Blaster worm virus

I have some questions about the RPC blaster worm virus. Everytime i re-install Windows XP my computer keeps restarting so i download the patch. My question is, how can i get rid of it permanet so i could only do this 1 time only?? I don’t want to use the patch. If someone tells me to use a virus program and as soon as i re-install Windows the virus will still be there no matter what. I did the AVG it found 2 viruses and it removed them and then after that i removed the patch and restart my computer and like i said the virus was still there so AVG didn’t do a good job on removing it. I give u my opion. I don’t think any virus program will permanetly remove it. If anyone could help me please reply back as soon as possible. Thanx guys…

Are you doing a fresh install (i.e. formatting your drive and installing windows)?
If you are then the virus must be on the install CD as there is no other way it can get on.
Virus check the install CD to see if I’m right, otherwise I might think that you are doing something to re-infect yourself (like reading your e-mails before you put an anti-virus program on).
You could also go to Nortons Anti-virus site, they useually have stand alone removal programs for the more stubborn viruses out there.

Originally posted by petera
Are you doing a fresh install (i.e. formatting your drive and installing windows)?
If you are then the virus must be on the install CD as there is no other way it can get on.
Virus check the install CD to see if I’m right, otherwise I might think that you are doing something to re-infect yourself (like reading your e-mails before you put an anti-virus program on).
You could also go to Nortons Anti-virus site, they useually have stand alone removal programs for the more stubborn viruses out there.

How do i do a virus check from CD’s?? Reply back… Oh i never did a virus check on a CD before. What program will get the job done?? Thanx…

You aren’t connecting to the interenet before you install the patch and A firewall / virus scanner are you?

Originally posted by Ssseth
You aren’t connecting to the interenet before you install the patch and A firewall / virus scanner are you?

yes i am connecting while installing a patch… I would still like to know how to check for a virus on my CD?? But i don’t know what program would get the job done…

Nearly any decent anti-virus package will check it.
Take Nortons as an example,
Open the main window
Select “Scan for viruses”
Click on “All removable drives”
Sit back as it checks for you.

Remember that if there is one, you can’t remove it from the disc, but at least you know if you need to get another copy.

I doubt it’s a virus on the CD.

The virus is bouncing around and you connect to the internet unprotected. Then bam, you’ve caught a cold :stuck_out_tongue:
I’ve had something similar happen to me once.

  • Before re-installing OS. Download the needed patch and burn to CD.

  • Install the OS without internet hooked up.

  • Run Patch(s).

  • Install virus scanner and good firewall

  • Conect to internet and update virus definition.

  • Do a full virus scan

  • Continue as usual

:smiley:

Originally posted by petera
[B]Nearly any decent anti-virus package will check it.
Take Nortons as an example,
Open the main window
Select “Scan for viruses”
Click on “All removable drives”
Sit back as it checks for you.

Remember that if there is one, you can’t remove it from the disc, but at least you know if you need to get another copy. [/B]

Do u know how to run Norton Antivirus right now and could tell me what options i need to check on the disc?? Where do i get Norton Anti-virus from?? Also i understand that i can’t remove it because i’m not a coder. Do u know how to code and know what Windows XP uses to code it and all that info??

Originally posted by Ssseth
[B]I doubt it’s a virus on the CD.

The virus is bouncing around and you connect to the internet unprotected. Then bam, you’ve caught a cold :stuck_out_tongue:
I’ve had something similar happen to me once.

  • Before re-installing OS. Download the needed patch and burn to CD.

  • Install the OS without internet hooked up.

  • Run Patch(s).

  • Install virus scanner and good firewall

  • Conect to internet and update virus definition.

  • Do a full virus scan

  • Continue as usual

:smiley: [/B]

I understand but i want it gone permanent… The only thing i was thinking but can’t find any decent hex editor. I was going to use a hex editor to wipe the MBR by deleteing it or re-writing it with 0’s from the beginning to end and then do

fdisk /MBR
fdisk (make partitions)
format
Install OS

[moderating]

Three little pigeons was walking in a bar, thread moved not very far

[/moderating]

You can get Nortons from here, and the free blaster removal tool is available here, but it’s a commercial program, so be prepared to pay or it.
If you make a bootable floppy disk (from anything bar XP), then the virus won’t be active and you can safely run fdisk from there.

If you have XP then just boot from the PC, and when it comes to the bit where you state what patrition to use, just delete the origional partition and create a new one.

Originally posted by petera
[B]You can get Nortons from here, and the free blaster removal tool is available here, but it’s a commercial program, so be prepared to pay or it.
If you make a bootable floppy disk (from anything bar XP), then the virus won’t be active and you can safely run fdisk from there.

If you have XP then just boot from the PC, and when it comes to the bit where you state what patrition to use, just delete the origional partition and create a new one. [/B]

I don’t understand… Will u please post me a decent hex editor as freeware and i do it that way. I will wipe the MBR clean by doing one of the 2 either deleteing it or re-writing it with 0’s all the way down… Do u use a freeware hex editor that can delete?? I don’t have a credit card to buy anything.

O.K, try www.tucows.com or for a hex editor or here if you really want it do it that way.
BTW the blaster removal tool from my previous link is FREE TO DOWNLOAD.

Most hard drive manufactuers have “zero fill” utilities that they offer for free. They are specific to their own drives so you will have to find out which kind you have.

For Westen Digital go here to get their zero fill tool.

For Maxtor go here. Pick your hard drive and check under utilities.

For Seagate go here and the DOS version should have some utilities to wipe the drive.

Originally posted by petera
O.K, try www.tucows.com or for a hex editor or here if you really want it do it that way.
BTW the blaster removal tool from my previous link is FREE TO DOWNLOAD.

This is the one i download. XVI32 release 2.51

My question is. How do i use it to open my MBR to read it or delete?? It would be on C: drive i believe… But i don’t see how to open it as hex…

Make sure you disable system restore,or the virus will still be there:bigsmile:

Originally posted by k9cop
Make sure you disable system restore,or the virus will still be there:bigsmile:

Ok i turned it off in the System Properties…

Is it safe to remove the patch and will or won’t i get RPC to restart the computer?? Hopefully i won’t get it.

Will the full version of Acronis Disk Editor get the job done for deleteing the MBR?? Where can i download it from?? I don’t have a credit card to buy the full version… All the versions that is online is not the full version. If you go to download.com your not going to find the full version.

Have you tried the zero fill methods I mentioned above. They fill every sector on the HD, inlcuding the MBR with zeros.

Oh and AFAIK this has nothing to do with the MBR (that worm)…

Just do as Ssseth said originally … do a full clean install (format, rather than reinstall over XP) and if your on broadband disconnect your modem from your pc until you have at least installed a firewall, not just enable windows firewall as blaster can get through that (alledgedly). Its also preferable to install SP1 too before reconnecting.

You should then be able to reconect your modem with no fear.

Thats how I’ve always done it anyway …