Can a Patch Help an Infected PC?

Factual Questions
1

Can a patch help an infected PC, or is it too late? In general, what is a patch? - Jinx

2

A patch is a piece of code that will close a security hole or update functionality, generally speaking.

In regards to the current w32.blaster.worm that’s spreading, Microsoft identified a security problem last month and issued a patch - meaning, they found a way that their software could be attacked, and they wrote some code that would prevent someone else from misusing it.

If your computer is already infected, then a patch will fix the hole, but will generally not clean the infection.

Think of it in these terms:

You have a broken window (security hole) in your house (software program). If you nail some plywood over the hole (apply the patch), then someone won’t sneak in that way. However, if someone’s already broken in (infected with a virus) then closing the hole doesn’t do anything about the burglar already inside.

Clear as mud?

3

Ino, good comparison! I understand. What if I go into DOS, can’t i just delete msblast.exe? - Jinx

4

Unfortunately, I don’t know the answer to that specifically. Generally, it depends on the virus/worm; some can be simply deleted, and others are a little more sneaky and require more effort to clean.

If you are infected, I recommend looking at Symantec’s w32.blaster.worm removal tool which will clean your machine for you.

Don’t forget to apply the patch afterwards, or all you did (using the terms before) was kick the burglar out, but leave the window wide open.

5

Ino, to get the patch I need…I need to know if I have Windows XP 32 or 64 bit version!!! How do I tell??? All I know is I have the following: Windows XP Home Edition version 5.1 (Build 2600.xpsp 1.020828-1920 : Service Pack 1).

Does this mean anything regarding bits???

  • Jinx
6

Most home PCs will be running the 32-Bit version. If you had the 64-bit version, you’d know it.

7

Jinx, you have Windows 32 bit version.
Go to http://boards.straightdope.com/sdmb/showthread.php?threadid=203867
Lots of info here. I have a step by step process at the bottom of the 2nd page to remove the virus.

If you don’t have the virus then open IE and click “Tools” and “Windows Update”. This will automatically scan your system and show you updates available.

8
      • Usually, no:
  1. the virus/worm will often copy itself to several differently-named files, and one or more of these files will run upon startup. Each file will check to make sure that all the other files are present, and if any have been deleted, it will re-copy and name them. By the time ordinary net-surfers hear about end-user viruses or trojans, usually all the files concerned are known, but you may not be able to find them or delete them all manually…
  2. the virus will sometimes disable the search function so that the whole computer doesn’t get searched, or the delete function so that the files in question cannot be deleted. Or both.
  3. the virus may append itself to a normal system file that must be run–such as windows.exe, so that no matter what, even if you delete all the other files somehow, this one still gets run. And re-copies all the other files.
  4. some viruses also disable the OS to the extent that the OS cannot “clean” itself at all, even with an anti-virus boot CD, and then you have to re-install the whole OS. The virus will prevent any “virus-specific cleaner” from running, as well as anything else that will remove or disable it. With the antivirus software I bought, when you install you first must boot into DOS and the CD scans the entire system, except that the DOS checking program kept halting on some error. The instructions said that if this sort of error occurs, then the computer OS has to be totally re-installed. That isn’t always absolutely true though; what it really means is that the infected OS cannot clean itself…
  • If you have a second computer, you can remove the first computer’s infected hard-drives, and then attach them as slaves to the second computer, and scan and clean the OS that way. This doesn’t guarantee that the infected/cleaned OS will run properly, but it’s a good bet, and it does save all the data on the infected hard drive.
    ~
9

How can I make the bad PC a slave of the good PC? Is there some way to use my (good) laptop as the primary PC to scan the (infected) desktop PC? How can I do this? - Jinx

10
      • Well, I dunno about a laptop, because I don’t know if there’s any way to attach a normal desktop HD to a laptop. You can hook laptop drives->to->desktop computers, but I dunno about the other way. But what I said is that you could install antivirus software on a second (uninfected) desktop computer, and then take the infected HD and attach it to the second desktop computer as a slave HD, and then scan and clean the whole infected HD. The second PC won’t become automatically “infected” from starting up with the infected HD attached as a slave, because nothing on the infected HD will run automatically upon startup.
        ~
11

Symantec Security Response has developed a removal tool to clean the W32.Blaster.Worm infections.

12

What happens if someone tries to use the removal tool, but does not actually have the worm?

13

Eveanyn, I don’t think it’ll matter at all. Likewise, I have the reverse. Someone recommended to me to try “Stinger” available at http://vil.nai.com/vil/stinger …but it didn’t find my virus. Hence, it is as if it isn’t there. However, I should add a posible reason for this: I scanned my HD with Mcafee getting updates downloaded (in an unconventional method via zip file) and running in safe and DOS mode. Mcafee simply identified the virus and renamed it msblast.vxe instead of msblast.exe. I wonder if this is throwing off Stinger???

In short, Eveanyn, it won’t matter if you run the tool, but don’t have the worm. When the scan is completed, the report will show nothing. (from personal experience with similar tools) - Jinx