I had to deal with this earlier this week.  We had to delete 2 registry
entries, remove \inetpub\scripts\root.exe, remove \program files\common
files\system\msadc\root.exe, then remove C:\explorer.exe and
D:\explorer.exe (which were rather annoying).  I imagine the symantec
article mentions these though.

Like Josh mentioned, you really need to think about reinstalling.  We
didn't, as we were infected by an internal source, but that was a call for
the higher-ups.

Dave

On Fri, 10 Aug 2001, Nate Carlson wrote:

> What do you need to do to get rid of Code Red v2 (the one that installs
> /scripts/root.exe?)
> 
> One of my clients has it, installed the patch from MS, but
> /scripts/root.exe still works.. does he just need to delete the file?
> 
> -- 
> Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
> http://www.real-time.com                | Fax   : (952)943-8500
> 
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 

-----
"Never underestimate the bandwidth of a station wagon full of tapes
  hurtling down the highway." -- Andrew S. Tanenbaum - Computer Networks