Re: GPO blaster scripts -- http://www.winona.edu/its/downloads/msblast.htm
From: Schmidt, Tobias E (tschmidt_at_WINONA.EDU)
Date: 08/13/03
- Previous message: Russ: "Re: reports of DCOM worm on the loose...Report #4a"
- Maybe in reply to: Schmidt, Tobias E: "GPO blaster scripts -- http://www.winona.edu/its/downloads/msblast.htm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 10:52:01 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
These scripts which are AD and group policy driven siginificantly help
lager enterprises kill the MSBlast virus. The files currently available
are revised slightly from the previous rev. Here is what the two
scripts to.
1. The computer side script runs when a domain member machine starts.
This script finds the registry entries, any running processes, and the
executable and kills them. When the actual executable is deleted, a
'safe' placeholder file is put in its place. It is only a text file
with an extension of .exe so:
2. When the user logs in, the second script takes over. The script
looks for the same items as the computer script; however will send
notification to logged on user that the patches need to be applied and
provides an IE window with a link to them. The program then loops
indefinetly and checks for the virus every ten seconds. The reason for
this is that may times the machines are being infected; and they restart
before the patches can be applied:( The looping app kills the processes
fast enough to keep this from happening. This process is fairly low
overhead, only consuming 2-3 cpu cycles every ten seconds.
Once the machines are patched, they are good to go. Even if they are
infected before the machine is rebooted, the next boot will clean the
machine.
Toby
-----Original Message-----
From: Schmidt, Tobias E
Sent: Tuesday, August 12, 2003 2:10 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: GPO blaster scripts --
http://www.winona.edu/its/downloads/msblast.htm
http://www.winona.edu/its/downloads/msblast.htm
For those of you suffering and have a solid understanding of AD and
group policy, these two scripts can help ease your pain. It should kill
the virus long enough to get it patched.
Tobias Schmidt
Winona State University
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now,
for a limited time, you can save 33% off of the TICSA certification
exam! To learn more about the TICSA certification, and to register as a
TICSA candidate online, just go to
http://www.trusecure.com/offer/s0100/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Re: reports of DCOM worm on the loose...Report #4a"
- Maybe in reply to: Schmidt, Tobias E: "GPO blaster scripts -- http://www.winona.edu/its/downloads/msblast.htm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
