Need help getting rid of Blaster.

[DSredTX]

I have an HP computer with Windows XP.

After knowing, for several months, that I have had Blaster on my computer, I am still having problems with Blaster. My Norton antivirus couldn't find the Blaster worm, nor has Symantec's Blaster fix found and fixed it. So, the other evening I downloaded avast!  from the internet and ran it. It told me where the virus is (which file) on my computer, but it also woke the thing up, because it started acting up again & I had to do a recovery to get my computer to even respond to me.

Anyway, when I got to where I could, I ran the virus fix program from avast!, but it didn't get rid of it "because it is in a Windows program file," whatever that means.

I need to know what would happen to my computer if I deleted a file named:  C:\WINDOWS\SYSTEM32\TFTP944  That is where the Blaster worm is hiding.

Or  does anyone have any suggestions about what I can do to get rid of it without totally trashing my computer?  (At the moment I have the file in the "chest.")

Thank you for any help you can give me.

[igor]

First, you have to install the corresponding security patches from Microsoft. If you don't do that, you will get soon infected again, no matter how well you remove it.

You can simply delete the file TFTP944. Or, you can try the avast! Virus Cleaner (though there is a lot of RPC-exploit worms, I'm not sure if it will remove exactly this one).

I don't understand that "because it is in  a Windows program file"... what exactly do you mean?

[DSredTX]

Hi Igor

After avast! found the Blaster worm, I tried to have the avast! virus cleaner get rid of it for me. I got back a message from the virus cleaner that it couldn't be deleted "because it is in a Windows program file"...that is what I meant in my earlier post.

I have had to do a recovery on my computer at least once a month since being infected with the Blaster worm. And each time I have immediately re-installed all the Microsoft patches & updates, beginning with the patch that is supposed to keep my computer from being infected by Blaster.

My problem has been that, until a couple of days ago, I was unable to find where that sneaky sucker was hiding. Avast! found it for me, but their virus cleaner did not get rid of it.

I just need to know that it will be safe to try to delete the TFTP944 file without messing up my computer. (Or if my computer will even allow me to delete that file.)

Thanks,
DSredTX

[Eddy]

Install and use a firewall to prevent the blaster worm from infecting your system during the process of getting the updates/patches. You may use the build in one in XP. But I suggest you disable it after taking care of the blaster worm and get a decent one.

So basicly.

1) boot the system
2) put up the firewall
3) remove the worm (and other things if they are there)
4) reboot
5) check if the system is really clean
6) get ALL security patches/updates from http://windowsupdate.microsoft.com
7) reboot
Get a good firewall. (best is a router with build in one) but if you can't afford that/don't want that get ZoneAlarm or Kerio, but stay away from Kerio 4 since that one has some issues.

9) disable the XP firewall

That should take care of it forgood.

[igor]

I got back a message from the virus cleaner that it couldn't be deleted "because it is in a Windows program file"...that is what I meant in my earlier post.

What is the exact message and what program exactly is giving it? There is certainly no such error message in avast! Virus Cleaner, and I think there is no such error message in avast! itself either  

[DSredTX]

I don't have the EXACT message or what program was giving it. I got the message after running the avast! virus cleaner. I was given the options of what I wanted to do with it & I chose delete.  THAT is when I got the message. That is all I know about the message or where it came from!!!!!

[whocares]

Maybe you still have the AV-Monitor of Norton running ?!?

you have to disable/pause it for avast's Cleaner to work properly !!

And all this is useless, if you don't APPLY the Patches against RPC-Worms
(imho there are up to 4 of those patches)
or temporarily enable WIN-XP's Firewall (this block 135 and 445 TCP/UDP inBound, if not, you must configure it to do so)


have you done Windowsupdates repeatedly ? until NOTHING shows up under:

ServicePacks and Critical/Important updates or so ?

 

Also read here:
http://www.avast.com/i_idt_1372.html
and on the respective pages on Microsoft's site

 

[DSredTX]

Hi whocares,

After I did my system recovery, I deleted the Norton files out of my system. I DID still have the Symantec FixBlast on my computer. (Which had NEVER fixed the Blaster worm in the past.)

Instead of reinstalling the Norton on my computer, I downloaded avast! Home Edition. When it found where the Blaster worm was hiding, I downloaded their virus cleaner program. When I attempted to have that program delete the virus/file is when I got the message I mentioned in my earlier post. Whether that message was generated from avast!'s program or from my own computer, I am not sure.  After I got that message, I elected to have the file put into the avast! Chest.

I HAVE applied the Blaster patch provided by Microsoft and I have applied ALL the Service Packs & Critical updates that you mentioned. I also applied some, but not all of the other updates avaliable from Microsoft. The ones I didn't apply are updates that pertain to things that I don't use on my computer.

I HAVE NOT applied any firewalls on my computer. Early on I encountered a problem regarding a firewall & ever since, I have steered clear of them. I admit I know nothing about firewalls!

I only came to this forum to find out if I could safely delete the file the Blaster worm was in without causing problems on my computer. I appreciate the help you and the others have tried to give me. (Although, I don't think Igor believes that I actually got the message that I mentioned in my earlier post...sorry, Igor but I didn't take a photograph of the screen so I could prove that I had actually received that message and show what the EXACT words were.)

Thanks everyone,
DSredTX

[igor]

Yes, you can safely delete the file.

I believe you got that error message... I only don't believe it came from avast! Virus Cleaner. As the author of it, I know what messages it can give