Twisted advice
CISRT issued an advisory about an IM worm. This is a typical worm that you avoid quite simply by not opening attachments in IM, especially when they claim to be Paris Hilton Videos. There is nothing particularly interesting about the worm, but there is something interesting about the write up at http://www.cisrt.org/enblog/read.php?128.
CISRT gives instructions on how to manually remove the worm. I’ll quote a short part of the instructions…
————————————————————————————————————
Step 1.
"Start"->"Run", type "REGEDIT", open the reistry editor.
Step 2.
Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
delete "printers"="{CLSID}" in right panel
please copy the {CLSID} before deleting it
Step 3.
————————————————————————————————————
Hmmm, perhaps the part about copying the {CLSID} should go before the instructions to delete.
You know those phone messages where they say some menu items have changed so listen to the whole selection?
This is a case where it is wise to read all of the instructions before starting! Of course, if you are that wise you probably didn’t need the instructions anyway 
Randy Abrams
Director of Technical Education
Leave a Reply
- David Harley (745)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (60)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (30)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
