shutdown message

[trouble1]

I know this is not a new topic but I can't seem to get rid of the blaster worm by installing the updates available at the microsoft web site. The ones that count for blaster I downloaded but they won't run. The removal tool won't run because the update won't install and is needed to be present first.

I can stop the shutdown with the -a but I can't find blaster.exe running as a process and a search of the registry turned up nothing. Is it possible there is a different problem? My virus program stopped working after I installed the XP version. Would any virus program remove this pest? I enabled the firewall - too late and disabled system restore but I feel vulnerable until this is fixed.

Any solutions much appreciated. Hoping someone has seen this situation before.

 

[bcastner]

Do the recommended two online antivirus scans as part of Step #1 of this FAQ: faq608-4650

Then complete steps #2-#3

Then try Windows Update.

 

[linney]

Try the free online virus scanners linked from this thread.
I would imagine if it was MS Blaster any virus scanner that is fully updated should handle the problem.

If you post the Highjack This log somebody might recognize something in that.

Some other removal tools.

http://www.newtechhelp.com/content/view/10/25/

A thread of the developing history of MsBlaster.exe and removal.

NT Authority / System shutdown?
thread779-621790


HOWTO: Troubleshoot Windows Installer Engine Problems

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q260404&FR=1&PA=1&SD=HSCH

817753 - Errors Occur When You Try to Install Updates from the Windows Update Web Site

http://support.microsoft.com/default.aspx?scid=kb;en-us;817753&FR=1&PA=1&SD=HSCH

 

[trouble1]

Thanks for your reply. I am not able to install the virus program either. I will try some of these other tips and institute a thorough search of the registry and start up areas. Didn't have much time to work on this until today. I am writing from the old computer in the basement which is still running ME. I understand this worm doesn't install to this OS so if I must I will wipe out the whole issue, reformat and start from scratch, making anti-virus and firewall the first order of business. I could also just uninstall XP and use the old OS. I only wanted to upgrade to run one program that doesn't run under anything but XP. The upgrade also rendered to legacy status some of my other equipment and programs.
Until final aggravation I will consider this a learning experience. Thanks for any suggestions.

 

[bcastner]

Microsoft released a new blaster removal tool for situations in which the security Hotfixes were applied but the system was already infected:

http://www.microsoft.com/downloads/...e98-493f-ad76-bf673a38b4cf&displaylang=en.asp

 

[trouble1]

That link is to the same file that won't run because MS03-026 [KB823980] must be installed first. Since the first file won't install this one is of no help.
I ran a tool called fixblaster from the Symantec site and it simply said it couldn't find any variant of Blaster on the machine. It was supposed to be effective for all known variants through F.
The frustration continues. Could I have an unknown variant? Are there other worms with similar MO's?

 

[linney]

If you post the Highjack This log somebody might discover something in that.

 

[bcastner]

It then is likely not blaster. The MS Security hotfixes for the RPC service, and the MS and Symantec blaster tools should have been sufficient.

Forum member smah has a FAQ that could prove usefull. My choice would be Trend Micro and Panda, but see smah's notes at this link: faq760-3862

 

[trouble1]

I located the AGOBOT.SN worm using the scanner from Trend Micro. I haven't read anything about it but apparently it masquerades as Blaster. There were 5 infected explore.exe files. 4 were "non-cleabable" and 1 said cannot access. I was able to delete 4 of them but the one in c:\windows\system32 was running. I started the computer in safe mode, command prompt and then could delete the file.
After these files were gone I was able to open regedit and then also install the microsoft updates. I downloaded the free anti-virus program from Grisoft and learned that the AGOBOT.SN worm can be cleanedbecause a copy I saved on a floppy was identified and disarmed. It also found some mailbot virus and knocked it out. I thought I had lost all my saved emails from outlook express.
I will be running the program often. Also will be researching the most effective anti-virus and firewall. This has been an aggravating experience.
Thank you for taking the time to help.

 

[bcastner]

A keyword search on this site for "firewall" and one for "antivirus" should give you a lot of current advice on these topics.

I am sorry you had the issues you have experienced, but it sounds like you are taking the right steps now for protection, and that you did not lose any data.

Best wishes,
Bill

 

[linney]

System Restore does not automatically restore anything on a reboot. You would have to run System Restore and then select a restore point to restore from. The valid reason for clearing your restore points would be to prevent the accidental reinfection of a virus at a later date if you were to use System Restore. Or to prevent detection warnings from any scanner that scans the System Restore folders.

These threads are about Blaster and AGOBOT.SN worms which are very similar but different removal solutions.

shutdown
thread779-804130

shutdown message
thread779-803052

System shutdown
thread779-793374

 

[linney]

Ignore my last message I posted in the wrong thread.