Remember how this works - an infected machine scans for Win2k machines with the RPC glitch. When it finds one, it exploits it and then downloads a file that looks like a real Windows file - in fact it *is* a real Windows file with a goiter - the goiter is a tftp server. The RPC server is dead because of the exploit - so Windows Update can't do anything with the files it downloaded.

You don't have to have the virus to be attacked - only the RPC problem.

If you can't get behind a firewall, the only possibility is to apply the service pack from CD or D/L the entire file. How many people are going to D/L a file that is 130Mb over the phone? How many people are behind personal firewalls? Not many.

You can't apply the patch to fix the RPC server until Service Pack 3 or better is installed. But you can't install the service pack until RPC server is fixed. It's rather diabolical - and I'm sure a lot of people out there are saying to themselves "my virus software doesn't report any problems so I'm OK" - but you aren't OK unless you have a real-time protector that is looking for the files that are sent to your machine by the exploiter.

(Coincidentally, SP4 just finished installing from behind my Windows 98 firewall, where I am tying this :)

I'm certain that the affected machines are scanning people who connect to windowsupdate.com - as SOON as I would go there, F-Prot reported the file had been downloaded. In a way it was fascinating. All this because people can't use pointers without pricking their fingers.