Full Disclosure mailing list archives

RE: Removal?

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 3 Feb 2004 14:02:29 -0600

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
axid3j1al axid3j1al
Sent: Tuesday, February 03, 2004 12:03 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Removal?


How do I delete the virus that is not detectable by norton av (latest
definitions)

http://housecall.antivirus.com/


but has the files
c:\windows\system32\f~q\fag.exe
c:\windows\system32\f~q\usr_crt.dll

i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?

regsvr32 /u c:\windows\system32\f~q\usr_crt.dll
del c:\windows\system32\f~q\usr_crt.dll
Ctrl-Alt-Del/Task Manager/Processes
Locate fag.exe and End Process

Get your AV software up to date and keep it that way.
Go to Windows Update and patch to current.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Removal? axid3j1al axid3j1al (Feb 02)
- RE: Removal? Mike (Feb 03)
- Re: Removal? Nico Golde (Feb 03)
- <Possible follow-ups>
- RE: Removal? Schmehl, Paul L (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)
  - RE: Removal? Paul Schmehl (Feb 03)
    - Message not available
    - Re: Removal? Anders (Feb 04)
- RE: Removal? axid3j1al axid3j1al (Feb 03)