[thelist] The New Worm - need some help to clean it

Kelly Hallman khallman at wrack.org
Tue Aug 12 13:14:10 CDT 2003


On Tue, 12 Aug 2003, Frank wrote:
> At 06:08 PM 8/11/2003 -0700, you wrote:
> First set up ZoneAlarm.
> http://www.zonelabs.com

My guess is if you guys were running ZoneAlarm already, you would not have 
been infected.  At least some kind of firewall.  I have a firewall between 
my LAN and the Internet AND I run ZoneAlarm on all the local PC's (because 
ZA can monitor and block outgoing traffic, application specific).

> This piece of software is a butt kicker. It's not really for the newbie
> though. Most techies will handle it fine.
> TDS-3 http://www.diamondcs.com.au/?hop=supportale.diamondcs

I am not familliar with TDS-3, but I highly recommend DiamondCS's
RegistryProt utility.  It intercepts potentially malicious registry keys
that try to register themselves in sensitive areas (i.e. automatic start,
RunOnce, etc) of the registry.  It will prompt you to allow/deny setting
the key.  This may sound trivial, but you can prevent a lot of sketchy 
programs from ever getting a foothold on your system.  If nothing else, 
you have a much better understanding about what is going on with the 
registry... of course, Microsoft would never help you out there...

-- 
Kelly Hallman
http://wrack.org/





More information about the thelist mailing list