Full Disclosure mailing list archives
Re: what to do
From: Irwan Hadi <irwanhadi () phxby com>
Date: Mon, 11 Aug 2003 21:52:59 -0600
On Mon, Aug 11, 2003 at 07:33:11PM -0400, Justin Shin wrote:
Hi All -- My cousin recently got a nasty RPC/DCOM worm and she cannot use Windows update because when the RPC is shutdown, SYSTEM automatically initiates a shutdown of the computer as you are all aware of. What is the best solution to keep data files intact while removing this worm? I have tried going to the Registry Run, no entries ar ethere besides legitimate startup stuff. Any suggestions?
Go install another Windows on a different hard drive, and mount that partition, backup the data to that hard drive, and reinstall the old hard drive. (you can get a Maxtor 160 GB for $80) Or if you don't want to spend some $$$ for new hard drive, go download Knoppix (Linux), mount the partition, and FTP the files to some temporary place. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- what to do Justin Shin (Aug 11)
- Re: what to do Gabe Arnold (Aug 11)
- Re: what to do akbara (Aug 11)
- RE: what to do Calvyn (Aug 11)
- RE: what to do gml (Aug 11)
- RE: what to do Arian J. Evans (Aug 11)
- Re: what to do gregh (Aug 13)
- Re: what to do KaMiKaTzE (Aug 13)
- Re: what to do akbara (Aug 11)
- Re: what to do Gabe Arnold (Aug 11)