Re: UPDATE : ? Nachi.worm over
From: Alec S. (a_at_a.com)
Date: 01/07/04
- Next message: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Previous message: Zvi Netiv: "Re: Virus?"
- In reply to: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Next in thread: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Reply: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 7 Jan 2004 03:00:20 -0500
I mean the patch, not the removal tool. The patch that prevents
Nachi.worm infection (probably another buffer under/overrun) should be
available on WindowsUpdate.
-- Alec S. alec @ synetech . cjb . net e "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:#3knxYM1DHA.1740@TK2MSFTNGP12.phx.gbl... > Nope. > > I found out about on the XP General forum. > > Dave > > > > "Alec S." <a@a.com> wrote in message news:uNwpsFM1DHA.2388@TK2MSFTNGP09.phx.gbl... > | I just got the removal tool. My batch file is also simpler, smaller, > | and 1 easy little file. Leave it to Microsoft to complicate things. Isn't > | the patch available separately in WindowsUpdate? ;) > | > | > | -- > | Alec S. > | alec @ synetech . cjb . net > | > | > | e > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > | news:u46wQQL1DHA.2528@TK2MSFTNGP09.phx.gbl... > | > Microsoft Knowledge Base Article - 833330 > | > A tool is available to remove Blaster worm and Nachi worm infections from > | computers that are > | > running Windows 2000 or Windows XP > | > > | > http://support.microsoft.com/?kbid=833330 > | > > | > Dave > | > > | > > | > > | > "Alec Soroudi" <a@a.com> wrote in message > | news:OGpOth60DHA.2700@TK2MSFTNGP11.phx.gbl... > | > | < I always forget to attach files... :| > > | > | > | > | > | > | Hi, > | > | > | > | Well it's 2004 and the Nachi.worm should have deleted itself. > | However, > | > | I have heard reports from people that they are still infected. I have > | > | completed my batch file to remove the Nachi.worm. I really, really hate > | > | this thing since if you start a clean install of Windows on a clean hard > | > | drive, then by the time the install is done and you see the desktop for > | the > | > | first time, you are already infected (with an always-on-Internet > | > | connection). Plus the worm tries to make you think that it's part of > | > | Windows. > | > | > | > | Anyway, I finally got around to writing the batch file in about 15 > | > | minutes this morning when I got another email from someone asking me how > | > | they can remove it. I've attached it here as a zip file. Since it's a > | > | batch file, it's plain text and you can look at what it does. This is > | good > | > | since you can also learn a few details about the Nachi.worm: 2 files in > | > | windows\system32: SVCHOST.EXE and DLLHOST.EXE, and 2 services associated > | > | them those files: RpcPatch and RpcTftpd. The batch file removes the > | files > | > | and the services. > | > | > | > | > | > | HTH > | > | > | > | -- > | > | Alec S. > | > | alec @ synetech . cjb . net > | > | > | > | > | > | > | > | > | > > | > > | > | > >
- Next message: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Previous message: Zvi Netiv: "Re: Virus?"
- In reply to: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Next in thread: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Reply: David H. Lipman: "Re: UPDATE : ? Nachi.worm over"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
