[Cialug] OT: New Windows worm is complex and nasty!

[Jonathan C. Bailey]

jcbailey at hybrid:~$ rm  -r *.dll
rm: cannot remove `*.dll': No such file or directory

Whew. That was a close call. :-D


-Jon

----- Original Message -----
From: "Dave Weis" <djweis at internetsolver.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Wednesday, December 31, 2008 10:02:14 AM GMT -06:00 US/Canada Central
Subject: Re: [Cialug] OT: New Windows worm is complex and nasty!


Looks like it's easy to remove:
> It then copies itself as the following files:
> 
>     * %ProgramFiles%\Internet Explorer\[RANDOM FILE NAME].dll
>     * %ProgramFiles%\Movie Maker\[RANDOM FILE NAME].dll
>     * %System%\[RANDOM FILE NAME].dll
>     * %Temp%\[RANDOM FILE NAME].dll
>     * C:\Documents and Settings\All Users\Application Data \[RANDOM FILE NAME].dll

Just go to those directories and
del *.dll

Problem solved!


Nathan C. Smith wrote:
> Apparently discovered yesterday.
> It tunes some parameters to spread faster and puts hooks into network-accessible drives to load from there in the future.
> 
> http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=2
> 
> 
> -Nate_______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug


-- 
Dave Weis
Internet Solver
Your Technology Partner
515-224-9229
www.internetsolver.com
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug