I have (hopefully) managed to remove all the spyware.

I downloaded the blaster worm removal tool from symantec and even updated my norton anti virus.
it did clean the worm at that time but now it somehow keeps on coming from other files like c:\windows\system32\tftpxxxx and the file cannot be shown in windows explorer and the anti virus also cannot do anything about it.

Anyway i have turned on the in-built firewall in winXp pro and no signs of it yet.

Btw, i tried to dl the sp1 and the rpc error patch but whenever i try to run their setup, as soon as it starts and the setup wizard dialog pops up, which tells me to close all the progs before clicking 'next', my hd lights starts blinking like hell and keeps blinking and the installation doesnt seem to progress due to it cause the cpu seems too busy with other things.
if i press ctrl+alt+del , i see arnd 4-5% cpu util by 'update.exe' and and the rest 96% by 'System Idle Process'.

So what exactly is this happening, and how do i proceed to install the patch?
if i wait for too long, and let the hd work then the blue screen comes up.

btw, will enabling winxp's firewall protect me from the worm or do i need to configure it somehow or use a diff firewall altogether , like zone alarm,etc?
Posted on 2003-08-13 16:28:10 by clippy
I put up some
removal instructions

I don't know if the built-in firewall by MS in XP will help :/ check the MS tips page in my post where they comment on firewalls.

If you can't stay connected long enough with windowsupdate get it either from their server or from the board here. use something like getright to resume
Posted on 2003-08-13 17:24:53 by Hiroshimator
No,no. you see i managed to download the patch from the windows update site, but my hd starts working when i double click on the file, and try to install it.

but anyway i have enabled the xp firewall and havent noticed the worm till now since then :)
Posted on 2003-08-14 16:20:15 by clippy

but my hd starts working when i double click on the file, and try to install it.

Nah, that's just M$ poking around in you disk looking for important files to destroy :grin:
I think all M$ setups do that, I think they look for needed files, and considering that windwos is amaster in fragmenting (my big with loots of free space, not even half is used (sic!), but windows just can't avoid fragmenting every damn file, even those small 4-12kb files! (it's not unusual for me to such files with 2-3 fragments :() ) disks no wonder it looks all over the disk...
Posted on 2003-08-14 17:46:25 by scientica
Unable to install the patch

Yesterday i triyed this for 3 hours :mad:
Only this worked for me:
1. copy SAM, security, software files from winnt\repair\ to winnt\ system32\config
(you're lusky if you use FAT, I had to use Win XP Preinstallation Environment CD to boot and see my NTFS)
2. reboot and install path
3. play with restorepoints that XP created
you may have to re-activate windos after (2) or (3)

don't now much about these worms, but first time i've got "lsass.exe" problem was 2 month ago
(microsoft solution was "simply reinstall windos", but i found above from Inet - this helped me 4 times for now;)

now i'm so tryed with this stuff, may be this is because i (like 0,1% in russia) use legal copy :grin:
Posted on 2003-08-14 22:03:35 by S.T.A.S.

don't now much about these worms, but first time i've got "lsass.exe" problem was 2 month ago

What is the 'lsass.exe' problem? Also what does this exe do anyway? i see it in my list of programs running when i do ctrl+alt+del.
Posted on 2003-08-15 15:05:35 by clippy
What is the 'lsass.exe' problem?

Local Security Authority (LSA) process. If it fails NT reboots
google <error "lsass.exe"> and you'll see you're happy not knowing this
Posted on 2003-08-16 00:24:06 by S.T.A.S.