This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
[pc.gif?comments,996818628] Click Here!-[tkgk0115en.gif?996818628] Slashdot.org News for Nerds: Stuff that Matters. [topicslashdot.gif]-[topicslashdot.gif] [ faq | code | osdn | awards | privacy | slashNET | older stuff | rob's page | preferences | submit story | advertising | supporters | past polls | topics | about | jobs | hof ] 'Slashback: Mexico, Ukraine, Oceania' | Preferences | Top | 196 comments | Search Discussion Threshold: [-1: 196 comments] [Nested.....][Highest Scores First.........] Save: [_] Change Reply The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say. Re:What do you tell someone who's got SirCam? (Score:1) by Morris Schneiderman on Thursday August 02, @08:07PM PST (User #132974 Info) If you read the CERT advisory really carefully, you can use it to deal with the hardest part (in my opinion) of getting rid of SirCam. 1. Start by disconnecting from the Internet and any network you are on. 2. Disable file sharing if it is enabled. 3. Clean up the registry, as they tell you, but NOT in the order they list. First, get rid of the setting that restarts SirCam whenever anything executes. Next, get rid of the setting that restarts it whenever you reboot. Then correct the rest of the settings. They are not real helpful about what the correct settings should be. It helps a lot to have a clean machine you can refer to for reference. 4. Do a FIND for the various file names that they mention. Use wild cards, because not all file names are specified in the CERT advisory. 5. Move those files to the recycle bin. Then empty the recycle bin. 6. Shutdown. Reboot. 7. Do the FINDs again. If nothing turns up, you have a clean system. If not, figure out what you missed last time. Then start over at step 1. 8. Hopefully, you have a firewall that will notify you if anything tries to get in or out that shouldn't. I use ZoneAlarm. That's how I found out that SirCam had landed. [ Reply to This | Parent ] Re:What do you tell someone who's got SirCam? (Score:1) by slutdot on Thursday August 02, @08:49PM PST (User #207042 Info) Symantec has a removal tool located here [ Reply to This | Parent ] [ faq | code | osdn | awards | privacy | slashNET | older stuff | rob's page | preferences | submit story | advertising | supporters | past polls | topics | about | jobs | hof ] ____________________ Search Slashdot The Constitution may not be perfect, but it's a lot better than what we've got! All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest