(Page 2 of 3)   < Prev  1 2 3  Next >

Category: Hostile Code » Removal

Code Red II Cleaner
Added 2001-10-22
by Microsoft
Microsoft has developed a tool that eliminates the obvious damage that is caused by the Code Red II worm. Before running it, ensure that you have read the cautions discussed in the "More Information" page.

Code Red v3 (aka Code Red II) Fix
Added 2001-10-22
by Richard Puckett
CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box.

IIS Worms Detector
Added 2001-10-22
by Felipe Moniz
IIS Worms Detector scans for Code Red, Code Blue and Nimda Worm locally.

Worm Report 1.2
Added 2001-10-22
by Robert S Muhlestein
Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.

Retina Nimda Scanner
Added 2001-10-22
by eEye Digital Security
The Retina Nimda Scanner is a tool created by eEye Digital Security that is able to scan up to 254 IP addresses at once and determine if any are vulnerable to the "Nimda Worm". If a machine or server is found to be vulnerable to the Nimda Worm, the Retina Nimda Scanner will flag the IP address.

The Cleaner
Added 2001-10-22
by MooSoft Development, cleanerhelp@moosoft.com
The Cleaner is a trojan scan engine for Windows 95/98/NT/2000 and removes them from your system. The Cleaner uses an original process to uniquely identify files, therefore it can detect trojans which have changed their filename or file size or have attached themselves to other files.

Added 2001-10-22
by BigFix
The BigFix program can give you a heads-up when a virus is detected. It can drastically reduce the number of bugs and conflicts that affect your computer. Using the proprietary Relevance Engine, BigFix can automatically check your computer for bugs, configuration conflicts, and security holes, and let you fix them with a simple mouse-click. Most of the time, BigFix can even alert you to a problem before any damage is done, helping you avoid painful downtime.

Added 2001-10-22
by Christian Mairoll, Bernd Michler
Kills 84 of the most dangerous Trojans, including the infamous Back Orifice 2000 (BO2K). Anti-Trojan can establish a effective protection against BO without the need of running Anti-Trojan all the time. This tool installs with German language settings - a language pack for English is available for download from the site. An online support forum provides further configuration help.

Added 2001-10-22
by DigitAl56K (al@digital56k.free-online.co.uk)
AVDisk enables automatic creation of anti-virus startup disks using popular anti-virus software (F-Prot, AVPLite, AVPDOS32) which can be used to start and disinfect a computer should it be infected by a virus. The program is easy to use and basic help is included for each supported product.

CAI InoculateIT Personal Edition
Added 2001-10-22
by Computer Associates
A free powerful antivirus software being given away by Computer Associates. They also include free software updates, free virus signature updates, and free online support. All they ask is that you register. Note: NT Support only for Windows NT 4.0 with Service Pack 3 or higher on Intel.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus