NIMDA Removal

From: Isherwood Jeff C Contr AFRL/IFOSS (Jeffrey.Isherwood@rl.af.mil)
Date: 09/19/01


Message-ID: <50D01D71BB8CD411AD850000D11B4B45B1CA63@FSJREZ02.adm.rl.af.mil>
From: Isherwood Jeff C Contr AFRL/IFOSS <Jeffrey.Isherwood@rl.af.mil>
To: incidents@securityfocus.com
Subject: NIMDA Removal
Date: Wed, 19 Sep 2001 10:48:15 -0400


Now that everyone has had a chance to look at it (I'm sure many folks
captured live copies of this bugger).

AV Sites around the world are coming out with tools to fix and remove it. I
hate those tools.

Sat down and went over everything this one does, based on the live sample
and data on the list, as well as a few contributions from other sources. I
think I've got it all down now.

Did I miss anything?






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com