Results 1 to 4 of 4

Thread: MUMA,MUMU,bboy & co

  1. #1
    Senior Member
    Join Date
    Aug 2003

    MUMA,MUMU,bboy & co

    well, these worm crap makes me ill...

    i need a cleaner for trojan worms,
    so i tried trendmicros sysclean,but it crashes my pc.
    so may be crap ,too.
    i ca't use such a thing on a server i can access only remotely

    so who can recomment a solution I can run from commandline
    to remove all the(by worm) installed routines .
    it should work without any use rinteractivity!

    its really important at this moment.

    tnx in advance
    Industry Kills Music.

  2. #2
    Senior Member
    Join Date
    May 2003
    too many arguments in calling the function cleanup

    u have toomany conditions..... if u have remote command line access ... u can install some kind of remote access tool on the system...like make ur system TFTP, u can use tftpd32 from http://altern.org/phjounin.

    then place the remote administrator tool like RAdmins required files (s ee the documentation on how to install it remotely) ... install n njoy the Graphical shell...then u can remove the restriction of command line only i suppose....
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  3. #3
    Senior Member
    Join Date
    Nov 2001
    symantic has a cleaner for muma and just about all of them (one for each). the newest AV updates contain these sigs...i gotta tell you though man, muma uses the netbios port to gain access to your computer....what are you doing running a server without a firewall? Sounds like you dont have AV software either.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member
    Join Date
    Aug 2003
    hmmm...i don't now what to do with tftp?
    its already deleted on both machines, server and client....
    and bboy will log me and sent to their chat all data

    however,i got it working by doin a
    'site exec todo.cmd' via ftp!
    the cmd file only contains 'sysclean /nogui /silent /y'

    tried on the server,too .. and succeed...

    but i would not recomment using trendmicros tool with /nogui parameter if you have one

    btw. first you have to delete the shares and/or kick the network.

    o.k. it removed two worms but i have to scan there a little bit on net .
    any idea wich ports are used? may be 6666 ???

    found 2 virii,

    oooohh....ca.10% of the machines using the same gateway seem to be compromised or hijacked
    >> now i do understand ppl creating worms to clean up other worms...
    ('cos i am unable to reach the hosts..)
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts