Bugtraq mailing list archives
Re: [linux-security] Re: Linux virus
From: scottvr () DFW NET (Scott VanRavenswaay)
Date: Tue, 4 Feb 1997 16:45:53 -0600
It's 'uninfect-files-please' or 'disinfect-files-please'. BOTH of those strings will work. Other command-line options include 'dont-run-original' and 'just-run-bliss'. Scott VanRavenswaay System Administrator DFW Internet Services, Inc. On Tue, 4 Feb 1997, Flack Man wrote:
Of course, having the binary for the virus makes things much easier. Try bliss --uninfect-files-please (or something very close to it, been many months since I've looked at it). You'll find all your binaries intact. Realize this isn't a real virus (yet). -FM On Tue, 4 Feb 1997, Aleph One wrote:On Fri, 31 Jan 1997, Peter wrote:- [CHOP!!] -Disinfection of the test machine was pretty simple, because of the log of infected files is available. Simply a case of 'cat'ing new copies of the binaries into the infected ones, and then adding back any set[ug]id bits that have been lost. If you do get infected, remember 0) do not log any more sessions in. 1) disconnect the network card 2) kill all non-essential processes (killall5 if it's still OK) 3) replace all the binaries in /tmp/.bliss You could probably script the last one, but it's probably a bit dangerous to do so.
Current thread:
- [linux-security] Re: Linux virus Aleph One (Feb 04)
- Re: [linux-security] Re: Linux virus Flack Man (Feb 04)
- Re: [linux-security] Re: Linux virus Scott VanRavenswaay (Feb 04)
- In regards to the Linux 'Bliss' Virus. Alfred Huger (Feb 04)
- <Possible follow-ups>
- Re: [linux-security] Re: Linux virus Tim Atluru (Feb 06)
- Re: [linux-security] Re: Linux virus Flack Man (Feb 04)