AIM Virus Removal Instructions

Another Old Content Update. I'm not hosting the Automatic Removal Tool anymore, so who knows when the link will expire.

Realphx / TalkStocks ( AIM Virus ) Removal Instructions / Tools:

Download the Removal Tool (automated javascript) — Just download it and run it. (or just open it directly)

These may have appeared in your profile if you have been infected:

"Whoa….look what I found, click here"


"I can't believe I found 'yourScreenName' Picture here"

Manual Removal Instructions:

  1. Press the CTRL, ALT, and DEL keys at the same time to bring up the task manager.
  2. Click on the processes tab (windows 2000/XP), and find 'b.exe', 'bbb.exe' or 'av.exe' and kill the process.
  3. Go to C:\Windows\ and delete 'b.exe' and 'bbb.exe' or 'av.exe' (or do a search for the virus: click Start > Search > look up each virus individually) Delete these when you find them.
  4. Click Start, then click on Run, type in "Msconfig" in the box and press ENTER.. When the box comes up, click on the "startup" tab and look for "b.exe" or "av.exe" listed (possibly listed under"antivirus") then uncheck the box to the left. (Windows 98/XP only)
  5. Clear your profile (or make a new one) and restart.
  6. When the msconfig box comes up after restart just check the box telling it not to come up again.

IMPORTANT: If you are seeing many other effects like "adult links" and extra toolbars in your Internet Explorer, the virus has also installed other programs called spyware and adware. To remove them download and run Spybot and Ad-Aware then update and run a full system scan with each.



Remove the Blaster Worm [MSBlast, etc]

Remove the Blaster Worm [MSBlast, Blaster, etc.]

  • Editing the RPC to allow you to connect to the internet
    • Start > Run
    • Type: "services.msc /s" in the open line and click OK
    • On the right hand side find the Remote Procedure Call service [there is a Remote Procedure Call Locator service, do not confuse the two]
    • Right-click the Remote Procedure Call (RPC) service, and then click Properties.
    • Click the Recovery tab.
    • Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
    • Click Apply, and then click OK.

      Note: Make sure you change these back after removing the virus.


  • For Windows XP
    • If your computer reboots repeatedly, please unplug your network cable from the wall.
    • First, enable Internet Connection Firewall (ICF) in Windows XP:
      • In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
      • Right-click the connection on which you would like to enable ICF, and then click "Properties".
      • On the Advanced tab, click the box to select the option to "Protect my computer or network".
    • Plug the network cable back into the wall to reconnect your computer to the Internet
    • Download the MS03-026 security patch from Microsoft and install it on your computer:
    • Windows XP (32 bit)

      Windows XP (64 bit)

    • Install or update your antivirus signature software and scan your computer
    • Download and run the worm removal tool from your antivirus vendor.
  • For Windows 2000 systems, where Internet Connection Firewall (ICF) is not available, the following steps will help block the affected ports so that the system can be patched. These steps are based on a modified excerpt from the article; HOW TO: Configure TCP/IP Filtering in Windows 2000.
    • Configure TCP/IP security on Windows 2000:
      • Select "Network and Dial-up Connections" in Control Panel.
      • Right-click the interface you use to access the Internet, and then click "Properties".
      • In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
      • In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
      • Click the "Options" tab.
      • Click "TCP/IP filtering", and then click "Properties".
      • Select the "Enable TCP/IP Filtering (All adapters)" check box.
      • There are three columns with the following labels:
        1. TCP Ports
        2. UDP Ports
        3. IP Protocols
      • In each column, you must select the "Permit Only" option.
      • Click OK.
    • Download the MS03-026 security patch for Windows 2000 from Microsoft and install it on your computer from:
    • Install or update your antivirus signature software and scan your computer
    • Then, download and run the worm removal tool from your antivirus vendor.
  • Prevention: