[28518] in North American Network Operators' Group
Re: Virus Update
daemon@ATHENA.MIT.EDU (Mark Borchers)
Thu May 4 14:15:30 2000
Message-Id: <200005041813.OAA00269@ns2.harpweek.com>
From: "Mark Borchers" <markb@infi.net>
To: nanog@merit.edu
Date: Thu, 4 May 2000 13:10:43 -0500
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
In-reply-to: <Pine.LNX.3.96.1000504115659.8676A-100000@ns1.netmdc.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 4 May 00, at 11:57, John Gonzalez/netMDC admin wrote:
Date sent: Thu, 4 May 2000 11:57:16 -0600 (MDT)
From: John Gonzalez/netMDC admin <ekool@ns1.netmdc.com>
To: Mark Borchers <markb@infi.net>
Copies to: nanog@merit.edu
Subject: Re: Virus Update
> On Thu, 4 May 2000, Mark Borchers wrote:
> >Tim Cartwright here at Splitrock has written a cleaner
> >(attached).
>
> URL? :)
Sorry, it was in an attachment which evidently did not make
it out to the mailing list. Here it is.
'Written 4-04-2000 by : Tim Cartwright
'This is in response to the LOVE-LETTER-FOR-YOU virus. Needs to be
run before computer re-boot.
objWinDir objSystem32DirobjTempDir objDownLoadDir
strDownLoadFolder
objFsoobjFso = CreateObject("Scripting.FileSystemObject")
Main()
Main()
On Error Resume Next
Set objWinDir = objFso.GetSpecialFolder(0)
Set objSystem32Dir = objFso.GetSpecialFolder(1)
Set objTempDir = objFso.GetSpecialFolder(2)
strDownLoadFolder =
RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download Directory")
If (strDownLoadFolder = "") then
strDownLoadFolder = "c:\"
End If
If objFso.FileExists(strDownLoadFolder & "\WIN-BUGSFIX.exe") Then
DeleteAFile strDownLoadFolder & "\WIN-BUGSFIX.exe"
End If
If objFso.FileExists(objSystem32Dir & "\MSKernel32.vbs") Then
DeleteAFile objSystem32Dir & "\MSKernel32.vbs"
End If
If objFso.FileExists(objWinDir & "\Win32DLL.vbs") Then
DeleteAFile objWinDir & "\Win32DLL.vbs"
End If
If objFso.FileExists(objSystem32Dir & "\LOVE-LETTER-FOR-
YOU.TXT.vbs") Then
DeleteAFile objSystem32Dir & "\LOVE-LETTER-FOR-YOU.TXT.vbs"
End If
RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page", "http://www.microsoft.com/"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServi
ces\Win32DLL"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKe
rnel32"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-
BUGSFIX"
MsgBox "Done."Sub
RegDelete(strRegKey)
On Error Resume Next
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
objRegEdit.RegDelete strRegKey
If Err.Number <> 0 Then
Select Case Err.Number
Case -2147024894 'key does not exist
'ignore
Case Else
MsgBox Err.Number & " Error deleteing key : " &
strRegKey & " " & Err.Description
End Select
Err.Clear
End IfSub
RegRead(strKey)
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
RegRead = objRegEdit.RegRead(strKey)Function
DeleteAFile(filespec)
objFso.DeleteFile(filespec)Sub
RegWrite(strRegKey,strRegValue)
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
objRegEdit.RegWrite strRegKey, strRegValueSub
