|
(Page 2 of 3) < Prev 1 2 3 Next > Category: Hostile Code » Removal Code Red II Cleaner Added 2001-10-22 Microsoft has developed a tool that eliminates the obvious damage that is caused by the Code Red II worm. Before running it, ensure that you have read the cautions discussed in the "More Information" page. Code Red v3 (aka Code Red II) Fix Added 2001-10-22 CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box. IIS Worms Detector Added 2001-10-22 IIS Worms Detector scans for Code Red, Code Blue and Nimda Worm locally. Worm Report 1.2 Added 2001-10-22 Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module. Retina Nimda Scanner Added 2001-10-22 The Retina Nimda Scanner is a tool created by eEye Digital Security that is able to scan up to 254 IP addresses at once and determine if any are vulnerable to the "Nimda Worm". If a machine or server is found to be vulnerable to the Nimda Worm, the Retina Nimda Scanner will flag the IP address. The Cleaner Added 2001-10-22 The Cleaner is a trojan scan engine for Windows 95/98/NT/2000 and removes them from your system. The Cleaner uses an original process to uniquely identify files, therefore it can detect trojans which have changed their filename or file size or have attached themselves to other files. BigFix Added 2001-10-22 The BigFix program can give you a heads-up when a virus is detected. It can drastically reduce the number of bugs and conflicts that affect your computer. Using the proprietary Relevance Engine, BigFix can automatically check your computer for bugs, configuration conflicts, and security holes, and let you fix them with a simple mouse-click. Most of the time, BigFix can even alert you to a problem before any damage is done, helping you avoid painful downtime. Anti-Trojan Added 2001-10-22 Kills 84 of the most dangerous Trojans, including the infamous Back Orifice 2000 (BO2K). Anti-Trojan can establish a effective protection against BO without the need of running Anti-Trojan all the time. This tool installs with German language settings - a language pack for English is available for download from the site. An online support forum provides further configuration help. AVDisk Added 2001-10-22 AVDisk enables automatic creation of anti-virus startup disks using popular anti-virus software (F-Prot, AVPLite, AVPDOS32) which can be used to start and disinfect a computer should it be infected by a virus. The program is easy to use and basic help is included for each supported product. CAI InoculateIT Personal Edition Added 2001-10-22 A free powerful antivirus software being given away by Computer Associates. They also include free software updates, free virus signature updates, and free online support. All they ask is that you register. Note: NT Support only for Windows NT 4.0 with Service Pack 3 or higher on Intel. Browse by category |
|
|
Privacy Statement |
