Just wanted to give a heads up about this virus. It exploits the same hole in security as blaster does, but it is causing our LAN a lot more trouble. The worm appears to not have activated until yesterday, at least on our machines. Some of our machines were already patched with the windows security patch, but still had the worm. When we went to do additional updates today, when the worm was active, we ran into this problem. So I would recommend scanning for the virus before updating any windows 2000 machines, even if they have been patched for a while.
Basically, as far as I can tell, if you try to install any sort of service pack (for win2K) while you have the virus, the install will say it cannot find csrsrv.dll. There doesn't seem to be any fix at this point. If you ignore, continue, or cancel, when windows restarts, it will endlessly reboot or not boot at all. In some cases, you can boot from disk, copy the .dll from a clean computer to the win\sys folder, reboot into windows, clean the virus off, then update again. However, some of our machines will not boot from disk after this error, and we haven't figured out the fix yet.
Removal tool at:
http://securityresponse.symantec.com...nshell.50.html
Hope this helps some of you avoid trouble!
Linear Mode
