Full Disclosure mailing list archives

Re: what to do

From: Irwan Hadi <irwanhadi () phxby com>
Date: Mon, 11 Aug 2003 21:52:59 -0600

On Mon, Aug 11, 2003 at 07:33:11PM -0400, Justin Shin wrote:

Hi All --

My cousin recently got a nasty RPC/DCOM worm and she cannot use Windows update because when the RPC is shutdown, 
SYSTEM automatically initiates a shutdown of the computer as you are all aware of. What is the best solution to keep 
data files intact while removing this worm? I have tried going to the Registry Run, no entries ar ethere besides 
legitimate startup stuff. Any suggestions?


Go install another Windows on a different hard drive, and mount that
partition, backup the data to that hard drive, and reinstall the old
hard drive.
(you can get a Maxtor 160 GB for $80)

Or if you don't want to spend some $$$ for new hard drive, go download
Knoppix (Linux), mount the partition, and FTP the files to some
temporary place.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

what to do Justin Shin (Aug 11)
- Re: what to do Gabe Arnold (Aug 11)
  - Re: what to do akbara (Aug 11)
    - RE: what to do Calvyn (Aug 11)
    - RE: what to do gml (Aug 11)
    - RE: what to do Arian J. Evans (Aug 11)
    - Re: what to do gregh (Aug 13)
    - Re: what to do KaMiKaTzE (Aug 13)
- Re: what to do Irwan Hadi (Aug 12)