Click an option to access your email, manage your account, and access other login screens HELP DESKFAQSINFORMATION TECHNOLOGYCONTACT US  
space
space
space
  
Advanced search
 
Related Links
(outside this site)

CMU Home
 

[spacer]   [spacer]  
[spacer] Help Desk:
Viruses/Worms		 [spacer] Information Technology Logo

   
 
 
[spacer]




Removal instructions for W32/Lovsan

Applies to operating systems:

  • Windows NT
  • Windows 2000
  • Windows XP
Symptoms for this virus include:
  • RPC, TFTP, or SRVHost errors
  • Unexplained Reboots
  • McAfee Alerts
  • Presence of unusual TFTP* files
  • Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory

Removal Instructions (brief):
  • Install the appropriate Windows RPC security patch for your Operating System. This patch will fix a vulnerability with windows that this, and other viruses, take advantage of.
  • Use Stinger, a free virus scanner from McAfee, to scan and remove any occurrences of this virus.
  • Update your current virus scanner with the latest virus definitions. If you take advantage of the CMU site license for McAfee, the latest virus definitions (DAT files) are sent via SMS and available through the IT Web Site.

Removal Instructions (details):
To clean the virus and avoid re-infection, download to your desktop and install the following files in the order listed below. Choose the appropriate operating system and language for your machine when applicable. (Your machine will restart upon installation of the RPC Patch; you may wish to bookmark this page.)

1. Appropriate Windows RPC patch(es) for your system(s):
 
Note! Call the CMU Help Desk, 989-774-3662, to obtain the passwords to download this software from the CMU server. Alternatively, you can download the patches directly from the Microsoft site listed below.
These patches are also available from:
http://www.microsoft.com/technet/
treeview/default.asp?url=/technet/security/
bulletin/MS03-026.asp


2. McAfee AVERT Stinger (anti-virus software)
 
Note! Call the CMU Help Desk, 989-774-3662, to obtain the passwords to download this software from the CMU server. Alternatively, you can download Stinger directly from the NAI site listed below.

Stinger is a "stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system." Stinger utility also available from http://vil.nai.com/vil/stinger/


3. Latest SuperDAT/DAT files for your system:
From CMU IT site: http://www.oit.cmich.edu/secured/helpdesk_download_ctr.asp#virusscan
These files are also avialable from NAI site:
http://www.networkassociates.com/us/downloads/updates/


Additional Information:


 

 [spacer]
Central Michigan University wordmark
[spacer]
Site Map | Contact Webmaster
Office Of Information Technology, 208 Warriner Hall
Help Desk phone: (989) 774-3662 | IT phone (989) 774-1474 

Central Michigan University
Mount Pleasant, Michigan 48859 - (989) 774-4000
Search / Directories / Contact CMU's Webmaster / AA/EO / Privacy Policies /
Web Policy Copyright © Central Michigan University

 		 [spacer]