Re: DCOM

["gregh" <chows () ozemail com au>]

> ----- Original Message ----- 
> From: /m 
> To: full-disclosure () lists netsys com 
> Sent: Tuesday, August 12, 2003 6:24 AM
> Subject: Re: [Full-disclosure] DCOM


> one of my boxes got dcom'd up last night.


You might be interested in http://vil.nai.com/vil/stinger/ where you can download Stinger which, copied direct from the 
web site, says:

-------------

Download Stinger.exe v1.8.0 [697,351 bytes] (8/11/2003) 
or Download ePOStg179.Zip EPO deployable version (for EPO administrators) of Stinger v1.7.9. (version 1.8.0 with 
detection for W32/Lovsan.worm will be released shortly). 

This version of Stinger includes detection for all known variants, as of August 11, 2003: 
BackDoor-AQJBat/Mumu.wormIPCScan
IRC/Flood.apIRC/Flood.biIRC/Flood.cd
NTServiceLoaderPWS-SincomW32/Bugbear@MM
W32/Deborm.worm.genW32/Elkern.cavW32/Fizzer.gen@MM
W32/FunLoveW32/KlezW32/Lirva
W32/LovgateW32/Lovsan.wormW32/Mimail@MM
W32/MoFei.wormW32/Mumu.b.wormW32/Nimda
W32/Sdbot.worm.genW32/SirCam@MMW32/Sobig
W32/SQLSlammer.wormW32/Yaha@MM

-------------


Might be of some use to all here. I like it better than Symantec removal tools as it knows multiple tools in one hit 
and does whatever it can for them all in one pass rather than downloading a tool per new nasty.

BTW, I am not promoting them, just find running ONE removal tool for multiple things easier. Probably because I am 
lazy! ;-}

Greg.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html