IT Help Central - Division of Information Technology
Texas Tech University

HELP!!!

IT Help Central

[ Hours of Operation ]
[ Safe Computing ]
[ Customer Survey ]
[ Security Bulletins ]
[ Instructions ]
[ Request Assistance ]
[ Our Team ]
[ Employment ]
[ Strategic Plan ]
[ Site Map ]

Related Sites

[ Texas Tech ]
[ IT Division ]
[ High Tech ]
[ Raiderlink ]
[ Computer Labs ]
[ Training ]
[ TTUHSC Help Desk ]
[ Network Access ]

General Info

[ New Students ]
[ Text-Only Version ]
[ Buying the Right Computer ]

 

ASC
Room 101
2903 4th Street

W32.Zotob.E is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445.

W32.Zotob.E can run on, but not infect, computers running Windows 95/98/Me/NT4/XP. Although computers running these operating systems cannot be infected, they can still be used to infect vulnerable computers that they can connect to.

Note: Virus definitions version 70816y (extended version 8/16/2005 rev. 25) or greater are required to detect this risk.

It is recommended that you view the full article related to this vulnerability at Symantec.com

Quick Fix Instructions

  1. Download the FixZotob.exe file from IT Help Central.
  2. Save the file to a convenient location, such as your download folder or the Windows desktop (or removable media that is known to be uninfected, if possible).
  3. Close all programs before you run the tool.
  4. If you are on a network or have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  5. If you are running Windows Me or XP, disable System Restore. Please refer to the section "System Restore option in Windows Me/XP" for additional details.

    NOTE: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
     
  6. Double-click the FixZotob.exe file to start the removal tool.
  7. Click Start to begin the process, and then allow the tool to run.
  8. Restart the computer.
  9. Run the removal tool again to ensure that the system is clean.
  10. If you are running Windows Me or XP, then re-enable System Restore.
  11. Run Live Update to make sure that you are using the most current virus definitions.

    NOTE: The removal procedure might be unsuccessful if Windows Me/XP System Restore is not disabled as previously directed because Windows prevents System Restore from being modified by outside programs. Because of this, the removal tool might fail.

 For specific details on each of these steps, please follow this link.
Call for Help 742-4357
Copyright 2008 Texas Tech University, All Rights Reserved.
Maintained by: Information Technology Division.
TTU Compliance with the Digital Millennium Copyright Act,
TTU Privacy Policy, Texas Public Information Act
Contact: Webmaster.
Updated: October 11, 2005. 		Report abuses using the following links:

Unsolicited Bulk Email (UBE/UCE)/Spam.
Copyright Violations.