-=PCTechTalk=- Re: Blaster-virus.
- From: "David Weaver" <weaverdj@xxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Sun, 24 Aug 2003 21:11:52 -0400
IF you're having trouble staying on line to get the tools, just
configure the RPC service not to restart the PC.
Dave
-----Original Message-----
From: pctechtalk-bounce@xxxxxxxxxxxxx
[mailto:pctechtalk-bounce@xxxxxxxxxxxxx] On Behalf Of ~OoO~
Sent: Sunday, August 24, 2003 6:13 PM
To: pctechtalk@xxxxxxxxxxxxx
Subject: -=PCTechTalk=- Re: Blaster-virus.
As already mentioned, you can have the patch emailed to you.
Here's what you should do. Get the patch, and update the antivirus
program. AFTER you have the patch (nevermind installing the patch yet),
and AFTER you have the virus scanner up-to-date, THEN completely
disconnect your internet connection. If you're on dial-up, hang-up. If
you're on broadband, disable the ethernet connection in your NETWORK
PLACES. Or, if that all sounds too difficult, just power-down or unplug
the cable or DSL modem.
After you've disconnected, apply the MS patch. Then run the removal
tool. If you get errors, start-up in SAFE MODE and run the removal tool.
For the removal tool, I would use McAfee's Stinger app. You can get it
from here: http://download.nai.com/products/mcafee-avert/stinger.exe
After running this one, you can also run the Symantec removal tool,
which is the FixBlast. That one can be obtained from here:
http://securityresponse.symantec.com/avcenter/FixBlast.exe
After all that, restart your computer, and do a full virus scan with
your AV scanner.
IMPORTANT: If you have a virus app running on your system, and it
quarantines a virus, as opposed to completely deleting it, the virus
will be completely safe from doing harm but will still be on your
system. So, if you go to an online scanner, such as Trend Micro's online
virus scan, it might tell you that you have the virus still, when in
fact all its doing is finding the quarantined virus that Nortons is
safeguarding. In other words, if ANY scanner tells you you're infected,
see where the location of the infected file is.
With the blaster virus, doing a CTRL-ALT-DEL will show only the running
process, meaning the virus is active if its listed. For the blaster
virus, it would be MSBLAST.EXE. Another variation might show
DLLHOST.EXE. If you see that one, you're also infected.
Although someone else offered their assistance, I'm going to go ahead
and email you the Microsoft Patch, so you won't need to download it from
the net. Will send it off-list privately to you.
---Troth
----- Original Message -----
From: Sylviavandewall
To: pctechtalk@xxxxxxxxxxxxx
Sent: Sunday, August 24, 2003 5:01 PM
Subject: -=PCTechTalk=- Re: Blaster-virus.
Yes Kat, that is what I did but the page of Microsoft stays blanc, I
cant
get it.
Sylvia.
> Well, you're going to continue to get it if you don't do the updates
to
> Windows that will prevent getting reinfected every five minutes. A
> virus app is only going to find it every time and tell you about it
not
> prevent it from getting there in the first place. A removal tool
only
> removes it. It does not block it's reoccurrence. If the hole still
> exists in your operating system, then like Ahhnold, it "will be
back".
>
> First remove the virus using the removal tool you have. The virus
> needs to be gone before you may be able to reach Windows Update.
Then
> immediately go to Windows Update and apply the patch, in fact ALL
> critical and security updates, before it gets infected again. Then
make
> sure your virus software is set to update new definitions *daily*
and to
> delete if it cannot fix an infected file. Kat
>
> -----Original Message-----
> From: pctechtalk-bounce@xxxxxxxxxxxxx
> [mailto:pctechtalk-bounce@xxxxxxxxxxxxx] On Behalf Of
Sylviavandewall
> Sent: Sunday, August 24, 2003 12:13 PM
> To: pctechtalk@xxxxxxxxxxxxx
> Subject: -=PCTechTalk=- Re: Blaster-virus.
>
>
> Hi Troth,
> It's called "Lovesan.A" and we downloaded a antivirusprogram
now.
> Everytime we went on-line the
> antirvirusprogram said she had that virus. Also she can't go
into a
> lot
> of sites when she goes on-line
> and the site from microsoft with the update for the patch stays
> blanc.
> She has Windows-XP.
> Sylvia.
>
>
> > How do you know the virus is still there? What's finding it, and
> what's
> the exact name they're showing for the virus. There are a few
variations
> that work differently.
> > ---Troth
> >
> >
> > Hello all,
> > Already for two days I'm working on my daughters computer to
get
> rid
> of the "Blaster-virus". I used the tool from Symantec in safe mode
with
> System Restore disabled and than when I do a virusscan it says the
virus
> is
> gone but than it's back on her computer. I just don't know what to
do
> anymore, I'm not a technical person on the computer and me daughter
is
> worse
> than I am. She didn't even have a antivirusprogram because, as she
said:
> I'm
> almost never on-line. Great, not very smart but the damage is done
and I
> would love to help her but more than the tool for it from Symantic I
> don't
> know. Does anyone have some advice for me what to do.
> > Thanks in advance.
> > Sylvia.......Holland.
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
> //www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
> //www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
