Re: buddylinks worm

[Mark Coleman <markc () uniontown com>]

Dennis Cheung wrote:

> A friend has gotten infected with this "revolutionary" product.  Has 
> anyone tried removing this thing manually before?  The buddylinks site 
> has a unsubscribe feature that claims to work, but at the moment I am 
> reluctant until I figure out what exactly this thing is.
>
> -Dennis
Dennis,

Using the information located here (link attached, this is the same link 
I sent to the list already I believe),
our helpdesk has successfully pushed a script that manually removes the 
"infection".  I understand that
they removed at least one Registry key (run), blocked access to the 2 
folders it installs to, killed two executables.
We have been "buddylist free" since 9:45pm last night through this 
manual uninstall script.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007

Good luck...

-Mark Coleman



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------