worm on XP

  • Thread starter Thread starter cynthia
  • Start date Start date
C

cynthia

i've found instructions for running worm removal tools
from windows, but can anyone tell me if i can run this
stuff from BIOS? and if worse comes to worse and i have to
re-install windows or repair the damaged file with the XP
setup cd, will i lose all the info on my hard drive?
please, if anyone can help i would be intensely grateful.

cynthia
 
Hi Cynthia,
You can not run programs from the BIOS, it is a hardware system that
assists with the hardware in your machine. While some BIOS versions do
include virus capabilities you should consult the BIOS manufacturer for
assistance with this.

If you do need to re-install windows you should backup any neccessary data
to be safe but it should not damage any files already on the system.

I am also including some basic instructions for removing the worm if you
are comfortable working in your registry:

1. Remove the infected computer from the network and reboot into Safe Mode.

2. Locate the files below, plus the Value "windows auto update" under the
Run registry key and deleted them all:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

MSBLAST.EXE under the "C:\Windows\system32" folder

MSBLAST.EXE-1c3a3376.PIF under the "C:\Windows\prefetch" folder

2a. If you are running Windows XP (any version) it is also recommended that
the Internet Connection Firewall be enabled to prevent re-infection when
connecting to the internet.

3.Contact your Antivirus provider for assistance in using any removal tools
they are providing or you can use one that Symantec is providing.
Symantec's Removal tool
<http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.re
moval.tool.html>.

4. If the OS continues to shut down when trying to connect to
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp, with the
dialog box stating the OS will be shutting down in 30 seconds.

Set the RPC Service to "Take No Action" and reboot, this should allow you
to download the patch and install it.

Disclaimer:
While this may remove the worm in the short term it is advisable to backup
any data and then format and reinstall the computer. Once infected by a
virus, worm or other malicious program it is not possible to verify that
another program that could compromise the system has not been left by the
original infection.

Third party products mentioned in this posting are the sole responsobility
of the vendor providing them and in no way should this be considered an
endoresement by Microsoft.

--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support
MCSA, MCSAS,MCSE, MCSES

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
--------------------
 
Back
Top