2 virus/worms affecting my computer

[viper xeon]

hi, i have 2 virus/worms affecting my computer. i'm running windows xp service pack 2. here are the virus/worms affecting my computer:

win32:blaster-E[worm]

affected file: c:\windows\system32\TFTP2656

virus/worm

-------------------------------------------------------------------------------------------------------------------------------------

win32:lovesan-D [worm]

affected file: c:\windows\system32\TFTP844

virus/worm

as all ways, i put the affected file(s) into the chest until further action is sujested.

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[Spiritsongs]

   Hi Viper :

     "Worm(s)" are best dealt with by using antiSPYWARE program(s) and I
     recommend the FREE Version of "SUPERAntiSpyware" from
     www.superantispyware.com .

[DavidR]

The later versions of XP should be immune to blaster and the network shield should have caught it on its attempt to get in via the internet.

There are some that report this a LOP infection the TFTP2656, see http://www.google.com/search?q=TFTP2656 and TFTP844 http://www.google.com/search?q=TFTP844.

I would suggest a scan in safe mode with SuperAntiSpyware as I'm not convinced this is blaster or lovesan. I have no doubt that they are malicious it is just the name assigned to the detection.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

Note:
- To Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here. If any are detected by multiple scanners send example to avast, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.