WinXP and the wily W32.Blaster worm

[Aero]

Greetings!

Today I finished building my new system- finally decided to join the 21st century and install WinXP...

All seemed to go just fine, formatted the new drive, installed XP, changed settings to my liking, then we go online for XP updates.


Almost immeditately upon arrival on the internet, I'm presented with a "RPC\System will now shutdown error". So, I fire up my old Win98 system and go looking for answers. Hmm... here's that Blaster worm that I've heard about, same symptoms- maybe that's it...

Yep, I've got me a "windows auto update"="msblast.exe" entry in my registry under "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run".

So, I burn the patch from MS and Fixblast.exe on a CD and try to fix the sucker. I follow the instructions for the patch, patch installs without a problem. Then I run the Fixblast tool and it finds nothing, says it can't create a log file because the W32.Blaster worm was not found on the system? Shortly thereafter, I check my registry for the "msblast.exe" entry and it's no longer there?

How does one aquire this worm by simply accessing the 'net?
Have I eradicated this nasty, or is it still lurking on my system?

As always, your assistance is greatly appreciated!

[John Prophet]

How does one aquire this worm by simply accessing the 'net?


exactly...all you have to do is be online......You sort of have to have the blaster patch on a floppy or whatver....do your build, staying offline....do the patch...THEN go online and get the rest of the updates etc.

I would guess that you got rid of it.

Go online to www.antivirus.com and do the free virus check.

JP



PS....maybe you should download the patch and put it on a floppy and do the build again, lol...patch it with the floppy..THEN go online for the rest of the updates....I only suggest it cuz you are at the beginning of the process anyway....maybe better to start again for peace of mind

[Aero]

'Ya know, I had always heard about getting these things just by being online- but never quite believed it until now. In my four years on the 'net, I've had maybe 3 or 4 viri/worms- and they were delivered by e-mail. This is the first one to come sneaking in unannounced... it's like the darn thing was just waiting out there for me...

I'm not too sure if the Fixblast tool got rid of it or not, I was supposed to get a log file saying it was found and fixed- but that didn't happen. Sure, the registry entry was gone- but...


Did a fresh install of XP this morning, patched it- then installed Norton 2004. Got to Windows Update OK, and patched this piece of swiss cheese they call WinXP...