Re: buddylinks worm

[Alexander Kiwerski <alex () winstar net>]

On Wed, 2004-02-11 at 08:16, Dennis Cheung wrote:
> A friend has gotten infected with this "revolutionary" product.  Has 
> anyone tried removing this thing manually before?  The buddylinks site 
> has a unsubscribe feature that claims to work, but at the moment I am 
> reluctant until I figure out what exactly this thing is.
>
> -Dennis

Well, on Windows 2000 an entry appears in 'Add/Remove Programs' for this
lovely little package.  Removing it there seems to remove it from the
machine and cease the activity, at least on the one workstation here
that got nailed.

Also seems that setting IE to prompt for downloading signed Active-X
controls instead of the default of just downloading them prevents the
install in the first place of course.

Anyone know if people using Netscape, Mozilla or any browser other than
IE get "infected" by this?


/Alex K.



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------