Have I killed the blaster worm??

  SheffieldSpy 08:05 12 Sep 2003

Last night, my Mum's computer was attacked twice by the w32.blaster.worm within a short space of time. The first one called it self MSBlaster.exe and the other is Lovsan.exe. The Mcaffee virus 7 software alerted her to its existance. Having successfully used the "Shutdown -a" command the countdown stopped. However the Lovsan.exe didn't want antivirus action and so refused to be deleted, cleaned or quarantined. How do I remove it manually? My mum also said the Mcafee virus 7 claimed a third infected file. I have applied the patch hosted on evesham.com

  SheffieldSpy 08:11 12 Sep 2003

This is our first virus, so my Mum is very worried to venture out on to the internet. She found it hard to understand, why when the Windows XP firewall is enabled the virus still gets through. I'm now downloading ZoneAlarm 4.0 for her, which has kept my machine worm/virus free.

  Bagsey 08:14 12 Sep 2003

To clear your system of this pest dont foget to close the Restore function befor you try to remove the virus or it will keep coming back.

  Jester2K II 08:20 12 Sep 2003

1) Get Stinger - click here

2) Get the Patch for XP - click here

3) Disconnect from the intenet.

4) Scan using Stinger - will detect and remove MSBlaster / Lovsan

5) Run the XP Patch.

6) Reboot

7) Now clean and protected - go on line and update the antivirus.

  Jester2K II 08:22 12 Sep 2003

Oh and if you use System Restore. Turn it off, reboot and turn it on.

Windows will have trapped a copy of the worm in SR - this will flush ALL your SR backups. Otherwise you AV might detect it in the SR file but not be able to kill it as its protected by Windows. "it will keep coming back" It can't come back from the SR but can be detected there. The only way to be reinfected from the SR is to restore back to before your removed it...

  SheffieldSpy 08:32 12 Sep 2003

That might be the reason why lovsan refused to go. The Anti-virus software said it was protected.

I have applied the patch before using this stinger thing. Should I not do that??

  SheffieldSpy 08:36 12 Sep 2003

Isn't the stinger program downloaded as an update to the Mcaffee antivirus?? It is the same company.

  Jester2K II 08:45 12 Sep 2003

Stinger is a stand alone tool for detecting and removing the top 30 or so viruses. Anyone can use it. I use it with AVG sometimes .

SheffieldSpy - Switch SR off, reboot and switch it on again. Rescan.

"Eeeek!! I have applied the patch before using this stinger thing. Should I not do that??"

Doesn't matter which order you do it. However the link i gave you above is an updated version of the patch taht cme out on Wednesday 10th Sept. Might be worth installing that one too...

  graham√ 08:46 12 Sep 2003

Follow Jester2K IIs instructions exactly.

  SheffieldSpy 12:32 12 Sep 2003

I have followed the instructions. I have also run this Stinger program. How important is SVCHOST.EXE? It found another menace in there and identified it as W32/Nachi.worm. The program claims to have deleted this file, but i have 4 instances of SVCHOST.EXE runing in the process list.

  Jester2K II 12:34 12 Sep 2003

XP will be runnig lots of copies of SVCHOST.EXE -it has something to do with the services running on your PC. Leave alone those no identified as viral.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HTC U12 Plus review: Hands-on

Best Android emulators for Mac

TV & Streaming : comment regarder Roland Garros ?