Code
Red/W32 Nimda.A Clean Up
- Download and install
CodeRedNT4.exe
(Windows NT 4.0) or CodeRed2K.exe
(Windows 2000) patches to remove the buffer overflow vulnerabilities
of IIS.
- For Windows 2000
Service Pack 1 or below only -- download and install VirRoot2K.exe
patch to remove virtual root vulnerability.
You can check your current version of Windows by right-clicking on the "My Computer" icon and clicking the "Properties" tab. If the words "Service Pack 2" are not displayed under the "System:" entry, you need this patch.
- Dowload and run
FixCRed.exe
to remove root.exe from the filesystem and test the server for any other
CodeRed related vulnerability.
- Dowload and run
WebServNT4.exe
(Windows NT 4.0) or WebServ2K.exe
(Windows 2000) to remove an IIS flaw allowing unauthorized access to
your files through IIS.
- Update Symantec
AntiVirus with the latest virus definitions (dated September 18, 2001).
After updating, perform a FULL Scan of all hard drives (i.e.,
C:\, D:\, etc.) in your system and follow the "Removal instructions"
given at http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html.
If you don't currently have Symantec AntiVirus software installed on your system, please go to our Symantec AntiVirus software page for detailed instructions on how to obtain and install this software.
Last
Revised:
May 15, 2007
