Blaster (not me) Virus

**whats in a name** · 5 May 2004, 10:30

look on the av sites

Norton et al have removal tools.

Yes in general deleting the prog, take the entry out of HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run folder.

But where did it come from ? Do you have a different installer somewhere ? Run the norton removal tool to be on the safe side.

Oh - if you're on XP you might have to disable systyem restore (right click on my computer/properties) or windows can reinstall the damn things

**BlasterBates** · 5 May 2004, 10:47

Re: look on the av sites

Where did it come from?

Good question

I don't have e-mail, I use another machine for that. It must have appeared when I was using the internet, the date stamp is actually August 2003; so it would appear that it's been there for a while. I was actually checking for the sasser virus (i.e. avserve.exe), which I don't appear to have.

At the weekend my PC became very slow while surfing (the reason I'm checking) so I switched off and on, then in order to get my IExplorer working again which kept displaying an error message, I had to delete the cache. Weird, maybe I didn't pick up Sasser but this Blaster thing.

All a bit worrying really; my unprotected Windows NT desktop doesn't have any problems at all, but it's not a target for these worms and I don't open suspicious mails.

**whats in a name** · 5 May 2004, 12:28

worms

several of the latest worms dont run on nt/2k anyway.

Have a look through the registry folder I mentioned and do a google on every program thats running - you should find out if they are legit or baddies.

I talked my father in law through sasser removal a couple of days ago - at the time the avserve.exe wasnt referenced on norton or mcafee so he must have been an early hit - they quoted skynet or wserve as being thte programs to avoid.

told him to go into task monitor to see what was running and I went through the list of processes in google to see if they made sense. I found 1 reference to avserve in german - put it through babbelfish to see what they said. Killed the process, removed the reg entry and the file - It seems to have screwed up his antivirus though - Ive sent him an install disk and some firewall software. Told him to buy a real firewall and run ms update.

Blaster (not me) Virus