On Wed, Nov 06, 2002 at 07:39:32PM +0100, linux power wrote: > How can I remove an worm?
> It seems I have a worm scanning the whole internet for available
ip-addresses though
> the netbios ports which I have closed but didnt help much.
> Does it have a pid which I can kill and how do I find which?
I presume you are referring to a worm running on a Windows box
and NOT a worm running on a Linux (much less a RedHat) box? I'm
currently tracking numerous netbios worms, the worst of which are
the OpaServ family (which currently contains 5 varients A-F) which
are, at this time, accounting for roughly 800,000 to 900,000 137/udp
netbios name service request packets per day into my "dark network"
research project (25,600 non-responding "darknet" addresses). I know
of no such worm which is attempting to propagate over netbios ports from
Linux boxes (slapper and it's ilk are using https 443/tcp). So it
must be one or more of your Windows boxen. I suppose it could be a
VMWare window or, thanks to the KMail guys and their wonderful support
of Windows attachments under Wine, may a worm under wine, but I doubt
it. That makes this message more than a little off topic on the
RedHat list since it probably doesn't have anything to do with Linux.
If it's OpaServ (1000:1 probability) then go to your local
friendly AV Vendor site and follow their instructios to disinfect your
Windows boxes. Better yet. Rebuild them with Linux and be done with it.
> http://home.no.net/~knutove/knut_ove_hauge_kuren.htm
> Yahoo! Mail har fått nytt utseende
> Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
msg93965/pgp00000.pgp
Description: PGP signature
