Re: ? Nachi-worm over
From: A (anonymous_at_discussions.microsoft.com)
Date: Tue, 20 Jan 2004 04:27:57 -0800
Take it elsewhere. This a technical support newsgroup, not
>Wow long time no see (or hear !) How are you doing ? Good
to see you around.
>Still taking any photos ?
>PDA Square Content Developer
>"Paul [MSFT]" <email@example.com> wrote in
>> Hi Alec,
>> Regarding your post:
>> | From: "Alec Soroudi" <firstname.lastname@example.org>
>> | Subject: ? Nachi-worm over
>> | Date: Mon, 5 Jan 2004 11:23:12 -0500
>> | Hi,
>> | Well it's 2004 and the Nachi.worm should have
>> | I have heard reports from people that they are still
infected. I have
>> | completed my batch file to remove the Nachi.worm. I
really, really hate
>> | this thing since if you start a clean install of
Windows on a clean hard
>> | drive, then by the time the install is done and you
see the desktop for
>> | first time, you are already infected (with an always-
>> | connection). Plus the worm tries to make you think
that it's part of
>> | Windows.
>> | Anyway, I finally got around to writing the batch
file in about 15
>> | minutes this morning when I got another email from
someone asking me how
>> | they can remove it. I've attached it here as a zip
file. Since it's a
>> | batch file, it's plain text and you can look at what
it does. This is
>> | since you can also learn a few details about the
Nachi.worm: 2 files in
>> | windows\system32: SVCHOST.EXE and DLLHOST.EXE, and 2
>> | them those files: RpcPatch and RpcTftpd. The batch
file removes the
>> | and the services.
>> | HTH
>> | --
>> | Alec S.
>> | alec @ synetech . cjb . net
>> Microsoft has taken steps recently to assist all
connected clients remove
>> Blaster/Nachi related worm files on infected systems.
>> Please review the following:
>> 833330 A tool is available to remove Blaster worm and
>> Blaster Worm FAQ:
>> Blaster Worm Security Bulletin:
>> 826955 Virus Alert About the Blaster Worm and Its
>> 826234 Virus Alert About the Nachi Worm
>> This posting is provided "AS IS" with no warranties,
and confers no
>> Windows XP Security Homepage:
>> Windows 2000 Security Homepage:
>> Top 10 Windows Newsgroups Security Questions:
>> Paul Hayes, MCSE
>> Product Support Services
>> Microsoft Corporation
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.562 / Virus Database: 354 - Release Date: