W32.Esbot.C

About           Removal Tool          Disable System Restore in XP

ABOUT
(From Symantec)

W32.Esbot.C is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability allowing a remote attacker access to the compromised computer.  On the TTU campus Windows 2000 machines which have not been updated to SP4 are vulnerable.
 

REMOVAL

From Symantec's Web site:

1. Important: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP
2. Download the Removal Tool to your computer and save it to a location you can find such as your desktop.
3. Close all programs before running the tool.
4. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
5. If you are running Windows XP, disable System Restore (see instructions below).
6. Double-click the file to start the removal tool.
7. Restart the computer.
8. Run the removal tool again to ensure that the system is clean.
9. If you are running Windows XP, next re-enable System Restore (see instructions below).
10. Reconnect to the network.
11. Update your Windows 2000 system to Service Pack 4 and check for any additional Critical Updates.

Remember to keep all virus definitions up to date and download all Critical Updates from Microsoft for your operating system.

Disabling System Restore in Windows XP

• Click Start.
• Right-click My Computer
• Select  Properties from the floating menu.
• Click the System Restore tab.
• Select Turn off System Restore check box.
• Click Apply.
• Click Yes in message box.
• Click OK.

After the worm is removed, restart your computer and follow the steps above to deselect "Turn off System Restore".

If you need additional assistance, please contact MicroSupport@tntech.edu (372-6315)
or your College MicroSupport contact.