-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes it removes the virtual roots of C and D from the below registry address... \hkey_local_machine\System\CurrentControlSet\Services\W3SVC\Parameters \Virtual Roots Tamer Sahin, feedbackat_private PGP Key ID: 0x51CF215C Fingerprint: 3CEC A96A 11E5 1288 2640 247A 6551 0809 51CF 215C http://www.tamersahin.net - ----- Original Message ----- From: "Russell Fulton" <r.fultonat_private> To: <incidentsat_private> Cc: "Tamer Sahin" <feedbackat_private> Sent: Wednesday, August 15, 2001 12:48 AM Subject: tamersahin.net Code Red Cleaner v1.0 > > On Tue, 14 Aug 2001 12:24:04 +0300 Tamer Sahin > <feedbackat_private> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Code Red Cleaner first try to detect if Code Red Worm is active > > in memory and report it. After that if worm is discovered it > > finds files of worm on the disk and clean-all them. > > > > It stops the IIS, removes the execute permission of some > > directories on registry and if sp2 is installed it applies the > > appropriate patches. > > > > It detects Code Red I,II,III versions and clean up them. > > > > Download: > > http://www.tamersahin.net/downloads/cr.zip > > Does this tool deal with the metabase issues that leave C and D > drives mapped on IIS restart? > > Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO3mFJWVRCAlRzyFcEQKOCQCdGfL7TXwPB1wdcxxO9Uy51O+0gVoAoL5S HTAkkbAjvmxSZ9EXZLNwdDht =JnMh -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 16:42:53 PDT