[9701] in bugtraq
IE0199.exe uninstaller
daemon@ATHENA.MIT.EDU (David Brumley)
Sun Feb 21 21:13:50 1999
Date: Fri, 19 Feb 1999 11:22:28 -0800
Reply-To: David Brumley <dbrumley@GOJU.STANFORD.EDU>
From: David Brumley <dbrumley@GOJU.STANFORD.EDU>
To: BUGTRAQ@NETSPACE.ORG
I've been searching the anti-virus sites re: this trojan, and have found
very little information. So far Dr. Solomon's says they will detect it
and someone told me Norton's also does. McAfee and F-prot haven't said
anything.
In case you don't have either of the above products, I've
written an uninstaller that I think takes care of all 3 versions of the
IE0199.exe trojan (well, at least in my tests). It's available for
free at:
http://security.stanford.edu/incidentinfo/ietrojan.html. Note it's
uuencoded and pgp signed by our teams' key. Fingerprint:
4B 1A 84 3D 1E E4 6B CC 19 30 EA CB 5A B0 FF 42
The source is also available in case you want to look at it (mostly
auto-generated code. This is my first windows program!)
I guess I should say that Stanford doesn't endorse nor support this
program in any way and is provided as is.
Cheers,
-david
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley dbrumley@Stanford.EDU
Phone: +1-650-723-2911 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp@sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
