This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
[pc.gif?comments,996818628]
Click Here!-[tkgk0115en.gif?996818628]
Slashdot.org
News for Nerds: Stuff that Matters.
[topicslashdot.gif]-[topicslashdot.gif]
[ faq | code | osdn | awards | privacy | slashNET | older stuff
| rob's page | preferences | submit story | advertising |
supporters | past polls | topics | about | jobs | hof ]
'Slashback: Mexico, Ukraine, Oceania' | Preferences | Top | 196
comments | Search Discussion
Threshold: [-1: 196 comments]
[Nested.....][Highest Scores First.........] Save: [_] Change Reply
The Fine Print: The following comments are owned by whoever posted
them. Slashdot is not responsible for what they say.
Re:What do you tell someone who's got SirCam?
(Score:1)
by Morris Schneiderman on Thursday August 02, @08:07PM PST
(User #132974 Info)
If you read the CERT advisory really carefully, you can use it to deal
with the hardest part (in my opinion) of getting rid of SirCam.
1. Start by disconnecting from the Internet and any network you are
on.
2. Disable file sharing if it is enabled.
3. Clean up the registry, as they tell you, but NOT in the order they
list. First, get rid of the setting that restarts SirCam whenever
anything executes. Next, get rid of the setting that restarts it
whenever you reboot. Then correct the rest of the settings. They are
not real helpful about what the correct settings should be. It helps a
lot to have a clean machine you can refer to for reference.
4. Do a FIND for the various file names that they mention. Use wild
cards, because not all file names are specified in the CERT advisory.
5. Move those files to the recycle bin. Then empty the recycle bin. 6.
Shutdown. Reboot.
7. Do the FINDs again. If nothing turns up, you have a clean system.
If not, figure out what you missed last time. Then start over at step
1.
8. Hopefully, you have a firewall that will notify you if anything
tries to get in or out that shouldn't. I use ZoneAlarm. That's how I
found out that SirCam had landed.
[ Reply to This | Parent ]
Re:What do you tell someone who's got SirCam?
(Score:1)
by slutdot on Thursday August 02, @08:49PM PST
(User #207042 Info)
Symantec has a removal tool located here
[ Reply to This | Parent ]
[ faq | code | osdn | awards | privacy | slashNET | older stuff
| rob's page | preferences | submit story | advertising |
supporters | past polls | topics | about | jobs | hof ]
____________________ Search Slashdot
The Constitution may not be perfect, but it's a lot better than what
we've got!
All trademarks and copyrights on this page are owned by their
respective companies. Comments are owned by the Poster. The Rest