MUMA,MUMU,bboy & co
well, these worm crap makes me ill...
i need a cleaner for trojan worms,
so i tried trendmicros sysclean,but it crashes my pc.
so may be crap ,too.
i ca't use such a thing on a server i can access only remotely
so who can recomment a solution I can run from commandline
to remove all the(by worm) installed routines .
it should work without any use rinteractivity!
its really important at this moment.
tnx in advance
too many arguments in calling the function cleanup :D
u have toomany conditions..... if u have remote command line access ... u can install some kind of remote access tool on the system...like make ur system TFTP, u can use tftpd32 from http://altern.org/phjounin.
then place the remote administrator tool like RAdmins required files (s ee the documentation on how to install it remotely) ... install n njoy the Graphical shell...then u can remove the restriction of command line only i suppose....
symantic has a cleaner for muma and just about all of them (one for each). the newest AV updates contain these sigs...i gotta tell you though man, muma uses the netbios port to gain access to your computer....what are you doing running a server without a firewall? Sounds like you dont have AV software either.
hmmm...i don't now what to do with tftp?
its already deleted on both machines, server and client....
and bboy will log me and sent to their chat all data ;)
however,i got it working by doin a
'site exec todo.cmd' via ftp!
the cmd file only contains 'sysclean /nogui /silent /y'
tried on the server,too .. and succeed...:)
but i would not recomment using trendmicros tool with /nogui parameter if you have one ;)
btw. first you have to delete the shares and/or kick the network.
o.k. it removed two worms but i have to scan there a little bit on net .
any idea wich ports are used? may be 6666 ???
found 2 virii,
oooohh....ca.10% of the machines using the same gateway seem to be compromised or hijacked
>> now i do understand ppl creating worms to clean up other worms...
('cos i am unable to reach the hosts..)