1. All the server letter permissions remain Administrators
2. Server and Computer Browser and distributed File System in service and workstation these services are disabled
3. Uninstall Shell.Application components: regsvr32/u c:\windows\system32\shell32.dll
4. C:\Documents and Settings and C:\Documents and Settings\All Users
Full permissions to Administrators and system
5. Remove all C:\WINDOWS\regedit.exe permissions. Add an administrator permission
6. Remove all C:\WINDOWS\system32\cmd.exe permissions. Add an administrator permission
7. Remove all C:\WINDOWS\system32\net permissions, add Administrator privileges
Remove all C:\WINDOWS\system32\net1 permissions, add Administrator permissions
8. Display system Folders C:\WINDOWS\system32\dllcache
Remove all C:\WINDOWS\system32\dllcache\net permissions, add Administrator permissions
Remove all C:\WINDOWS\system32\dllcache\net1 permissions, add Administrator permissions
Remove all C:\WINDOWS\system32\dllcache\regedit.exe permissions. Add an administrator permission
9. If the server is fitted with sqlserver2000 then the/mssql/bin/xplog70.dll and/mssql/bin/xpweb70.dll renamed in his installation directory are not 1433 back to the overflow intrusion.