How do I know I've got rid of the Blaster Virus?

  [DELETED] 22:04 17 Sep 2003

I was stupid enough to allow my Windows 2000 Server get the Blaster virus. I think it might have happened because I have MSN Messenger installed (stupidly - I'm going to uninstall it) and was talking to someone who I think might have it. Is that possible.

After disconnecting from both the local area network (unplugged Ethernet cable from server) and the internet (switched off cable modem) I ran a complete scan with AVG, and it doesn't report anything, but IE was running slowly, etc. I then downloaded CWShredder (Cool Web Shredder?) which I found on the forums, and Stinger (McAfee) that I found on these forums. CWShredder got rid of a few things, including 11 registry entries that it "killed". I ran it again to be sure and it seems to have worked. Stinger is still scanning the hard drive now.

What should my next action be?

Should I restart the server and then see if it's still OK, or should I download updates from the Microsoft website first? The worrying thing is, I really don't want my newly built XP PC to have got it, because I only installed XP yesterday and have been trying all last night and today to get it to go on the network, probably not realising I had a virus, although I think I only got it a few hours ago.

Any advice much appeciated,


  [DELETED] 22:08 17 Sep 2003

click here


  [DELETED] 22:09 17 Sep 2003

1) Blaster and variants spread directly not via e-mail or MSN Messenger. It'll infect your PC within 30 seconds of connecting to the net.

2) You need to get the MS patch for the vulnerability it exploits - click here and click here

Patch all systems you have...

  [DELETED] 22:09 17 Sep 2003

As I understand it, it doesn't matter what order you do things in but you definitely need to install the MS patch. Otherwise you'll just get infected again.

Jester2K II is the de facto expert on this.

  [DELETED] 22:10 17 Sep 2003

As I was saying ...

  [DELETED] 22:13 17 Sep 2003

So I could have it now?

Better download the patch quick!

  [DELETED] 22:15 17 Sep 2003

If you are not patched it'll be there soon.......

Even with a firewall in placed it'll not come in (hopefully) but it'll come knocking....

  [DELETED] 22:16 17 Sep 2003

BTW Ad-Aware click here and Spybot click here better spyware scanners....

  [DELETED] 22:18 17 Sep 2003

best way i can think is to goto symantecs site download the removal tool and run it ,if the blast virus isn't present on your comp it will tell you ,you will have to turn off system restore also the link is here
click here
this is the link that will tell you everything about the blaster worm
click here
this is the download site for the removel tool -have fun hol pol...

  [DELETED] 22:21 17 Sep 2003

If Stinger is up to date then it'll find and remove it.

holly polly makes a good point though. You'll need to flush the System Restore after (if the virus was found) by switching it off, rebooting and then switching it on again...

  [DELETED] 01:11 18 Sep 2003

Sorry I took so long but this PC is AGONISINGLY SLOW to start with without having the added strain of installing numerous updates & service packs. I now have all the critical updates and there are some more still to come, so I'm being careful.

The worrying thing is, I have a firewall and it still got in! Hopefully it won't this time because it's the latest one from today and this will give me time to download the updates.

And of course I have the patch.

About the system restore - I take it that's C:\Winnt\Repair or wherever it is. Do I just delete all the files in there?

I have already rebooted 2 or 3 times since the virus. What I'll do now is try EVERY scanner there is for this virus and make sure it's completely gone, then clear out System Restore.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best computer security tips

Artists have collaborated with Indonesian schoolchildren to create wonderful charity T-shirts

Best Mac monitors & displays 2018

Sécurité : comment protéger votre iPhone contre les pirates informatiques ?