-----BEGIN PGP SIGNED MESSAGE----- Academic Computing & Networking Colorado School of Mines http://helpdesk.mines.edu 303-273-3431 CT 156-A February 25, 2005 This folder contains copies of selected stand-alone virus removal tools freely available from Symantec and McAfee. Ordinarily, you would obtain these programs by visiting http://securityresponse.symantec.com/avcenter/tools.list.html http://vil.nai.com/vil/averttools.asp However, if you do not have sufficient Internet access at the moment (for example: you connect via a slow phone line; you have been denied access until you have virus checked and cleaned your machine; a worm, virus or bad configuration has disabled your networking; or there is an active worm in the wild whose existence suggests you protect your machine before putting it on the network), you may find these pre-downloaded executables helpful. To install: We recommend backing up your system regularly, frequently, and before significant changes. Each program is a stand-alone executable (.exe) that requires no installation. To run: Generally you should run a removal tool designed for a specific virus only if you have evidence that you are infected with that virus (for example, your antivirus software told you you had it, but was unable to remove it). Running the program should not harm your system if you are not infected, but may take some time. Because the McAfee Stinger tool detects and removes a fair number of viruses, some of which may not be recognized by some Antivirus products, you may wish to run this one on a box you suspect may be infected but don't know with what. Double-click the executable, and then click the "Scan" button. The document "VirusStepbyStep.doc" was written by student consultants and reviewed by AC&N staff, is distributed at the Computing Center Front Desk along with CDs, and includes general instructions for installing and running the antivirus, patches and removal tools. AC&N recommends you have a current and verified backup before proceeding, and offers these files on an "as is" basis without warranty. A secure SHA-256 checksum for the included files is given below, and the readme.txt has been signed with the GPG/PGP signature available at http://www.mines.edu/fs_home/dlarue/pgp/ These should be verified if you are uncertain of the provenance of these files. This folder is available for checkout on CD from the Computing Center Front Desk (Green Center 231) or by download from http://www.mines.edu/academic/computer/software/CDs/ What follows are the checksums of the files included. for /R %i in (*.exe) do @hashsum.exe -a sha-256 "%i" 1b2bee34f210d6db4aa36f06f9661ce1bba923566d8cc38a12ad1033cc0cfccb McAfee Stinger\Stinger\stinger-v252.exe 3b750c199e9c17832d71d48003f208f1c36c9ef4f9ebef8fff8fe5a435e24538 Symantec removal tools\Beagle\FxBeagle.exe 93a5e6dd4493953b2e3ff4cff599807a1876cbd6626b2e47cae8d1897e7e2f57 Symantec removal tools\Blaster\FixBlast.exe e864d56078e1b502c5589935dfb5bb72bb0504cab07bce21631aa577890ba442 Symantec removal tools\Sasser\FxSasser.exe 612676b5ecb2bdae8c61f6ff672971b347f418ecae293b61cd30628309d2bdf2 Symantec removal tools\Sobig\FixSbigc.exe 900869a24d571d5b6a30efbd0b876e7af7b425c1f4f488f3ca14dcbe6964d956 Symantec removal tools\Sobig\FixSbigE.exe 2c4cda5c2401f6568b5e77eecce179deec6e2e5ade69df6ba0997d6de2f3a450 Symantec removal tools\Sobig\FixSbigF.exe f9079f30fe85718c65ddb76d8594f8a7840401670df576cae354c53e1f2d91c0 Symantec removal tools\Sobig\FixSobig.exe 21fe803976179cc099981170f4a4a1ba176ec7169e070915990697460bd84d14 Symantec removal tools\Sobig\FxSobigb.exe d33b91f0752feae8c17525f15b3fa1afef39a22a91f9fa23a4ad715b5e776c85 Symantec removal tools\Welchia\FixWelch.exe - - -- David M. Larue, PhD Academic Computing and Networking Colorado School of Mines, Golden, CO 80401-1887 USA Office: Green Center GC228 Office: +1 303-273-3868; Fax: +1 303-273-3475 Business: dlarue@Mines.EDU; http://www.mines.edu/fs_home/dlarue/ PGP Key fingerprint = E4 83 F8 1E A6 C4 EE F9 2A 1C 83 6A 9B 23 A0 4C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iQEVAwUBQh+aCUkQt56UFj89AQEsaQf+Odg0O0zZ0gwCKptFz1kQ/aqd1yq5o4eC oJOOiJ1+wKmiYKpCc5OiY/19Z6rXJ2U2zseujeq97Eg+KY2exCWLvBIvPhtJUcFf jZ1bk3ALySLw+kuIdJVWnRqd5LzMfNOQ55VmgXKNSdpxhaMOnkN1quYGMqwkpQv6 i06zC2f3q9SuRnruV4Bg+TdcQez5ZXC25AjC+78ZvUVOHzGIyGqqwtdhoGilDUGB jpQYnNeMs/vpy820H3TqHkTy18S7+OmXuzIjtpEfRLDRxo2uJC0M9QDXluDTUjks 5l22Od5ThvWeMN1S7m1t6CetHD4QPiUfjRIAZRMBwB/z7uxsNaRqeQ== =nd86 -----END PGP SIGNATURE-----