Re: ? Nachi-worm over

From: A (anonymous_at_discussions.microsoft.com)
Date: 01/20/04


Date: Tue, 20 Jan 2004 04:27:57 -0800

Take it elsewhere. This a technical support newsgroup, not
a chatroom.

>-----Original Message-----
>Paul !
>Wow long time no see (or hear !) How are you doing ? Good
to see you around.
>Still taking any photos ?
>
>--
>Tedd Riggs
>PDA Square Content Developer
>www.pdasquare.com
>
>
>"Paul [MSFT]" <pauly@online.microsoft.com> wrote in
message
>news:3cr4$$u3DHA.1512@cpmsftngxa07.phx.gbl...
>>
>> Hi Alec,
>>
>> Regarding your post:
>>
>> --------------------
>> | From: "Alec Soroudi" <a@a.com>
>> | Subject: ? Nachi-worm over
>> | Date: Mon, 5 Jan 2004 11:23:12 -0500
>> |
>> | Hi,
>> |
>> | Well it's 2004 and the Nachi.worm should have
deleted itself.
>> However,
>> | I have heard reports from people that they are still
infected. I have
>> | completed my batch file to remove the Nachi.worm. I
really, really hate
>> | this thing since if you start a clean install of
Windows on a clean hard
>> | drive, then by the time the install is done and you
see the desktop for
>> the
>> | first time, you are already infected (with an always-
on-Internet
>> | connection). Plus the worm tries to make you think
that it's part of
>> | Windows.
>> |
>> | Anyway, I finally got around to writing the batch
file in about 15
>> | minutes this morning when I got another email from
someone asking me how
>> | they can remove it. I've attached it here as a zip
file. Since it's a
>> | batch file, it's plain text and you can look at what
it does. This is
>> good
>> | since you can also learn a few details about the
Nachi.worm: 2 files in
>> | windows\system32: SVCHOST.EXE and DLLHOST.EXE, and 2
services associated
>> | them those files: RpcPatch and RpcTftpd. The batch
file removes the
>files
>> | and the services.
>> | HTH
>> | --
>> | Alec S.
>> | alec @ synetech . cjb . net
>> |
>>
>> Microsoft has taken steps recently to assist all
connected clients remove
>> Blaster/Nachi related worm files on infected systems.
>>
>> Please review the following:
>>
>> 833330 A tool is available to remove Blaster worm and
Nachi worm
>infections
>> http://support.microsoft.com/?id=833330
>>
>> Blaster Worm FAQ:
>> http://www.microsoft.com/security/incident/blast_faq.asp
>>
>> Blaster Worm Security Bulletin:
>> http://www.microsoft.com/security/incident/blast.asp
>>
>> 826955 Virus Alert About the Blaster Worm and Its
Variants
>> http://support.microsoft.com/?id=826955
>>
>> 826234 Virus Alert About the Nachi Worm
>> http://support.microsoft.com/?id=826234
>>
>> =========
>>
>> This posting is provided "AS IS" with no warranties,
and confers no
>rights.
>>
>> Windows XP Security Homepage:
>> http://www.microsoft.com/windowsxp/security/default.asp
>>
>> Windows 2000 Security Homepage:
>>
http://www.microsoft.com/windows2000/security/default.asp
>>
>> Top 10 Windows Newsgroups Security Questions:
>>
>http://www.microsoft.com/technet/newsgroups/default.asp?
url=/technet/newsgro
>> ups/nodepages/sectop10.asp
>>
>> =========
>> Paul Hayes, MCSE
>> Product Support Services
>> Microsoft Corporation
>> pauly@online.microsoft.com
>>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.562 / Virus Database: 354 - Release Date:
1/16/04
>
>
>.
>