[Cialug] OT: New Windows worm is complex and nasty!
Dave Weis
djweis at internetsolver.com
Wed Dec 31 10:02:14 CST 2008
Looks like it's easy to remove:
> It then copies itself as the following files:
>
> * %ProgramFiles%\Internet Explorer\[RANDOM FILE NAME].dll
> * %ProgramFiles%\Movie Maker\[RANDOM FILE NAME].dll
> * %System%\[RANDOM FILE NAME].dll
> * %Temp%\[RANDOM FILE NAME].dll
> * C:\Documents and Settings\All Users\Application Data \[RANDOM FILE NAME].dll
Just go to those directories and
del *.dll
Problem solved!
Nathan C. Smith wrote:
> Apparently discovered yesterday.
> It tunes some parameters to spread faster and puts hooks into network-accessible drives to load from there in the future.
>
> http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=2
>
>
> -Nate_______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
--
Dave Weis
Internet Solver
Your Technology Partner
515-224-9229
www.internetsolver.com
More information about the Cialug
mailing list