Obtain McAfee's virus and worm removal tool, Stinger:
http://vil.nai.com/vil/stinger/
1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
reboot your PC.
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results
Install the following patch for the RPC/RPCSS Buffer Overflow Vulnerability that is
addressed by Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146
Please read:
http://www.microsoft.com/security/incident/blast.asp
You also need a FireWall. If you don't patch the PC and not use a FireWall then you will
just be re-infected.
I also suggest the installation of *ALL* MS Critical Updates ASAP.
Dave
| I get Welch worms all the time and usually I can get rid
| of tehm with a Welch fix tool, or quarantine them with
| Norton, but I recently got one on my cvchost.exe file
| that Norton can't quarantine and the Welch tool can't
| even see. Does anyone know how I might be able to fix
| this?
