1. IF NEEDED: Download Windows 2000 Service Pack 4 plus the MS04-011 patch. (this step can be skipped if user has these)
2. Download MS05-039 patch from Microsoft
3. Download McAfee's Stinger standalone cleaning tool (which handles all major Zobot and other MS05-039 threats). Other AV and MS based standalone cleaners can be used also.
note - in steps 1-3, you may need to use another uninfected PC if they have the continuous reboot issue; also AV and Firewall protection may be gone as these worms clobber most of the popular ones. You can copy to and from a CD or USB memory stick to capture these repair tools. Stinger should fit on a diskette
4. Run McAfee's Stinger cleaning tool (or other standalone AV or MS cleaning
tools) to remove worm infection
5. IF NEEDED: Apply Windows 2000 SP4 and then reboot. Then apply the MS04-011 which provides protection against Sasser.
6. Apply the MS05-039 patch from Microsoft and reboot
7. Connect back to the Internet and run Windows Update Then update your Antivirus software. Update or add a firewall system if you need one.
8. From a lessons learned standpoint - always check at least once per month on every 2nd Tuesday for MS updates and apply them right away
