Security Incidents mailing list archives
Re: tamersahin.net Code Red Cleaner v1.0
From: "Tamer Sahin" <feedback () tamersahin net>
Date: Wed, 15 Aug 2001 01:08:05 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes it removes the virtual roots of C and D from the below registry address... \hkey_local_machine\System\CurrentControlSet\Services\W3SVC\Parameters \Virtual Roots Tamer Sahin, feedback () tamersahin net PGP Key ID: 0x51CF215C Fingerprint: 3CEC A96A 11E5 1288 2640 247A 6551 0809 51CF 215C http://www.tamersahin.net - ----- Original Message ----- From: "Russell Fulton" <r.fulton () auckland ac nz> To: <incidents () securityfocus com> Cc: "Tamer Sahin" <feedback () tamersahin net> Sent: Wednesday, August 15, 2001 12:48 AM Subject: tamersahin.net Code Red Cleaner v1.0
On Tue, 14 Aug 2001 12:24:04 +0300 Tamer Sahin <feedback () tamersahin net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Code Red Cleaner first try to detect if Code Red Worm is active in memory and report it. After that if worm is discovered it finds files of worm on the disk and clean-all them. It stops the IIS, removes the execute permission of some directories on registry and if sp2 is installed it applies the appropriate patches. It detects Code Red I,II,III versions and clean up them. Download: http://www.tamersahin.net/downloads/cr.zipDoes this tool deal with the metabase issues that leave C and D drives mapped on IIS restart? Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO3mFJWVRCAlRzyFcEQKOCQCdGfL7TXwPB1wdcxxO9Uy51O+0gVoAoL5S HTAkkbAjvmxSZ9EXZLNwdDht =JnMh -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- tamersahin.net Code Red Cleaner v1.0 Tamer Sahin (Aug 14)
- <Possible follow-ups>
- Re: tamersahin.net Code Red Cleaner v1.0 Tamer Sahin (Aug 14)