Below are the recommended general cleaning techniques for MS05-039 infections associated with the Windows 2000 environment. The key steps are to remove the current virus with a standalone removal tool, get Windows 2000 to Service Pack 4, and then apply the MS05-039 patch so you system is bullet-proof from current and future infections based on this specific security exposure.
1. IF NEEDED: Download Windows 2000 Service Pack 4
plus the MS04-011 patch
. (this step can be skipped if user has these)
2. Download MS05-039 patch from Microsoft
3. Download McAfee's Stinger standalone cleaning tool
(which handles all major Zobot and other MS05-039 threats). Other AV and MS based standalone cleaners can be used also.note - in steps 1-3, you may need to use another uninfected PC if they have the continuous reboot issue; also AV and Firewall protection may be gone as these worms clobber most of the popular ones. You can copy to and from a CD or USB memory stick to capture these repair tools. Stinger should fit on a diskette
4. Run McAfee's Stinger cleaning tool
(or other standalone AV or MS cleaning
tools) to remove worm infection
5. IF NEEDED: Apply Windows 2000 SP4 and then reboot. Then apply the MS04-011 which provides protection against Sasser.
6. Apply the MS05-039 patch from Microsoft
7. Connect back to the Internet and run Windows Update
Then update your Antivirus software. Update or add a firewall system if you need one.
8. From a lessons learned standpoint - always check at least once per month on every 2nd Tuesday for MS updates and apply them right away