Computer Advice, Pretty Please

Okay, so I've had this worm and it's taken 3 days and money to clean up my computer for viruses. NOW it's doing this weird thing, where it goes to my desktop if I leave the room for awhile, but the desk top doesn't show the icons and the only way I am able to get back to the web is to click ctl/alt/delete -

BUT then if I go off and do something again and come back to the empty icon desk top, the ctl/alt/del won't work a second time and I have to manually turn off the computer in order to get back on again.

Argggghh...any idea of what I should do.

Get jv16 Power Tools and clean the registry and attempt to fix registry entries. Before you do that, run Spybot-Search & Destroy. Will that work? Dunno, but it's a good place to start.

Both available at http://www.webattack.com

I'm afraid of Spybot

nasty spybots.. :) It's ok :)

(not wanting to start a flame war)
BUT
Ditch your PC and get a Mac.

I hear the OSX is open sourced. I would love to buy a g4 or g5, but I am a heavy computer gamer, have you tried emulating windows or running windows programs in OSX, if so is it easy?

be a speed hit. (Virtual PC, now owned by MS)

Apple is getting more action on the gaming front, but you will not see many down at CompUSA. Mail order has always been the Mac market.

http://www.macgamer.com/

Gotta have the new Tony Hawk.

Get the G5. It is worth the extra $$

BTW if you are a Linux/Unix type, be sure to check out the Fink project.

http://fink.sourceforge.net/index.php

They have formed an alliance with Gentoo to port more Linux/Unix apps to Darwin.


edtied for much needed practice.

But for now, we're stuck w/ this.

Throw away the OS. Load Linux. Problem solved.

Mandrake or SuSE for starters. Good distros, easy to install.

Reformat and reinstall (at least once a week)

I has win2000 and this worked for me.

Right click on toolbar at bottom and pull-up task manager. Go to process and see if "MsBlast.exe" is running. If it is then this is the executable file that is the 'worm'.

To get ride of it, reboot the system but do not start you internet connection.

Go to start..find file...type in MsBlast.exe for the file to search for on your 'c' drive (if this is the drive your operating system resides on). The search should locate "MsBlast.exe" in your WinNT folder under system32 file. This file contains all your DLL's and executable files that run under win2000 Operating System.

Open windows exployer and find the file in NT..system32...highlight the file then delete it with the "X" button on the toolbar. This will delete the worm.

Reboot the computer and you should be good to go.

I am sure there are registry entries to be cleaned, but my system seems to run ok after just deleting the worm executable.

I also noticed that if I made a internet connection with the MsBlast executing, then I would get strange internet packets (sync packets)being sent to an internet address 73.73.xxx.xxx. I presume that address is microsoft.

To see this go to the command prompt (old MSDos command) and type "Netstat -a". This give you all your TCP/IP connections established from your computer to the internet. If the worm is running you can see its attack on the microsoft server as each internat packet is launched. This is called a 'denial of service' attack.

A very nasty bugger that MsBlaster. It also is 'contagious', it spreads from computer to computer.

I also noticed a strange file on my 'c' drive called "_AVeryUnusualName.txt". If you view this file using "Edit _AveryUnusualName.txt" command at the command prompt you will see the last line in the file says "Do not register before May 23, 2003". I am not sure, but I think this script allowed the worm to propagate through the net for a long time before starting its attack. I did not delete this file because I suspect the presence of this file will stop further 'infections'. But not having decompiled the MsBlast.exe and actually looking at the code, this is speculation on the mechanisms it uses to infect and hide.

I don't guarantee what I did will work for you, but it worked for me.

On edit...dang MsBlast.exe is back. I must have another file that is reinfecting my computer. Sigh, more research is needed.

called Msblast in the registry.

OK, a note of caution, messing with the registry can mess the computer up big time. It is a good Idea to make a back-up of the registry or be prepared to reload the operating system if the registry does get bolixed-up.

With that said, go to start...run..and then type in "regedit" in the box. This will open the registry editor.

At the top you will see a edit button..click on this and notice the "Find" button..click on this..will open a box..type in "MsBlast" into the box and check the keys value and data boxes. Then click on find next..this will locate the first entry in the registry that has "Msblast"..when found..operate edit again and then delete to delete the entry..then edit once more and then find next...repeat this proccess untill all entries of MsBlast are found and deleted from the registry.

Again, messing with the registry can cause the system to bomb..be prepared to back-up registry or reload the operating system if it goes wrong. I really do not recommend registry editing for the those with weak hearts.

After deleting MsBlast in all the registry entries I get exception reports of handling failures. On a 'normal' computer, these would be 'blue'screens of death requiring a reboot to restart. On my machine I have MSDEV C++ developer software and can invoke a decompiler/disassembler to handle the exception report and not require the machine to reboot.

But the problem remains.

The offending program causing the exception is 'svshost'.

More research is needed and I am tired.

There is a detailed procedure at Microsoft updates to clear the worm in cased you want detailed procedures from the pro's.

But for me, I like to work it out myself.

Sorry, I cannot give more at this time.

:kick:

Ok. You need to get the patch from microsoft first things first.

Microsoft patch


then you need to go to symantec and get yourself the msblaster removal tool to make things easy.

Symantec


Read the instructions on that symantec page, very helpful.


You need a good virus scanner (I use AVG, I'm sure others will chime in with recommendations) and a firewall (be it software or hardware, you need a firewall if you're gonna be connecting to the internet) and lastly you need some adware/spyware remover (i use ad-aware, again, I'm sure that others will chime in with their recommendations).


Hope this helps, good luck to you.