Gravatar Greetings. Not tested yet, but welcomed well. Does it supports other language versions of OS -es? I bet that in default 3 of these services are started as delayed - auto in Vista. (Just checked.) But I bet to the target is not so relevant.

Other hand, this one trashes up the task scheduler with At{incremental numbers} to run rundll with the infected random named file.
Does this script or the utility above removes them? Becouse I have just seen that several rundll -s just running in a task list doing just waste resources.
RudyD | 01.23.09 - 5:19 am | #

Gravatar Just looked at v1. There are several repeating lines. Just a tip, that the services and the patch should be enabled after the clean. (Or try it before and after...). Also server-paths should be more gentle in variables.
Anyhow at least something that could work on the main part.

Keep up the good work!
RudyD | 01.23.09 - 5:54 am | #

Gravatar You got a point, but why I did it like this? Because It would take a while to scan files. So during that, Windows will contact MS/WSUS to download missed updates. And Downadup will not disable them since the fixtool will kill all of it's threads on sight.
Extremesecurity | 01.23.09 - 6:16 am | #

Gravatar Hi thx alot man, you ppl are the best =D damn do I wish to be as smart as you someday still trying to follow up to that dream =) keep up the good work !!
Olafur F | 01.23.09 - 9:23 pm | #

Gravatar Have linked to your solution from our downadup information site (www.downadup.com). One suggestion we have - if you have this virus, you may find all sites hosting tools that can help you may be blocked. Since "microsoft.com" may be blocked, try accessing downloads via Microsoft's content distribution network. Replace "download.microsoft.com" with "mscom-dlcecn.vo.llnwd.net" in the URL.
EddieP | Homepage | 01.26.09 - 9:54 am | #

Gravatar I've been dealing with the same thing and kind of came to the same conlusion as you have as far as running a batch file to clean this up. However, I am using psexec to push out the cleanup batch. My batch is pretty much the same as yours (except I use MSRT instead of symantec.)

from my pstools system I run:

psexec @computerlist.txt -s \servershareConClean.bat > ConCleanLog.txt
Tim | 02.13.09 - 7:55 am | #

Gravatar i love your brain man
Scorpion77 | 02.22.09 - 4:15 pm | #

Gravatar congrats on the interview with securityfocus. nice work!
travis | 03.08.09 - 9:03 am | #

Gravatar @travis: thanks

@Scorpion77: thanks dude
Extremesecurity | Homepage | 03.09.09 - 2:29 am | #

Gravatar So all i need is the batch file and run it on my servers
Dsm511 | 03.12.09 - 10:13 am | #

Gravatar @Dsm511

Left click on the "Download Batch", then click on the white icon on the left (Don't use Save As). And yes you should run on the servers as well. Good Luck
Extremesecurity | Homepage | 03.13.09 - 3:55 pm | #

Gravatar Hello bro, just stopped by to thank you very, VERY much for this information and for the batch file, here in the school i work for we changed some lines in the batch to fit our needs and it work like a charm!

Sorry for the late reply, but i couldn't use this info and not thank you for making it available to us!

Keep up the good work, kind regards,
Pedro
Pedro Seixas | Homepage | 03.25.09 - 1:29 pm | #

Gravatar Nice collection
web design India | Homepage | 04.20.09 - 2:50 am | #

Gravatar I just love reading this blogs & articles. It is very interesting.
Cheers
Health Campus | Homepage | 08.30.09 - 4:12 am | #



Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan