On Fri, 10 Aug 2001, Nate Carlson wrote:

> What do you need to do to get rid of Code Red v2 (the one that installs
> /scripts/root.exe?)

Although there are tools to get rid of Code Red, the fact that root.exe is
sitting in plain sight is opening the door to any hack you want.  Every
security bulletin I've read says fdisk, format is the only way to make
sure you're clean.

One writeup I saw even suggested that if your machine is unpatched and
root.exe isn't accessible, re-install anyway because an attacker may have
removed the worm after planting something.  And be sure to patch before
letting it live :-)

-Brian