[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001301c36097$c8a91c00$6401a8c0@navi>
From: gml at phrick.net (gml)
Subject: what to do
I've been doing this:
1. patch the machine
2. remove registry entries containing "msblast.exe"
3. reboot
4. remove msblast.exe
It's worked out so far. Yes I agree I wish people would listen when you
tell them to patch. I have it on good authority that firewalls can't stop
stupidity, I guess we're lucky this one wasn't also a mass mailing worm.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Calvyn
Sent: Tuesday, August 12, 2003 1:16 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] what to do
I'm was just working with my 15 year old niece in NJ, through IM, to
help her keep her WinXP PC from rebooting every minute. She had 2 copies
of msblast.e x e on her PC. One was delete-able the other we had to
reboot into safe mode to delete. After deleting the last e x e her unit
is NOT rebooting. I have since had her update her unit and disable DCom.
Amazing how kids never listen to you when you ask them to update their
PCs..
-Calvyn-
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of akbara
Sent: Tuesday, August 12, 2003 1:52 AM
To: Gabe Arnold; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] what to do
has she tried booting into safe mode ?
then removing the msblast or what not program ?
-akbara
----- Original Message -----
From: "Gabe Arnold" <f0x@...irrelsoup.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, August 11, 2003 7:57 PM
Subject: Re: [Full-Disclosure] what to do
> Don't use windose sounds like a solution to me...
> * Justin Shin (zorkshin@...pabay.rr.com) wrote:
> > Hi All --
> >
> > My cousin recently got a nasty RPC/DCOM worm and she cannot use
> > Windows
update because when the RPC is shutdown, SYSTEM automatically initiates
a shutdown of the computer as you are all aware of. What is the best
solution to keep data files intact while removing this worm? I have
tried going to the Registry Run, no entries ar ethere besides legitimate
startup stuff. Any suggestions?
> >
> > -- Justin
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists