|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Off topic, but I thought I'd let you know of a way to prevent this from
recurring.
Go into your \Windows\system directory and mark wsock32.dll as read-only.
You can do this from windows by right clicking the file name, clicking on
properties, and then marking read-only.
The worm can't bite what it can't write to.
--
GrimDude
vos### [at] arkansasnet
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
GrimDude wrote:
>
> Off topic, but I thought I'd let you know of a way to prevent this from
> recurring.
>
> Go into your \Windows\system directory and mark wsock32.dll as read-only.
> You can do this from windows by right clicking the file name, clicking on
> properties, and then marking read-only.
>
> The worm can't bite what it can't write to.
> --
> GrimDude
> vos### [at] arkansasnet
Okay, it's off topic and a very weak defense. Luckily this SKA-thing made a
back-up, but any more malevolent program could easily override a
readonly-attribute. It's a nice thought but I don't think it'll help much.
Greetings,
Remco
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
GrimDude schrieb in Nachricht <36afe9f6.0@news.povray.org>...
>Off topic, but I thought I'd let you know of a way to prevent this from
>recurring.
>
>Go into your \Windows\system directory and mark wsock32.dll as read-only.
>You can do this from windows by right clicking the file name, clicking on
>properties, and then marking read-only.
>
>The worm can't bite what it can't write to.
What you can do by hand, any program can do by code too. It's very simple to
reset a read-only attribute. So this is an almost non-existant defense.
The Happy99 "worm" was not very sophisiticated, so it was easy to remove it
(and to find out, what it does). Most viruses are much cleverer though
(unfortunately).
--
Rudy Velthuis
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Rudy Velthuis schrieb in Nachricht <36b0996c.0@news.povray.org>...
>
>GrimDude schrieb in Nachricht <36afe9f6.0@news.povray.org>...
>>The worm can't bite what it can't write to.
>What you can do by hand, any program can do by code too. It's very simple
to
>reset a read-only attribute. So this is an almost non-existant defense.
>
>The Happy99 "worm" was not very sophisiticated, so it was easy to remove it
>(and to find out, what it does). Most viruses are much cleverer though
>(unfortunately).
Aha, now I know what you mean. This Happy worm doesn't reset the read-only
flag (yes, I studied the pages on www.avp.com) so it really can't write to a
write-protected wsock32.dll.
So this might work for this particular worm, but certainly not for all other
similar programs.
--
Rudy Velthuis
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |