On Fri, 10 Aug 2001, Nate Carlson wrote: > What do you need to do to get rid of Code Red v2 (the one that installs > /scripts/root.exe?) Although there are tools to get rid of Code Red, the fact that root.exe is sitting in plain sight is opening the door to any hack you want. Every security bulletin I've read says fdisk, format is the only way to make sure you're clean. One writeup I saw even suggested that if your machine is unpatched and root.exe isn't accessible, re-install anyway because an attacker may have removed the worm after planting something. And be sure to patch before letting it live :-) -Brian