Software » Windows OS

ID #1039

Performing a Safe (virus-free) Install with Microsoft Windows NT® 4.0/2000/XP/Server™ 2003 Operating System

We have noticed that some people have had problems with the Blaster virus and its variants during operating systems installs for class and personal use.

Here are our recommendations for a safe install and instructions for cleaning system that may have become infected with the Blaster or Naachi virus.

Install the operating system with the network cable unplugged. After the install is complete turn on the Internet Connection Firewall (ICF). For information on how to enable the ICF read:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/hnw_enable_firewall.asp

Apply all of your Windows updates and learn more about what Microsoft suggests you do to protect yourself here:
http://www.microsoft.com/security/incident/blast.asp

Install the UW antivirus software (freely available to students/staff/faculty) and be sure to update it after the install:
http://www.washington.edu/computing/software/uwick/contents.html

IF YOU HAVE ALREADY BECOME INFECTED and your system is continually shutting down you can stop this by quickly opening a command prompt shell (Start --> Run…: cmd.exe) and typing ‘shutdown –a’ to abort the system shutdown once it displays the warning that the system will shut down in XX number of seconds.

The next step is to clean your system.

Try scanning with the Stinger tool, which is available for free here:
http://vil.nai.com/vil/stinger/

If you are nervous and not sure that your system is clean and safe to use you may elect to just start from scratch and re-install following the above safeguards so you do not get re-infected.

Once your system is clean you may need to also unblock your Ethernet wall port if you are at the University of Washington campus because UW Computing & Communications scans for systems infected with the Blaster and variants. They will limit internet access on the port that an infected system is plugged into so that you can only access UW sites. This will cause problems even when an uninfected system is running on that port and may require you or the next user of that port to seek help.

To unblock the port yourself or to check if it is blocked visit:
http://unblock.cac.washington.edu

Last update: 2005-04-13 12:55
Author: Joshua Ayson
Revision: 1.0

Print this record Print this record
Show this as PDF file Show this as PDF file
Export as XML-File Export as XML-File

Please rate this entry:

Average rating: 5 from 5 (3 Votes )

completely useless 1 2 3 4 5 most valuable