[thelist] The New Worm - need some help to clean it
Kelly Hallman
khallman at wrack.org
Tue Aug 12 13:14:10 CDT 2003
On Tue, 12 Aug 2003, Frank wrote:
> At 06:08 PM 8/11/2003 -0700, you wrote:
> First set up ZoneAlarm.
> http://www.zonelabs.com
My guess is if you guys were running ZoneAlarm already, you would not have
been infected. At least some kind of firewall. I have a firewall between
my LAN and the Internet AND I run ZoneAlarm on all the local PC's (because
ZA can monitor and block outgoing traffic, application specific).
> This piece of software is a butt kicker. It's not really for the newbie
> though. Most techies will handle it fine.
> TDS-3 http://www.diamondcs.com.au/?hop=supportale.diamondcs
I am not familliar with TDS-3, but I highly recommend DiamondCS's
RegistryProt utility. It intercepts potentially malicious registry keys
that try to register themselves in sensitive areas (i.e. automatic start,
RunOnce, etc) of the registry. It will prompt you to allow/deny setting
the key. This may sound trivial, but you can prevent a lot of sketchy
programs from ever getting a foothold on your system. If nothing else,
you have a much better understanding about what is going on with the
registry... of course, Microsoft would never help you out there...
--
Kelly Hallman
http://wrack.org/
More information about the thelist
mailing list