AntiVirus Strategies for CTRs, Instructional Technology Services, SAISD



	IT Services
	Transforming Teaching, Learning, and Leadership through Service

How to get rid of Lovsan/Blaster and Welchi Viruses in 15 minutes

Last Revised 04/18/2005 9:10 AM

View Printable version of the AntiVirus Strategies document and these instructions.

NOTE: Once you have completed the following steps with every Windows XP/2000/NT computer on your campus, contact the HelpDesk to let them know what you have done. They can be reach at 281-9090 or via email at helpdesk@saisd.net

LOVSAN/BLASTER VIRUS REMOVAL

1. Boot up the infected computer. Computers with Deep Freeze just need to be restarted if they are infected. They will return to their original, uninfected configuration. You can safely ignore computers with Deep Freeze on them.

2. If you keep getting the "Shutdown in 60 seconds" dialog, click Start / Run, and execute command 'shutdown -a'

3. Download and save the Fix Blast tool to your desktop. This removes the virus.

4. If you're running Windows XP, Windows System Restore might restore the infection afterwards. Disable it by following these rules: http://www.f-secure.com/v-descs/sfc_dis1.shtml. Be sure to re-enable it after you have restarted your computer.

5. Download and run the Microsoft patch to prevent reinfection.

Download for Windows 2000 from www.microsoft.com:
Get it here

Download for Windows XP from www.microsoft.com:
Get it here

Download for Windows NT4 from www.microsoft.com:
http://www.microsoft.com/security/incident/blast.asp

6. The patch installer will reboot the machine in the end. When the machine reboots, enter SAFE MODE by keeping F8 pressed when the computer screen goes black for a moment, then choose "1) Safe mode"

7. When the computer has booted up in Safe Mode, log in and execute the Fix Blast tool you downloaded in step 3.

8. Reboot normally --re-enabling the Windows System Restore referred to in Step 4--and you're done.Do not turn Deep Freeze back on yet.

WELCHI VIRUS REMOVAL

1) Click on the Fix Welch link and save to your Desktop.

2) Go to the Desktop and run the Fix Welch file from a hard disk to eliminate Welchi worm infection.

2) You can run the utility by double clicking on it on your Desktop.

3) Reboot the system. After restart your system should be clean.

	Copyright 2005 San Antonio ISD. May be reproduced for non-profit, educational use so long as credit is given. Last modified: 04/18/2005
	Visitors since August, 2002 -