|
If you are already actively infected by the W32.RemoteExplorer (alias: Remote Explorer)
virus, you should print out this document and follow the following procedure to repair your system for Windows
NT Servers and Workstations.
1. From an uninfected computer, download REREMOVE.EXE. This tool
has been designed to remove W32.RemoteExplorer virus from memory and also inoculate the computer from futher infection
which will help you recover from this virus quicker.
2. Place the tool on a floppy diskette and write protect the diskette.
3. Disconnect the system from the network or disable shared drives so that other systems cannot access the system
to be disinfected.
4. Make sure you are logged in with Administrator access and run tool from the floppy disk. Now
the virus should have been removed from memory and has been disabled. For futher instructions on how to use the tool
in silent mode, run this tool using "/?" parameter.
5. Update the virus definition using the LiveUpdate feature or Intellegent Updater. Intellegent Updater can be
downloaded from this link.
6. Run Norton AntiVirus to repair all infected files and restore the files that have been encrypted by this virus.
You may want to note that Norton AntiVirus has a feature which will check ifself for infection or corruption.
If such a message appears when running NAV, you may have to re-install it from your distribution CD or original
diskettes.
7. Reboot the Windows NT system.
8. Run the tool from the write protected floppy diskette again. The tool will notice that
virus is not in memory and inoculate the system to avoid re-infection from other infected systems. You may also
want to run the tool on systems which have not been infected with W32.RemoteExplorer virus (for both Windows
NT Servers and Workstations) to inocuate them from this virus to prevent infection durning your clean up of this
virus. |
