> So far I've been doing the following: > > 1. Patch the server. > > 2. Remove root.exe from the web directories. > > 3. Remove explorer.exe from c: and/or d: > > 4. reboot. > > My main question is do you need to mess with the registry keys that it > alters? Are these reset on reboot or do you need to set them to some > value? If so what values? Or delete them all together? If you want to be sure the machine is clean you need to wipe it and start from scratch. Unlike CR1, CR2 leaves a back door, and you don't know what other things have been done using that backdoor. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:44:47 PDT