Going, Going, Goner - Page 3

By Jim Freund | Posted Dec 5, 2001
Page 3 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Eradication
To manually remove the effects of a machine infected with Goner, restart the computer in Safe mode or end the process on the part of the worm that is running in memory. (Wait for at least half a minute to make sure there are no vestiges of the program left.) Then reverse the changes that the worm made to the registry, delete the files added to the SYSTEM32 directory, restart the computer, reinstall your preferred antivirus software, and run a complete scan and cleansing.

As always, an ounce of prevention is worth a pound of cure. Educate your users about attachments and files accepted through instant messaging software. In this instance, let them know about the possibility that mIRC may become infected. Never allow Outlook or Outlook Express to automatically launch attachments. Make sure all signature files for your anti-virus software and security patches for Outlook are up-to-date. (Since Goner first appeared on December 4, this is likely to be necessary.)

And finally, never look a gift (or Trojan) horse in the mouth.

--
Jim Freund is the Managing Editor of CrossNodes.

For more anti-viral advice, read Don't Let Viruses Knock You Out.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter