CodeRed and RPC Removal

I wrote this page because I was getting tired of telling people what patches they needed to make their Windows servers and workstations more secure.
Anyway, here is a list of patches for Windows that are required to prevent CodeRed and Nachi from infecting (or spreading from) your machine.

Nachi/Blaster/Welchia

stng380.exe	Run this tool from McAfee to scan and remove these and about 50 other viruses
Windows2000-KB824146-x86-ENU.exe	KB824146 Patch for Windows 2000 Requires Service Pack 3.
WindowsXP-KB824146-x86-ENU.exe	KB824146 Patch for Windows XP (Home or Professional)
WindowsServer2003-KB824146-x86-ENU.exe	KB824146 Patch for Windows 2003 Server
Windows NT 4.0 Server/WorkStation	You need a patch! Upgrade your system, or contact me if you really need it.

Instructions:	Download and run "The Stinger" program. Reboot when finished.
	Download and install the appropriate RPC patch for your operating system.
	Visit: http://windowsupdate.microsoft.com/ and download all of the recommended patches.

Notes on Nimda: These patches should stop nimda from infecting your server.
If you have the Nimda virus on your machine, pull the plug and format the drive. It is the only real way to get rid of the virus.

General IIS Notes: I would suggest deleting the IIS "Scripts" directory. This usually lives in: C:\InetPub.
This directory has execute permissions, and is the key secret to how your machine can be infected with the CodeRed and Nimda viruses.

Windows NT 4.0 Server (IIS 4.0)

Service Pack 6a	Download from Microsoft. (Standard Encryption, Intel, Enlish)
1-CodeRed-nt4-q300972i.exe	Uncheck buffer overflow fix (Intel only)
2-nt4-prmcan4i.exe	File Permission Canonicalization fix (Intel only)

Instructions:	Download and install ServicePack 6a from Microsoft. Reboot when finished.
	Download 1-CodeRed-nt4-q300972i.exe and 2-nt4-prmcan4i.exe
	Install both patches, in order (CodeRed before prmcan) and reboot after prmcan finishes.

Windows 2000 Server (IIS 5.0)
Windows 2000-SP3 May Include these patches.

Service Pack 2	Download from Microsoft. This is the network install (101meg)
0-CodeRed-2K-q300972_w2k_sp3_x86_en.exe	Unchecked buffer overflow fix (Intel only)
1-q296576_w2k_sp2_x86_en.exe	Another unchecked buffer overflow fix in IIS 5.0 (Intel only)
2-q293826_w2k_sp3_x86_en.exe	Pattern matching Function causes access violation (Intel only)
3-q304135_w2k_sp3_x86_en.exe	Double-byte field name is improperly encoded (Intel only)
4-q294831_w2k_sp3_x86_en.exe	Server.HTMLEncode and Server.URLEncode Corrupt UTF8 Characters (Intel only)
5-Q269862_W2K_SP2_x86_en.EXE	File Permission Canonicalization fix (Intel only)

Instructions:	Download and install ServicePack 2 from Microsoft. Reboot when finished.
	Download all 6 files above. There were originally downloaded from Microsoft.
	Install all of the patches above, in the order listed.
	You can run each patch (in order) and only reboot once.
	One of the Windows 2000 patches may be superceded by SP2. This is OK.

Additional Resources:
University of Buffalo, CodeRed page.
Network Associates CodeRed information.
Network Associates Nimda information.