A-to-Z Index

Computing Homepage

Information Technology Help Desk

Operational Hours and Exceptions


Windows 2000 Worm Removal Information

Allow two to three hours to perform this procedure. If the computer is used to handle sensitive information or services, the cleanup method that involves the least risk is to re-format and re-install.

  1. Right-click here and choose "Save Target As" to download the Windows 2000 Firewall.
  2. Click the Symantec/Norton gold shield icon in your taskbar (you do have the Symantec antivirus installed, right?) and when the window comes up, click the LiveUpdate button to make sure you have the latest anti-virus definitions.
  3. Double-click the firewall2000.exe file you downloaded. It will create a folder named firewall 2000.
  4. Open the firewall2000 folder and double-click the firewall.hta file. Follow the instructions to enable the firewall.
  5. Right-click here and choose "Save Target As" to download the McAfee Stinger Tool to your desktop.
  6. Start the computer in safe mode:
    1. Turn the computer off.
    2. Turn the computer on and as it starts up repeatedly tap the F8 key until the menu appears letting you choose SAFE mode. If the computer comes all the way up without giving you the menu, restart it and hit the key earlier in the startup process. If you still can't get it to work, stick a blank floppy disk in the computer, restart the computer, and when the computer complains about a non-system disk, remove the floppy diskette and hit the F8 key repeatedly.
  7. Double-click the McAfee Stinger Tool you saved in step 4. That will recognize and get rid of the most common worms. If you want to be more thorough, scan the hard drive with your Symantec anti-virus software at this point.
  8. Add any additional hard drives you may have to the list of drives to scan.
  9. Click "Scan Now". The Stinger tool will remove common worms and viruses.
  10. Start Symantec and let is scan your computer too. If neither Symantec nor Stinger find anything wrong, you may have a newly released virus that cannot presently be detected or fixed with software. Your alternatives at that point are:
    1. Reformat and reinstall
    2. Wait for new anti-virus definitions through liveupdate which may take days
    3. Manually download the latest emergency Symantec definitions and try again. This is a manual process consisting of downloading Symantec's "Intelligent Updater". It usually has definitions days before Liveupdate so it may be able to find something that the normal Liveupdate process does not. To manually download the Intelligent Updater:
      1. Visit the Symantec Intelligent Updater web page.
      2. Look under the second yellow bar for a file with a name ending in ".exe" with the general format 2005mmdd-xxx-x86.exe where mm=month, dd=day, and xxx=a numeric version number.
      3. Right-click that file and download it to your desktop. It may take a while because the file is quite large.
      4. Once the download is finished, double-click it and the file will update your anti-virus software so that it will detect everything that Symantec knows about at the time the file was created.
    4. A complex, onsite, manual removal process which very few people can properly do and which may leave malicious software on your computer
  11. Restart the computer
  12. With the prevalence of "viruses" today that provide third parties the ability to control infected, compromised computers, including the ability to log password keystrokes, it is strongly recommended that any passwords that may have been typed into an infected computer be changed. You must also keep in mind that other information, such as credit card numbers, personal documents, and electronic communications, may also have been intercepted.
  13. Perform the StartSafe steps to help ensure your computer doesn't get infected again necessitating repeating all this mess.