Security Incidents mailing list archives

NIMDA Removal

From: Isherwood Jeff C Contr AFRL/IFOSS <Jeffrey.Isherwood () rl af mil>
Date: Wed, 19 Sep 2001 10:48:15 -0400

Now that everyone has had a chance to look at it (I'm sure many folks
captured live copies of this bugger).

AV Sites around the world are coming out with tools to fix and remove it.  I
hate those tools.

Sat down and went over everything this one does, based on the live sample
and data on the list, as well as a few contributions from other sources.  I
think I've got it all down now.

Did I miss anything?

Attachment: Nimda_Removal.txt
Description:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

NIMDA Removal Isherwood Jeff C Contr AFRL/IFOSS (Sep 19)
- Re: NIMDA Removal Johannes Verelst (Sep 19)
- <Possible follow-ups>
- NIMDA Removal Isherwood Jeff C Contr AFRL/IFOSS (Sep 20)