[thelist] The New Worm - need some help to clean it

Michael Pemberton mpember at phreaker.net
Mon Aug 11 20:36:56 CDT 2003

Tom, you meantioned that you can see it in the task list.  A few questions
come to mind:

Are you running an NT based OS? (NT / 2K / XP)
What is the name of the process? (???.exe)

If you can answer the second one and the first answer was yes, then this is
leading somewhere. :)

Do you have a copy of ERD Commander from Winternals?  If not, then Safe mode
Command prompt may be enough.

Try locating the file and deleting it.

The second method would be to try and find a copy of Windows on another,
completely backed up, system.  Put your infected HDD in the second PC and scan
the files from there.  This would hopefully mean that the program will not
have executed and can be safely removed.

Michael Pemberton
evolt at mpember.net.au

