Re: tamersahin.net Code Red Cleaner v1.0

["Tamer Sahin" <feedback () tamersahin net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes it removes the virtual roots of C and D from the below registry
address...

\hkey_local_machine\System\CurrentControlSet\Services\W3SVC\Parameters
\Virtual Roots

Tamer Sahin, feedback () tamersahin net
PGP Key ID: 0x51CF215C Fingerprint: 
3CEC A96A 11E5 1288 2640 247A 6551 0809 51CF 215C
http://www.tamersahin.net


- ----- Original Message ----- 
From: "Russell Fulton" <r.fulton () auckland ac nz>
To: <incidents () securityfocus com>
Cc: "Tamer Sahin" <feedback () tamersahin net>
Sent: Wednesday, August 15, 2001 12:48 AM
Subject: tamersahin.net Code Red Cleaner v1.0


> On Tue, 14 Aug 2001 12:24:04 +0300 Tamer Sahin 
> <feedback () tamersahin net> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Code Red Cleaner first try to detect if Code Red Worm is active
> > in memory and report it. After that if worm is discovered it
> > finds files of worm on the disk and clean-all them.
> >
> > It stops the IIS, removes the execute permission of some
> > directories on registry and if sp2 is installed it applies the
> > appropriate patches.
> >
> > It detects Code Red I,II,III versions and clean up them.
> >
> > Download:
> > http://www.tamersahin.net/downloads/cr.zip
>
> Does this tool deal with the metabase issues that leave C and D
> drives  mapped on IIS restart?
>
> Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO3mFJWVRCAlRzyFcEQKOCQCdGfL7TXwPB1wdcxxO9Uy51O+0gVoAoL5S
HTAkkbAjvmxSZ9EXZLNwdDht
=JnMh
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com