Windows 2000 Worm Removal Information
Allow two to three hours to perform this procedure. If the computer is used
to handle sensitive information or services, the cleanup method that involves
the least risk is to re-format and re-install.
- Right-click here and choose
"Save Target As" to download the Windows 2000 Firewall.
- Click the Symantec/Norton gold shield icon in your taskbar (you do have
the Symantec antivirus installed, right?) and when the window comes up, click
the LiveUpdate button to make sure you have the latest anti-virus definitions.
- Double-click the firewall2000.exe file you downloaded. It will create a
folder named firewall 2000.
- Open the firewall2000 folder and double-click the firewall.hta file.
Follow the instructions to enable the firewall.
Right-click here and choose "Save Target As" to download the
McAfee Stinger Tool to your desktop.
- Start the computer in safe mode:
- Turn the computer off.
- Turn the computer on and as it starts up repeatedly tap the F8 key until the menu appears letting you choose SAFE mode. If the computer comes
all the way up without giving you the menu, restart it and hit the key earlier in the startup process.
If you still can't get it to work, stick a blank floppy disk in the computer,
restart the computer, and when the computer complains about a non-system disk, remove the floppy diskette
and hit the F8 key repeatedly.
- Double-click the McAfee Stinger Tool you saved
in step 4. That will recognize and get rid of the most common worms. If you
want to be more thorough, scan the hard drive with your Symantec anti-virus
software at this point.
- Add any additional hard drives you may have to the list of drives to scan.
- Click "Scan Now". The Stinger tool will remove common worms and viruses.
- Start Symantec and let is scan your computer too. If neither Symantec nor
Stinger find anything wrong, you may have a newly released virus that cannot
presently be detected or fixed with software. Your alternatives at that point
- Reformat and reinstall
- Wait for new anti-virus definitions through liveupdate which may take
- Manually download the latest emergency Symantec definitions and try
again. This is a manual process consisting of downloading Symantec's
"Intelligent Updater". It usually has definitions days before Liveupdate so
it may be able to find something that the normal Liveupdate process does
not. To manually download the Intelligent Updater:
- Visit the
Symantec Intelligent Updater web page.
- Look under the second yellow bar for a file with a name ending in ".exe"
with the general format 2005mmdd-xxx-x86.exe where mm=month, dd=day, and
xxx=a numeric version number.
- Right-click that file and download it to your desktop. It may take a
while because the file is quite large.
- Once the download is finished, double-click it and the file will update
your anti-virus software so that it will detect everything that Symantec
knows about at the time the file was created.
- A complex, onsite, manual removal process which very few people can
properly do and which may leave malicious software on your computer
- Restart the computer
- With the prevalence of "viruses" today that provide third parties the
ability to control infected, compromised computers, including the ability to
log password keystrokes, it is strongly recommended that any passwords that
may have been typed into an infected computer be changed. You must also keep
in mind that other information, such as credit card numbers, personal
documents, and electronic communications, may also have been intercepted.
- Perform the StartSafe steps to
help ensure your computer doesn't get infected again necessitating repeating
all this mess.