The point Enoch was making is that the file is read-only as it is dropped and the original script did not include the true statement to force-delete the file. Dennis -----Original Message----- From: Rob Shein [mailto:shotenat_private] Sent: Monday, August 18, 2003 4:41 PM To: 'Ansgar Wiechers'; Laudie, Enoch A. Cc: incidentsat_private Subject: RE: mod to "killblast.vbs" script Only if that's how Blaster works too. The point here isn't to use proper programming practices, but to copy the practices used by the worm. > -----Original Message----- > From: Ansgar Wiechers [mailto:bugtraqat_private] > Sent: Saturday, August 16, 2003 2:38 PM > To: Laudie, Enoch A. > Cc: incidentsat_private > Subject: Re: mod to "killblast.vbs" script > > > On 2003-08-14 Laudie, Enoch A. wrote: > > The recently posted "killblast.vbs" script needs a slight mod. > > > > This line: > > > > fso.DeleteFile "c:\winnt\system32\msblast.exe" > > > > should be > > > > fso.DeleteFile "c:\winnt\system32\msblast.exe", true > > > > so as to delete "read only" files also. > > To make an additional suggestion: > > I am not familiar with VBS, but I assume that one could use > environment variables with it, too, so I guess it would be a > good idea to use "%SystemRoot%" instead of "C:\WINNT". > > Regards > Ansgar Wiechers > > -------------------------------------------------------------- > ------------- > Captus Networks - Integrated Intrusion Prevention and Traffic > Shaping > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Automatically Control P2P, IM and Spam Traffic > - Ensure Reliable Performance of Mission Critical Applications > - Precisely Define and Implement Network Security and > Performance Policies **FREE Vulnerability Assessment Toolkit > - WhitePapers - Live Demo Visit us at: > http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 > -------------------------------------------------------------- > -------------- > > ------------------------------------------------------------------------ --- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 21:14:58 PDT