Full Disclosure mailing list archives
RE: what to do
From: "gml" <gml () phrick net>
Date: Tue, 12 Aug 2003 02:05:50 -0400
I've been doing this: 1. patch the machine 2. remove registry entries containing "msblast.exe" 3. reboot 4. remove msblast.exe It's worked out so far. Yes I agree I wish people would listen when you tell them to patch. I have it on good authority that firewalls can't stop stupidity, I guess we're lucky this one wasn't also a mass mailing worm. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Calvyn Sent: Tuesday, August 12, 2003 1:16 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] what to do I'm was just working with my 15 year old niece in NJ, through IM, to help her keep her WinXP PC from rebooting every minute. She had 2 copies of msblast.e x e on her PC. One was delete-able the other we had to reboot into safe mode to delete. After deleting the last e x e her unit is NOT rebooting. I have since had her update her unit and disable DCom. Amazing how kids never listen to you when you ask them to update their PCs.. -Calvyn- -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of akbara Sent: Tuesday, August 12, 2003 1:52 AM To: Gabe Arnold; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] what to do has she tried booting into safe mode ? then removing the msblast or what not program ? -akbara ----- Original Message ----- From: "Gabe Arnold" <f0x () squirrelsoup net> To: <full-disclosure () lists netsys com> Sent: Monday, August 11, 2003 7:57 PM Subject: Re: [Full-disclosure] what to do
Don't use windose sounds like a solution to me... * Justin Shin (zorkshin () tampabay rr com) wrote:Hi All -- My cousin recently got a nasty RPC/DCOM worm and she cannot use Windows
update because when the RPC is shutdown, SYSTEM automatically initiates a shutdown of the computer as you are all aware of. What is the best solution to keep data files intact while removing this worm? I have tried going to the Registry Run, no entries ar ethere besides legitimate startup stuff. Any suggestions?
-- Justin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- what to do Justin Shin (Aug 11)
- Re: what to do Gabe Arnold (Aug 11)
- Re: what to do akbara (Aug 11)
- RE: what to do Calvyn (Aug 11)
- RE: what to do gml (Aug 11)
- RE: what to do Arian J. Evans (Aug 11)
- Re: what to do gregh (Aug 13)
- Re: what to do KaMiKaTzE (Aug 13)
- Re: what to do akbara (Aug 11)
- Re: what to do Gabe Arnold (Aug 11)