View Full Version : Blaster Worm

03-23-2004, 01:52 AM
My xp pc was infected with the blaster worm, i ran the patch and the symantec removal tool. It appears to have been successfully removed except that i cannot connect to the internet. I have a functional high speed connection, the nic is working and is configured correctly, tcp/ip and dhcp are right. I tried ipconfig /release /renew, and i have run the new connection wizard. The strange thing is i can ping out, my ip addy is valid. Firewall disabled. Any ideas, i am lost????

03-23-2004, 05:15 AM
Hi Tranquil, Welcome to http://www.pcguide.com/ubb/pcgubb.gif

Try these instructions from symantec,

1. Restoring Internet connectivity
In many cases, on both Windows 2000 and XP, changing the settings for the Remote Procedure Call (RPC) service may allow you to connect to the Internet without the computer shutting down. To restore Internet connectivity to your PC, follow these steps:

Click Start > Run. The Run dialog box appears.


in the open line, and then click OK. The Services window opens.

In the right pane, locate the Remote Procedure Call (RPC) service.

CAUTION: There is also a service named Remote Procedure Call (RPC) Locator. Do not confuse the two.

Right-click the Remote Procedure Call (RPC) service, and then click Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
Click Apply, and then OK.

CAUTION: Make sure that you change these settings back once you have removed the worm.


Secondly, the svchost.exe might be missing or your Anti-virus software might
have deleted it. (as some worms copies the Svchost.exe file over the
legitimate svchost.exe one)

Extract new copy of svchost.exe from XP CD

If the above doesn't work try running LSP Fix (http://www.cexx.org/lspfix.zip) , this is a utility to repair a specific type of Winsock problem which may impede internet connectivity.

Sometimes a "hard restore" of Windows' networking components may be required, this involves uninstalling and reinstalling the "Communications" item in Windows setup.

You might find these links useful,

Blaster worm - How to Recover (http://www.techstuff.ca/archives/394.html)

david eaton
03-23-2004, 03:10 PM
And, if shanmuga's advice doesn't work, it might be as well to remember that the blaster worm loves company!
There may be other undetected gackware on your machine. To find out, please download Hijack this (http://mjc1.com/mirror/hjt/). Unzip it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.