IT Help Central - Division of Information Technology
Texas Tech University

HELP!!!

IT Help Central

[ Hours of Operation ]
[ Safe Computing ]
[ Customer Survey ]
[ Security Bulletins ]
[ Instructions ]
[ Request Assistance ]
[ Our Team ]
[ Employment ]
[ Strategic Plan ]
[ Site Map ]

Related Sites

[ Texas Tech ]
[ IT Division ]
[ High Tech ]
[ Raiderlink ]
[ Computer Labs ]
[ Training ]
[ TTUHSC Help Desk ]
[ Network Access ]

General Info

[ New Students ]
[ Text-Only Version ]
[ Buying the Right Computer ]

 

ASC
Room 101
2903 4th Street

W32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).

  • Customers running Norton Internet Security 2005 AntiSpyware Edition and Symantec AntiVirus Corporate Edition 10.x can make use of the product's remediation functionality to remove this risk.
     
  • While computers running Windows 95/98/Me/NT4/XP operating systems cannot be infected remotely, it is possible they could be infected if the threat is executed locally (although this is an unlikely occurrence).  Vulnerable Windows 2000 computers could then be infected by the compromised computer.

It is recommended that you view the full article related to this vulnerability at Symantec.com

Quick Fix Instructions

  1. Download the FixEsbot.exe file from IT Help Central.
  2. Save the file to a convenient location, such as your download folder or the Windows desktop (or removable media that is known to be uninfected, if possible).
  3. Close all programs before you run the tool.
  4. If you are on a network or have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  5. If you are running Windows Me or XP, disable System Restore. Please refer to the section "System Restore option in Windows Me/XP" for additional details.

    NOTE: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
     
  6. Double-click the FixEsbot.exe file to start the removal tool.
  7. Click Start to begin the process, and then allow the tool to run.
  8. Restart the computer.
  9. Run the removal tool again to ensure that the system is clean.
  10. If you are running Windows Me or XP, then re-enable System Restore.
  11. Run Live Update to make sure that you are using the most current virus definitions.

    NOTE: The removal procedure might be unsuccessful if Windows Me/XP System Restore is not disabled as previously directed because Windows prevents System Restore from being modified by outside programs. Because of this, the removal tool might fail.

 For specific details on each of these steps, please follow this link.
Call for Help 742-4357
Copyright 2008 Texas Tech University, All Rights Reserved.
Maintained by: Information Technology Division.
TTU Compliance with the Digital Millennium Copyright Act,
TTU Privacy Policy, Texas Public Information Act
Contact: Webmaster.
Updated: February 21, 2006. 		Report abuses using the following links:

Unsolicited Bulk Email (UBE/UCE)/Spam.
Copyright Violations.