Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MS05-039 Cleaning infections for Windows 2000 PCs

  • Please log in to reply
1 reply to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:33 PM

Posted 17 August 2005 - 11:16 AM

Below are the recommended general cleaning techniques for MS05-039 infections associated with the Windows 2000 environment. The key steps are to remove the current virus with a standalone removal tool, get Windows 2000 to Service Pack 4, and then apply the MS05-039 patch so you system is bullet-proof from current and future infections based on this specific security exposure.

1. IF NEEDED: Download Windows 2000 Service Pack 4 plus the MS04-011 patch. (this step can be skipped if user has these)

2. Download MS05-039 patch from Microsoft

3. Download McAfee's Stinger standalone cleaning tool (which handles all major Zobot and other MS05-039 threats). Other AV and MS based standalone cleaners can be used also.

note - in steps 1-3, you may need to use another uninfected PC if they have the continuous reboot issue; also AV and Firewall protection may be gone as these worms clobber most of the popular ones. You can copy to and from a CD or USB memory stick to capture these repair tools. Stinger should fit on a diskette

4. Run McAfee's Stinger cleaning tool (or other standalone AV or MS cleaning
tools) to remove worm infection

5. IF NEEDED: Apply Windows 2000 SP4 and then reboot. Then apply the MS04-011 which provides protection against Sasser.

6. Apply the MS05-039 patch from Microsoft and reboot

7. Connect back to the Internet and run Windows Update Then update your Antivirus software. Update or add a firewall system if you need one.

8. From a lessons learned standpoint - always check at least once per month on every 2nd Tuesday for MS updates and apply them right away :thumbsup:

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:33 PM

Posted 20 August 2005 - 12:26 AM

Microsoft offers Zotob removal tool.

Microsoft has made available a free software tool to help victims of the worms that hit Windows computers in the past days clean their systems.

The cleaning program, released Wednesday, is an updated version of Microsoft's Windows Malicious Software Removal Tool...

The updated cleaning program checks for and removes infections from Zotob.A through Zotob.E, as well as from Bobax.O, Esbot.A, Rbot.MA, Rbot.MB and Rbot.MC, according to Microsoft. The list represents all known variants based on Microsoft's investigation...

Published: August 17, 2005, 6:40 PM PDT
By Joris Evers
Staff Writer, CNET News.com

Complete article at CNET News
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users