IF you're having trouble staying on line to get the tools, just configure the RPC service not to restart the PC. Dave -----Original Message----- From: pctechtalk-bounce@xxxxxxxxxxxxx [mailto:pctechtalk-bounce@xxxxxxxxxxxxx] On Behalf Of ~OoO~ Sent: Sunday, August 24, 2003 6:13 PM To: pctechtalk@xxxxxxxxxxxxx Subject: -=PCTechTalk=- Re: Blaster-virus. As already mentioned, you can have the patch emailed to you. Here's what you should do. Get the patch, and update the antivirus program. AFTER you have the patch (nevermind installing the patch yet), and AFTER you have the virus scanner up-to-date, THEN completely disconnect your internet connection. If you're on dial-up, hang-up. If you're on broadband, disable the ethernet connection in your NETWORK PLACES. Or, if that all sounds too difficult, just power-down or unplug the cable or DSL modem. After you've disconnected, apply the MS patch. Then run the removal tool. If you get errors, start-up in SAFE MODE and run the removal tool. For the removal tool, I would use McAfee's Stinger app. You can get it from here: http://download.nai.com/products/mcafee-avert/stinger.exe After running this one, you can also run the Symantec removal tool, which is the FixBlast. That one can be obtained from here: http://securityresponse.symantec.com/avcenter/FixBlast.exe After all that, restart your computer, and do a full virus scan with your AV scanner. IMPORTANT: If you have a virus app running on your system, and it quarantines a virus, as opposed to completely deleting it, the virus will be completely safe from doing harm but will still be on your system. So, if you go to an online scanner, such as Trend Micro's online virus scan, it might tell you that you have the virus still, when in fact all its doing is finding the quarantined virus that Nortons is safeguarding. In other words, if ANY scanner tells you you're infected, see where the location of the infected file is. With the blaster virus, doing a CTRL-ALT-DEL will show only the running process, meaning the virus is active if its listed. For the blaster virus, it would be MSBLAST.EXE. Another variation might show DLLHOST.EXE. If you see that one, you're also infected. Although someone else offered their assistance, I'm going to go ahead and email you the Microsoft Patch, so you won't need to download it from the net. Will send it off-list privately to you. ---Troth ----- Original Message ----- From: Sylviavandewall To: pctechtalk@xxxxxxxxxxxxx Sent: Sunday, August 24, 2003 5:01 PM Subject: -=PCTechTalk=- Re: Blaster-virus. Yes Kat, that is what I did but the page of Microsoft stays blanc, I cant get it. Sylvia. > Well, you're going to continue to get it if you don't do the updates to > Windows that will prevent getting reinfected every five minutes. A > virus app is only going to find it every time and tell you about it not > prevent it from getting there in the first place. A removal tool only > removes it. It does not block it's reoccurrence. If the hole still > exists in your operating system, then like Ahhnold, it "will be back". > > First remove the virus using the removal tool you have. The virus > needs to be gone before you may be able to reach Windows Update. Then > immediately go to Windows Update and apply the patch, in fact ALL > critical and security updates, before it gets infected again. Then make > sure your virus software is set to update new definitions *daily* and to > delete if it cannot fix an infected file. Kat > > -----Original Message----- > From: pctechtalk-bounce@xxxxxxxxxxxxx > [mailto:pctechtalk-bounce@xxxxxxxxxxxxx] On Behalf Of Sylviavandewall > Sent: Sunday, August 24, 2003 12:13 PM > To: pctechtalk@xxxxxxxxxxxxx > Subject: -=PCTechTalk=- Re: Blaster-virus. > > > Hi Troth, > It's called "Lovesan.A" and we downloaded a antivirusprogram now. > Everytime we went on-line the > antirvirusprogram said she had that virus. Also she can't go into a > lot > of sites when she goes on-line > and the site from microsoft with the update for the patch stays > blanc. > She has Windows-XP. > Sylvia. > > > > How do you know the virus is still there? What's finding it, and > what's > the exact name they're showing for the virus. There are a few variations > that work differently. > > ---Troth > > > > > > Hello all, > > Already for two days I'm working on my daughters computer to get > rid > of the "Blaster-virus". I used the tool from Symantec in safe mode with > System Restore disabled and than when I do a virusscan it says the virus > is > gone but than it's back on her computer. I just don't know what to do > anymore, I'm not a technical person on the computer and me daughter is > worse > than I am. She didn't even have a antivirusprogram because, as she said: > I'm > almost never on-line. Great, not very smart but the damage is done and I > would love to help her but more than the tool for it from Symantic I > don't > know. Does anyone have some advice for me what to do. > > Thanks in advance. > > Sylvia.......Holland. > > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk