Warning AFTER complete system scan with Norton

[nissokone]

Please help. I'm using Norton Antivirus 2004 on Windows XP, and have all the latest updates. I've run 3 complete scans on my entire system today. Each time, Norton found a virus, which I had 'quarantined' and then deleted. Yet every time AFTER the scan, a warning pops up that my machine is still infected. What do I do to get it completely cleaned out?
I tried following the links to the Symantec Site, but I couldn't find anything listed regarding this situation.
Any help greatly appreciated.
Thank you,
Judy

 

[glacierxx]

What is the virus that keeps popping up?

"evil prospers when good men do nothing”

 

[nissokone]

Since I deleted them, I can't tell you for sure, but I think these I found in 'Backup Items' are the ones:
File name: TFTP3064; Threat Name: W32.Welchia.Worm (orig. Loc: C:\Windows\System32)
File name: TFTP332; Threat Name: W32.Blaster.Worm (orig. Loc: C:\Windows\System32)

 

[nissokone]

The compressed file winsvc.exe within C:\WINDOWS\system32\winsvc.exe is infected with the Bloodhound.Exploit.1 virus.

And then it says in red letters at the bottom: "You have not eliminated all threats. There is still 1 infection(s) remaining."

In the meantime, I'm getting 'pop-up' notices VIRUS ALERT>
HIGH RISK> "Norton AntiVirus has detected and removed a virus from your computer" Object Name: C:\Windows\system32\TFTP2748; Virus Name: W32.Blaster.Worm; Action Taken: The file was automatically deleted.

But if it was automatically deleted, why have I had 3-4 of these notices just today?

I'm really confused!

 

[GaryStanley]

Go to the Symantec website and download the special tool for eliminating the Blaster worm. That will do the trick.

 

[nissokone]

Thanks Gary, I did as you suggested, and hopefully will defeat this thing. What I don't understand, though is how I got infected in the first place, in that the FIRST thing I did after reformatting my hard drive, was to download all the latest updates from both Microsoft AND Symantec. Shouldn't these steps have prevented me from worm in the first place?

 

[2ffat]

Just out of curiosity, did you install some software that asked for the original CD? If you have an i386 directory on you hard drive the software may have gotten the files it needed from there. In this case, you have to reinstall patches since some files are over-written with older files.



James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[backroads]

Have you checked on the welchia fixit. If you don't take care of the welchia you will continue to get the RPC Display and the internet shuts down. Welchia is a tool that removes the blaster worm, but when you remove the Blaster worm the welchia does not recognize that it is gone so it will try to remove it again.

 

[nissokone]

Hi All,
Thanks SO much for the many great suggestions. I believe I finally 'got it', using the patch from Microsoft and the Blaster Worm Removal from Norton. Whew! =).
I really appreciate all your help...it's such a relief to have a place to come ask all this kind of stuff.
Best Regards,
Judy