RE: CodeRed Scanner
- From: "cismic" <cismic@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2001 14:15:40 -0700
After your box is built with all the current service packs and patches,
I would use Norton's ghost or WinImage to save an image of the computer
for faster rebuilds.
Joseph
-----Original Message-----
From: Sandy Ryan [mailto:sryan@xxxxxxxxxxx]
Sent: Friday, August 10, 2001 10:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CodeRed Scanner
http://www.ISAserver.org
If you get hit by the first code red - all you do is reboot.
If it's the second code red - and you get hit...
The only way you can be 100% sure to clean the box is rebuild (and
reformat) -- too many 'back doors ' get open with the second version...
You can check the registry to see if you are hit by code red 2 - if you
see something like
System\currentcontrolset\services\w3scv\parameters\virtual roots\c to
c:\,,21 or
System\currentcontrolset\services\w3scv\parameters\virtual roots\d to
d:\,,21
Your hit with the second version and REALLY need to reformat and reload
- after reload make sure you install the june 18th patch or you will get
hit again.
-----Original Message-----
From: Butte, Jeff M APX [mailto:jeff.butte@xxxxxxxxxx]
Sent: Friday, August 10, 2001 11:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CodeRed Scanner
http://www.ISAserver.org
That is the patch.. but I thought they came out with a detection /
repair utility. Right now we are hitting all our boxes with the
http://www.eeye.com/html/Research/Tools/codered.html scanner to look for
vulnerable systems. We are then using Jim Harrison's VBScript to scan
for infection. Then we have a QChain script with all the patches setup
and then we are installing the ISAPI IDA filter. But in the event we
hit an infected box, we need to have a quick repair utility to clean it
up until we can do a full restore prior to the infection.
Jeff Butte
HPD Server Team
Abbott Laboratories
mailto:Jeff.Butte@xxxxxxxxxx
-----Original Message-----
From: Paul A Brown [mailto:paul@xxxxxxxxxx]
Sent: Friday, August 10, 2001 12:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CodeRed Scanner
http://www.ISAserver.org
Hi Jeff,
Try this
http://www.microsoft.com/windows2000/downloads/critical/q300972/default.
asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D30800%26redirec
t%3Dno
Paul
-----Original Message-----
From: Butte, Jeff M APX [mailto:jeff.butte@xxxxxxxxxx]
Sent: 10 August 2001 17:59
To: [ISAserver.org Discussion List]
Subject: [isalist] CodeRed Scanner
http://www.ISAserver.org
Does anyone have the link to Microsoft's Code Red repair tool? I cannot
seem to find where I put the link and can't find it on their site. Might
need it ASAP... :-0
Jeff Butte
HPD Server Team
Abbott Laboratories
mailto:Jeff.Butte@xxxxxxxxxx
pager: mailto:8884281914@xxxxxxxxxx
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jeff.butte@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sryan@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
