Download the Microsoft XP and XP SP1 critical patch for April 13th here:
May 3, 2004: Sasser worm
variants are sweeping the globe.
Sasser worms information
Updated Monday May 3, 2004:
To clean infected machines:
1. Remove from network
2. Burn to CDR on clean machine the MS
patch, McAfee Stinger removal
tool, and AV updates (Symantec has May 2 definitions).
3. Apply patch, removal tool, and AV updates in that order using CDR on sick
machine.
4. Enable firewall feature on XP machines.
Microsoft
advisory
Sasser
info and manual removal instruction: Symantec
Symantec Sasser
Removal Tool
McAfee Sasser Page
Mcafee Stinger tool (will remove
Sasser)
Comments:
Remove infected machine from the network or broadband connection. Pull the ethernet cable. If you need a removal tool as they develop (or for Sasser above) download on another machine and transport by CDR or floppy to infected machine.
You may not be able to clean your machine until you
apply the critical April
13th patch from Microsoft. (as well as all other critical updates
as soon as possible), but the April 13th patch is the one that is essential for
these new worms. Download it on a clean machine and burn it to a CDR (too large
for a single floppy...about 2.58 megabytes)
If you can't get the patch from MS... it's here for XP and XP SP1 users:
|
|
Download the Microsoft XP and XP SP1 critical patch for April 13th here:
|
How to tell if the April 13th patch is already applied? This patch
will show up on XP machines in Control Panel/Add or
Remove Programs and look like this way down the list:
Rescan with updated virus definitions. After cleaning up infection on XP and
Millennium machines flush
the System Restore points. Disable System Restore, reboot to
flush the bad files, then re-enable System Restore.
*******************************************************************