Re: Question about worm removal...

Discussion in 'A+ Certification' started by natural_4u, Sep 12, 2003.

  1. natural_4u

    natural_4u Guest

    Like Ghost said... it's best done in safe mode but not mandatory.

    Last month I was on a Windows 98 to Windows 2000 upgrade project... and wouldn't you know... in the middle of the project some computers were infected by the blaster worm. I removed them without going into safe mode. They were using a software called OfficeTrend for their anitvirrus. I had to download the Win 2K patch and new virus definitions on a computer that was not infected and burned it onto a CD. From there on I applied it to the infected computers and was doing good.

    If you have a burner maybe you can do the same... ?!?!?!?

    "Kathy" <> wrote in message news:...
    A few weeks ago I posted to the NG asking questions about my in-laws computer having connection problems, well, she called me the other night and I went over there to see if I could do anything to fix her computer... well, I unchecked the box that tells the modem to disconnect after so many minutes. After that I seen she had about ten things in the systray, so I told her she doesn't need all of these things starting up at startup. So, I ran the msconfig and went into the Startup folder to uncheck some things... guess what I found? The msblast.exe (worm)... I tried my best to download the patch and finally did, but that doesn't help unless the worm is completely removed. She has NEVER updated any windows updates or her NAV updates. I tried like hell to update the NAV files, but each time it tells me there was a problem with the Internet connection, well, there is no damn problem, unless this could be the worm preventing me from getting the NAV updates? Anyway, what a mess her computer is right now and I am the one that has to clean up the mess just because some people are too damn lazy to get the updates!

    Now I already know about the FixBlast tool, but I want to remove the worm manually because I want this to be a learning experience for me. I know the step by step procedures, but what I really want to know is will I have to do this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP and they don't have broadband connection, just dial-up...

    Thanks in advance,
    Kathy
    A+
    natural_4u, Sep 12, 2003
    #1
    1. Advertising

  2. btw, you can download the virus updates to a cd also..... Then you don't
    have to download anything on the slow machine.

    --
    Kendal R. Emery, MCSE, Network+, A+, MCNGP #19
    Systems Administrator
    Coordinated Home Care

    remove me to email to me
    "Kathy" <> wrote in message
    news:...
    Thank you so much for the responses :) I figured it may be best to do it in
    Safe Mode, but I wasn't sure. My son has a cd burner on his computer and I
    thought about this (burning the updates on a cd), but I put the windows
    patches on two floppies for now and I am going to try removing the worm
    later.

    The other night while I was over there I tried getting the NAV virus
    definitions and it wouldn't let me... Would it be the worm that was
    preventing me from getting the new virus definitions?

    Also, seeing I already put the patch onto the computer would I have to put
    the patch on again after I remove the worm?

    And, I should not reboot the computer at all until the worm is removed as it
    would still be in memory?

    In my opinion, that little worm is a nasty little sucker!

    Sorry for all of the questions, but this is my first time removing a worm
    :)

    Kathy
    A+
    "natural_4u" <> wrote in message
    news:ORi8b.938643$...
    Like Ghost said... it's best done in safe mode but not mandatory.

    Last month I was on a Windows 98 to Windows 2000 upgrade project... and
    wouldn't you know... in the middle of the project some computers were
    infected by the blaster worm. I removed them without going into safe mode.
    They were using a software called OfficeTrend for their anitvirrus. I had to
    download the Win 2K patch and new virus definitions on a computer that was
    not infected and burned it onto a CD. From there on I applied it to the
    infected computers and was doing good.

    If you have a burner maybe you can do the same... ?!?!?!?

    "Kathy" <> wrote in message
    news:...
    A few weeks ago I posted to the NG asking questions about my in-laws
    computer having connection problems, well, she called me the other night and
    I went over there to see if I could do anything to fix her computer... well,
    I unchecked the box that tells the modem to disconnect after so many
    minutes. After that I seen she had about ten things in the systray, so I
    told her she doesn't need all of these things starting up at startup. So, I
    ran the msconfig and went into the Startup folder to uncheck some things...
    guess what I found? The msblast.exe (worm)... I tried my best to download
    the patch and finally did, but that doesn't help unless the worm is
    completely removed. She has NEVER updated any windows updates or her NAV
    updates. I tried like hell to update the NAV files, but each time it tells
    me there was a problem with the Internet connection, well, there is no damn
    problem, unless this could be the worm preventing me from getting the NAV
    updates? Anyway, what a mess her computer is right now and I am the one that
    has to clean up the mess just because some people are too damn lazy to get
    the updates!

    Now I already know about the FixBlast tool, but I want to remove the worm
    manually because I want this to be a learning experience for me. I know the
    step by step procedures, but what I really want to know is will I have to do
    this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP
    and they don't have broadband connection, just dial-up...

    Thanks in advance,
    Kathy
    A+
    Simon Telrenner, Sep 12, 2003
    #2
    1. Advertising

  3. natural_4u

    natural_4u Guest

    You know what... I hardly use the Live-update feature.... go here: http://securityresponse.symantec.com/avcenter/defs.download.html
    use the Intelligent Updater, it's much better.

    as for internet connection problem that's a different story... try removing the TCP/IP setting and then re-installing them.

    What OS is this machine using again?



    "Kathy" <> wrote in message news:...
    I was there yesterday... removed the worm exactly the way the instructions said on the Symantec website... did a search and found no more traces of the msblast... after I was feeling pretty good until I got online to download most, I said most because I was not about to get all of the windows updates because they are on dial-up and there were 38 updates for they're computer! They never updated windows updates! Anyway, I gave up on that one because the modem kept timing out and it kept giving me connection errors! Of all the modems in the world, they have a winmodem!

    I was trying to download the definition updates through the NAV interface... they NEVER updated them... the damn thing still would NOT download them... I tried this about 4 times! I kept getting a connection error... by this time, I was ready to throw the computer out the window!! So to top off everything else I HAD to call HP tech support because my sister-in-law wanted me to... finally, after waiting several minutes for a tech, I get someone on the line... Hmmm, they wanted to walk me through everything I had already done before I called them!

    Anyway, after going through all of this there is still connection errors and painfully slow page loads, if that, I would mainly get "Cannot display page" errors... it is not the ISP because I have the same ISP and I have no problems at all... does anyone know why it is doing this? I keep thinking the modem, but I don't know... HP told me that it isn't the modem... so here I am feeling like an idiot because I didn't straighten out that person's problem :-(

    Kathy
    A -
    "natural_4u" <> wrote in message news:Hn%8b.950558$...
    >Most likely no. Just wondering... how are you trying to obtain the definition updates?



    Also, seeing I already put the patch onto the computer would I have to put the patch on again after I remove the worm?

    >No


    And, I should not reboot the computer at all until the worm is removed as it would still be in memory?

    >It is recommended to turn OFF the system restore option before you apply any fixes, then turn it back on when the virus is removed. I don't think it would be in memory, but if the system restore was not turned off you should still have infected files in the system restore files.


    In my opinion, that little worm is a nasty little sucker!

    Sorry for all of the questions, but this is my first time removing a worm :)

    Kathy
    A+
    "natural_4u" <> wrote in message news:ORi8b.938643$...
    Like Ghost said... it's best done in safe mode but not mandatory.

    Last month I was on a Windows 98 to Windows 2000 upgrade project... and wouldn't you know... in the middle of the project some computers were infected by the blaster worm. I removed them without going into safe mode. They were using a software called OfficeTrend for their anitvirrus. I had to download the Win 2K patch and new virus definitions on a computer that was not infected and burned it onto a CD. From there on I applied it to the infected computers and was doing good.

    If you have a burner maybe you can do the same... ?!?!?!?

    "Kathy" <> wrote in message news:...
    A few weeks ago I posted to the NG asking questions about my in-laws computer having connection problems, well, she called me the other night and I went over there to see if I could do anything to fix her computer... well, I unchecked the box that tells the modem to disconnect after so many minutes. After that I seen she had about ten things in the systray, so I told her she doesn't need all of these things starting up at startup. So, I ran the msconfig and went into the Startup folder to uncheck some things... guess what I found? The msblast.exe (worm)... I tried my best to download the patch and finally did, but that doesn't help unless the worm is completely removed. She has NEVER updated any windows updates or her NAV updates. I tried like hell to update the NAV files, but each time it tells me there was a problem with the Internet connection, well, there is no damn problem, unless this could be the worm preventing me from getting the NAV updates? Anyway, what a mess her computer is right now and I am the one that has to clean up the mess just because some people are too damn lazy to get the updates!

    Now I already know about the FixBlast tool, but I want to remove the worm manually because I want this to be a learning experience for me. I know the step by step procedures, but what I really want to know is will I have to do this in Safe Mode, or is it okay to do it in Normal Startup? The OS is XP and they don't have broadband connection, just dial-up...

    Thanks in advance,
    Kathy
    A+
    natural_4u, Sep 15, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lord Shaolin
    Replies:
    6
    Views:
    2,558
    John Tate
    Aug 20, 2003
  2. Ghost

    Re: Question about worm removal...

    Ghost, Sep 12, 2003, in forum: A+ Certification
    Replies:
    7
    Views:
    327
    natural_4u
    Sep 16, 2003
  3. Re: Question about worm removal...

    , Sep 26, 2003, in forum: A+ Certification
    Replies:
    2
    Views:
    283
    Ghost
    Sep 29, 2003
  4. RussS

    Re: Question about worm removal...

    RussS, Oct 8, 2003, in forum: A+ Certification
    Replies:
    2
    Views:
    302
    RussS
    Oct 16, 2003
  5. Tom MacIntyre

    Re: Question about worm removal....cont'd

    Tom MacIntyre, Oct 9, 2003, in forum: A+ Certification
    Replies:
    1
    Views:
    304
    Chesucat
    Oct 11, 2003
Loading...

Share This Page