Get me specs on how it's done and I will give it a shot. We already have automated sub7 cleaners on Dalnet that we use to clean infected hosts. I could likely whip a daemon up pretty eaisly to monitor port 139 and auto disinfect. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GE d-- s:+ a-- C++ UL+++ P--- L+++ E- W- N+ o-- K- w--- O M- V PS+ PE+++ Y+ PGP t+ 5 X+ R tv+ b+ DI+ D G e+ h! r++ y+ ------END GEEK CODE BLOCK------ On Fri, 29 Sep 2000, Dan Hollis wrote:
On Fri, 29 Sep 2000, Mike Lewinski wrote:
"exit" will close the connection but not the QAZ server, while "quit" does appear to shut it down. You can also "run x". Once QAZ has been shutdown, it's also possible to connect to the share and manually delete the infected notepad.exe, although I haven't yet figured out if there's a way to unshare someone's drives remotely via command line (if I did this, I wouldn't be able to get back in to clean the infection).
It would be cool if someone would make a tool that would auto-disinfect users...
-Dan