Patch instructions for Nachi Worm

Generally, cleanup will consist of:

1) Updating antivirus signatures and running a full system scan to confirm
the presence of the worm;

2) Running a tool to remove the worm (Symantec has one, as do other AV
software vendors);

Removal tools

\\pseekits\DesktopTools\AV%20Tools\Symantec
or
http://pseekits.fnal.gov/desktoptools/AV%20Tools/Symantec/

3) Installing Microsoft's patch for the RPC vulnerability;

MS03-026 patch

NT - \\pseekits\fermi-rollup\nt\MS03-026-NT-Q823980i.EXE or
http://pseekits.fnal.gov/fermi-rollup/nt/MS03-026-NT-Q823980i.EXE

NT TSE - \\pseekits\fermi-rollup\nt\MS03-026-TSE-Q823980i.EXE or
http://pseekits.fnal.gov/fermi-rollup/nt/MS03-026-TSE-Q823980i.EXE

W2K -
\\pseekits\fermi-rollup\w2k\MS03-026-Windows2000-KB823980-x86-ENU.exe or
http://pseekits.fnal.gov/fermi-rollup/w2k/MS03-026-Windows2000-KB823980-x86-
ENU.exe

XP -
http://pseekits.fnal.gov/fermi-rollup/xp/MS03-026-WindowsXP-KB823980-x86-ENU
.exe


4) Re-running a full system scan to confirm removal of the worm;

The GCSC or desktop admin should then contact computer_security to have the
network block removed (these are likely to be done in batches).

-- Mark K.

List of GCSC's:

Tim Zingelman   BD
Mike Diesburg   D0
Joe Klemencic   BSS
Matt Arena      ESHS
Ken Fidler      FESS
Allen Forni     PPD
Robert Harris   CDF
John Konc       TD
Jud Parker      DIR
Karen Carew     PPD     Deputy
Greg Cisko      D0      Deputy
Scott Nolan     BSS     Deputy
Ping Wang       TD      Deputy
Kevin Williams  LSS     Deputy
Brian Drendel   BD      Deputy

(/pre>

    
Dane D. Skow
Last modified: Fri Aug 22 14:56:33 CDT 2003