If anyone needs the fix for the Code red virus that hit some people this weekend see below. This worm virus is unique in that it resides in RAM. Fortunately we had minimal impact. Regardless, I wish I could get Dr. Spock to do a mind meld on these jerks, to turn them into something more useful, like maybe a door stopper :}. To determine whether you are running vulnerable versions of IIS, ---------------------------------------------------------------------------- --------------------------------- Press Ctrl-Alt-Del and select Task Manager. When the Task Manager window appears, select the Processes tab. Look down the Image Name column of the window that appears. If you see Inetinfo.exe, you are running IIS. If you find you are running IIS 4.0 or 5.0, then do the following: Step 1. Download the patch 1.1 Create a folder anywhere on your hard drive and name it Microsoft-patches so you'll have a place to store this patch and future patches 1.2 Windows 2000 and Windows NT have separate patches. Select the appropriate one and save the file in the folder you created in Step 1.1. � Windows NT version 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833 � Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800 Step 2. Install the patch 2.1 Go to the Microsoft-patches folder you created in Step 1.1 2.2 Find the patch: In Windows NT, the patch is named simply: Q300972i.exe In Windows 2000, it is called: q300972_w2k_sp3_x86_en.exe 2.3 Double click on the patch program 2.4 When it has finished, you will see a small pop-up that shows your system has been updated. Step 3. Reboot your system to clear the worm from RAM By rebooting you not only activate your patch, but you also clean out the worm if you had been previously infected Additional information about the patch and its installation, and the vulnerability it addresses is available at http://www.microsoft.com/technet/security/bulletin/MS01-033.asp. If you are concerned that damage may have been done to your system by the worm, you may wish to follow the recovery procedures documented at http://www.cert.org/tech_tips/root_compromise.html. The patches can only be installed on Windows 2000 and Window NT 4.0 systems that have had recent service packs installed. If your system does not already have the required service pack, the patch installation will produce an error message advising you that the patch will not install on your system. For free download of Windows 2000 Service Pack 2, go to http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.asp. For free download of Window NT 4.0 Service Pack 6a, go to http://www.microsoft.com/ntserver/nts/downloads/recommended/SP6/allSP6.asp. Christi Fortier, VP, MSAS, ICSE, SCSE 1100 Merrill Lynch Drive MSC 0103, Office A1756 ( Bldg 1,3rd floor), Pennington, NJ 08534-4121 ( 609-274-1171 fax) 609-274-0206 , [EMAIL PROTECTED] b)1888Merril 0(888-637-7450) pin Christi Fortier or [EMAIL PROTECTED] ===== To unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] For other info (and scripts), see http://people.mn.mediaone.net/scottrmcleod
DB2EUG: NT IIS/Win 2000 Code Red fix
Fortier, Christi (USPC.PCT.Hopewell) Mon, 06 Aug 2001 11:22:30 -0700
