I was on a Windows 98 to Windows 2000 upgrade project... and
wouldn't you know... in the middle of the project some computers were
infected by the blaster worm. I removed them without going into safe mode.
They were using a software called OfficeTrend for their anitvirrus. I had to
download the Win 2K patch and new virus definitions on a computer that was
not infected and burned it onto a CD. From there on I applied it to the
infected computers and was doing good.

If you have a burner maybe you can do the same... ?!?!?!?

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message
news:vm1ur2c793hla9@corp.supernews.com...
A few weeks ago I posted to the NG asking questions about my in-laws
computer having connection problems, well, she called me the other night and
I went over there to see if I could do anything to fix her computer... well,
I unchecked the box that tells the modem to disconnect after so many
minutes. After that I seen she had about ten things in the systray, so I
told her she doesn't need all of these things starting up at startup. So, I
ran the msconfig and went into the Startup folder to uncheck some things...
guess what I found? The msblast.exe (worm)... I tried my best to download
the patch and finally did, but that doesn't help unless the worm is
completely removed. She has NEVER updated any windows updates or her NAV
updates. I tried like hell to update the NAV files, but each time it tells
me there was a problem with the Internet connection, well, there is no ***
problem, unless this could be the worm preventing me from getting the NAV
updates? Anyway, what a mess her computer is right now and I am the one that
has to clean up the mess just because some people are too *** lazy to get
the updates!

Now I already know about the FixBlast tool, but I want to remove the worm
manually because I want this to be a learning experience for me. I know the
step by step procedures, but what I really want to know is will I have to do
this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP
and they don't have broadband connection, just dial-up...

Thanks in advance,
Kathy
A+

Kathy · Guest

Yes, I was thinking about doing that as well....the faster I can do it, the
better, then I am out of there!

"Simon Telrenner" <no@way.com> wrote in message
news:3f621575@news.zianet.com...

Michael Hoffman · Guest

Which begs the question .. which AV do you use? I'd assume it's not McAfee

"Ghost" <user@user.com> wrote in message
news:user-1109032053140001@1.0.0.101...

Ghost · Guest

In article <3f6283a4$0$42040$a1866201@newsreader.visi.com>, "Michael
Hoffman" <nospam@puleeze.com> wrote:

Tom MacIntyre · Guest

On Sat, 13 Sep 2003 02:57:12 GMT, user@user.com (Ghost) wrote:

lglover · Guest

I think Elvis is alive. I saw him when I was in Vegas a couple of months
ago. Wait, that was an impersonator.
"Ghost" <user@user.com> wrote in message
news:user-1209032257120001@1.0.0.101...

natural_4u · Guest

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message news:vm3ug64rr2gla6@corp.supernews.com...
Thank you so much for the responses :-) I figured it may be best to do it in Safe Mode, but I wasn't sure. My son has a cd burner on his computer and I thought about this (burning the updates on a cd), but I put the windows patches on two floppies for now and I am going to try removing the worm later.

The other night while I was over there I tried getting the NAV virus definitions and it wouldn't let me... Would it be the worm that was preventing me from getting the new virus definitions?

Kathy · Guest

I was there yesterday... removed the worm exactly the way the instructions said on the Symantec website... did a search and found no more traces of the msblast... after I was feeling pretty good until I got online to download most, I said most because I was not about to get all of the windows updates because they are on dial-up and there were 38 updates for they're computer! They never updated windows updates! Anyway, I gave up on that one because the modem kept timing out and it kept giving me connection errors! Of all the modems in the world, they have a winmodem!

I was trying to download the definition updates through the NAV interface... they NEVER updated them... the *** thing still would NOT download them... I tried this about 4 times! I kept getting a connection error... by this time, I was ready to throw the computer out the window!! So to top off everything else I HAD to call HP tech support because my sister-in-law wanted me to... finally, after waiting several minutes for a tech, I get someone on the line... Hmmm, they wanted to walk me through everything I had already done before I called them!

Anyway, after going through all of this there is still connection errors and painfully slow page loads, if that, I would mainly get "Cannot display page" errors... it is not the ISP because I have the same ISP and I have no problems at all... does anyone know why it is doing this? I keep thinking the modem, but I don't know... HP told me that it isn't the modem... so here I am feeling like an idiot because I didn't straighten out that person's problem :-(

Kathy
A -
"natural_4u" <ask@me.com> wrote in message news:Hn%8b.950558$ro6.18846171@news2.calgary.shaw.ca...

natural_4u · Guest

I think I read something about Norton's AV Live-update will only update
every Wednesday.
But Viruses comes out every day and Norton does have updates for those new
viruses but you will have to download them manually Via the Intelligent
Updater.

"Tom MacIntyre" <tom__macintyre@hotmail.com> wrote in message
news:8t17mvotmb22fsu7ri88dfhvep8ihlue29@4ax.com...

natural_4u · Guest

You know what... I hardly use the Live-update feature.... go here: http://securityresponse.symantec.com/avcenter/defs.download.html
use the Intelligent Updater, it's much better.

as for internet connection problem that's a different story... try removing the TCP/IP setting and then re-installing them.

What OS is this machine using again?

"Kathy" <computermonkeyNOSPAM@inbox.net> wrote in message news:vm9e4s7rb1fo83@corp.supernews.com...
I was there yesterday... removed the worm exactly the way the instructions said on the Symantec website... did a search and found no more traces of the msblast... after I was feeling pretty good until I got online to download most, I said most because I was not about to get all of the windows updates because they are on dial-up and there were 38 updates for they're computer! They never updated windows updates! Anyway, I gave up on that one because the modem kept timing out and it kept giving me connection errors! Of all the modems in the world, they have a winmodem!

I was trying to download the definition updates through the NAV interface... they NEVER updated them... the *** thing still would NOT download them... I tried this about 4 times! I kept getting a connection error... by this time, I was ready to throw the computer out the window!! So to top off everything else I HAD to call HP tech support because my sister-in-law wanted me to... finally, after waiting several minutes for a tech, I get someone on the line... Hmmm, they wanted to walk me through everything I had already done before I called them!

Anyway, after going through all of this there is still connection errors and painfully slow page loads, if that, I would mainly get "Cannot display page" errors... it is not the ISP because I have the same ISP and I have no problems at all... does anyone know why it is doing this? I keep thinking the modem, but I don't know... HP told me that it isn't the modem... so here I am feeling like an idiot because I didn't straighten out that person's problem :-(

Kathy
A -
"natural_4u" <ask@me.com> wrote in message news:Hn%8b.950558$ro6.18846171@news2.calgary.shaw.ca...