FDISK to get rid of Blaster Worm?

[george]

If i were to FDISK my hardrive and reinstall my programs
will this get rid of the Blaster Worm?

 

[John Barnett - MVP]

George that is one way of doing it. Another is
reformatting the drive and reinstalling, but it is a
little drastic. Have you tried the cures suggested by the
anti virus companies? Try www.symantec.com and search for
blaster. Kaspersky labs also have a downloadable utility
to eradicated blaster. This is available at:

ftp://ftp.kaspersky.com/utils/clrav.zip

The file, incidentally, is zipped so you will need to
unzip it.

Hope this helps

John Barnett - MVP
Associate Expert

 

[Rick \Nutcase\ Rogers]

Hi,

Only until you reconnect the unprotected machine to the internet. Address
the problem rather than trying to work around it. Would you have your car's
engine rebuilt when all you needed was a new fuel filter?

Information:

http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/?kbid=823980

Problem is, you needed to install the patch BEFORE you got infected to avoid
it. Now you need to clear it out first.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x

Associate Expert - WinXP - Expert Zone

 

[GSV Three Minds in a Can]

yes,but download the patch and save it to floppy before wiping--disconnect
the pc from the internet during reinstall--apply the patch before
reconnecting to the net or you will be reinfected before you can download
the patch.

instead you may wish to try the following:
http://www.kellys-korner-xp.com/xp_qr.htm#rpc

There are 2 more variants out now.
The exes for the variants are teekids.exe and penis32.exe
Kelly's script kills all 3 variants.

If you are having trouble staying up to get the patch and removal tool:
When the shutdown prompt appears,go to start/run and type
shutdown -a to abort the shutdown process to allow you to stay up and
online.

Larry, isn't SP1 a pre-req for the patch? If so, a re-install is only
going to help if the OP has SP1 on hand (or if his CD already has SP1 on
it). Seems a bit drastic to me, given that there are other removal
methods.

 

[Larry Samuels MS-MVP XP \(Shell/User\)]

No--the patch will install on 2600--if you install the patch and upgrade to
SP1 the patch remains in place.

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone -