Windows Updates

  • Thread starter Thread starter skc
  • Start date Start date
S

skc

Hi,

I have a Windows XP Pro machine and it has a
virus...Blaster is there, Sasser, etc....

My anti-virus has expired, so I need to desperately
download all the fixes from Windows Update onto a CD (as I
cannot browse the web) and apply these fixes to get rid of
the viruses.

Can you please tell me what I should burn onto CD to make
my machine work. I will be using a CD burner on another
machine to do this task.

Thanks.

skc
 
The WU alone will not get rid of the virus, I have included links on Sasser &
Blaster as well as where to get the WU. Good luck.
Kaylene


Windows Update
You can download them from the Catalog and save to be installed later.
http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
How to Download Windows Updates and Drivers from the Windows Update Catalog
http://support.microsoft.com/?kbid=323166
Roll up link
http://support.microsoft.com/?kbid=826939

Search for a download
http://www.microsoft.com/downloads/search.aspx?displaylang=en

Windows Security Update CD
http://www.microsoft.com/security/protect/cd/order.asp
The CD includes Microsoft critical updates released through October 2003
(and SP4 for Windows 2000 / SP1 for Windows XP) as well as information
to help you protect your PC.
Supports Windows XP, Windows Me, Windows 2000, Windows 98, and
Windows 98 Second Edition (SE).





Sasser:
Links about the virus:
http://www.microsoft.com/security/incident/sasser.asp
http://www.updatexp.com/sasser-worm.html
http://www3.telus.net/dandemar/sasser.htm

To stop shutdown, click Start, click Run and type: shutdown -a
then click OK.

Removal tools available here:-
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125008
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

For technical details on Sasser and manual steps to remove
http://www.microsoft.com/technet/security/alerts/sasser.mspx

or

http://www.microsoft.com/security/incident/blast_faq.asp
Blaster Worm FAQ

1. CTRL-ALT-DELETE to bring up the Task Manager. Look for msblast.exe and select
it and End Process. This will stop the computer from shutting down.
It doesn't remove the worm.

To enable your firewall :
- Click Start
- Click Control Panel
- Double Click "Network Connections"
- Right-click on your Dial up Connection, then left click 'Properties'
- Left Click 'Advanced' Under "Internet Connection Firewall" tick the box
'Protect my computer and networking by limiting or preventing access to this
computer from the internet'
- Click Ok and Close the "network connections" box.
You can then connect to the Internet and download the Microsoft relevant patch.

You could also try:
Click Start/Run then type in cmd
and then type in : shutdown -a
Do this when the shutdown prompt appears.

W32.Blaster.Worm patch is available here:-
The most recent patch is KB828741, MS04-012:
Cumulative Update for Microsoft RPC/DCOM, which is directly available here:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx This
supersedes 824146
You must download and install the patch. In many cases, you will need to do this
before you can continue with the removal of the worm.
Because of the way the worm works, it may be difficult to connect to the
Internet to obtain the patch, definitions, or removal tool before the worm shuts
down the computer. It has been reported that, for users of Windows XP,
activating the Windows XP firewall may allow you to download and install the
patch, obtain virus definitions, and run the removal tool. This may also work
with other firewalls, although this has not been confirmed.

2. You can download the Symantec Removal Tool from here
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
or you can visit this site to assist in the removal of the worm
http://www3.ca.com/virusinfo/virus.aspx?ID=36265
To download ClnPoza.zip - a utility that cleans a local machine affected by
Win32.Poza,
or this site for assistance: http://www.kellys-korner-xp.com/xp_qr.htm#rpc

http://www.updatexp.com/cryptographic-service.html
For information on the Cryptographic Services



Start the RPC Service
1. Click Start, point to Programs, point to Administrative Tools, and then click
Computer Management.
2. Double-click Services and Applications, click Services, and then double-click
Remote Procedure Call (RPC).
3. In the Startup type dialog box, click Automatic, click OK, and then restart
your computer.
NOTE: If the RPC Service is disabled, you may need to use the Recovery Console.
In Recovery Console, run Enable RPCSS Service_Auto_Start, and then restart your
computer.
 
Back
Top