Security Incidents mailing list archives
Re: buddylinks worm
From: Mark Coleman <markc () uniontown com>
Date: Thu, 12 Feb 2004 12:18:36 -0500
Dennis Cheung wrote:
A friend has gotten infected with this "revolutionary" product. Has anyone tried removing this thing manually before? The buddylinks site has a unsubscribe feature that claims to work, but at the moment I am reluctant until I figure out what exactly this thing is.-Dennis
Dennis,Using the information located here (link attached, this is the same link I sent to the list already I believe), our helpdesk has successfully pushed a script that manually removes the "infection". I understand that they removed at least one Registry key (run), blocked access to the 2 folders it installs to, killed two executables. We have been "buddylist free" since 9:45pm last night through this manual uninstall script.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007 Good luck... -Mark Coleman --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Dennis Cheung (Feb 12)
- Re: buddylinks worm falcon (Feb 12)
- Re: buddylinks worm Eric Trager (Feb 12)
- Re: buddylinks worm Mark Coleman (Feb 12)
- Re: buddylinks worm Alexander Kiwerski (Feb 13)
- <Possible follow-ups>
- RE: buddylinks worm Jeremy Junginger (Feb 10)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm Clint Bodungen (Feb 12)
- Re: buddylinks worm Jason Yates (Feb 10)
- Re: buddylinks worm upallnight42 (Feb 12)
- Re: buddylinks worm Scott (Feb 12)
- Re: buddylinks worm Access Denied (Feb 18)
- Re: buddylinks worm Dennis Cheung (Feb 12)