系统要经常升级,这样才能避免这些Worm

This outline is intended for Rice University users whose personal or
home computers are infected with one of the RPC/DCOM worms. These
worms propagate by exploiting a known security bug in Windows NT, 2000
and XP. For specific information on the RPC/DCOM exploit, see

https://www.owlnet.rice.edu/cgi-rice/fom?file=365

If your dial-up account was deactivated due to worm infection, and
dial-up is your only means to access the Internet, you must print out
these instructions and take them home with you. You will also need
several pieces of software and additional instructions as indicated
below. Please read these instructions first and copy the required
files and programs to floppy disks or a CD-R.

(1) If your computer uses Windows ME or XP, you must disable the
"System Restore" function. Instructions are available here:

  http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Print out a copy of those instructions and take them home with you if
your home computer is infected.

(2) Download and install appropriate patches for your operating system
from Microsoft.

For Windows 2000/NT, these two patches must be applied:

  http://www.microsoft.com/technet/security/bulletin/MS03-007.asp
  http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
  (Scroll down to "Patch Availability".)

For Windows XP Home/Pro, a single patch is required:

  http://support.microsoft.com/default.aspx?scid=kb;en-us;826939
  (Scroll down to "Download the 826939 package now.")

If given the choice between 32-bit and 64-bit updates, always choose
the 32-bit version.

If you use your dial-up account to connect to the Internet, and your
dial-up account was deactivated to prevent the virus from propagating,
then you must download the patch utilities on campus and take them home
on a floppy disk or CD-R.

For convenience, I've mirrored the above patches here:

Windows NT/2000:

  ftp://updates.rice.edu/pub/antiv ... mswindows/MS03-007/

  ftp://updates.rice.edu/pub/antiv ... mswindows/MS03-039/

Windows XP:

  ftp://updates.rice.edu/pub/antiv ... mswindows/KB826939/

However, this site is only accessible from the Rice network, Rice dialup
or Rice VPN.  If you use a non-Rice connection, you must go to the
Microsoft site.

(3) Download and run the McAfee Stinger application:

  http://vil.nai.com/vil/stinger/

Perform a full scan with the Stinger utility. This will remove most
RPC/DCOM worms from your operating system. Restart your computer when
the full scan is complete.

As above, if your home computer is infected and your dial-up account
has been deactivated, you must put the Stinger application on a floppy
disc or CD-R and take it home with you.

(4) Install and update antivirus software. Rice University has
licensed McAfee VirusScan for your use. Visit
http://www.rice.edu/IT/hwsw/virus/ for details and a download link.

VirusScan will not fit on a floppy disc; if you do not have network
access at home, you will need to copy the software to a recordable
CD. If you need help making a recordable CD, please contact IT (at
http://problem.rice.edu/) for assistance.

(5) Apply current virus signature updates to McAfee VirusScan. You can
get them from http://www.rice.edu/IT/hwsw/virus/ ; you will also need
to put them on a CD if you do not have network access at home.

(6) Perform a full antivirus scan with the fully-updated version of
VirusScan. If VirusScan finds infected files, instruct it to delete
them.

(7) Restart your computer. It should now be clean and protected from
further infection by RPC/DCOM infector worms. Notify Rice IT via
problem@rice.edu or http://problem.rice.edu/ if you need to reactivate
your dial-up or VPN account. Please mention that you have applied both
required patches and cleaned your computer with Stinger.

(8) Keep your system updated! Security patching and updates are the
first line of defense to protect your Microsoft operating system from
worm and virus infection. Without security updates, future worms and
viruses will infect your computer, and we may have to temporarily lock
accounts again to prevent the spread of infection.
[img]http://www.alex.wh.tu-darmstadt.de/~blackskin/temp/sign_0001.gif[/img] ╭∩╮(︶︿︶)╭∩╮
Share |
Share

TOP