IRC-Mocbot!MS06-040 removes C$ ???

  • Thread starter Thread starter John Smith
  • Start date Start date
J

John Smith

I'm recovering a Win2k box from IRC-Mocbot!MS06-040. Mcafee removed the
executable file (wgareg.exe), but apparently this worm makes some registry
changes affecting network access.

In particular, after the infection, the administrative share C$ appears to
be gone.

Where are the registry keys or other controls that control the
administrative shares such as C$ ? I'm trying to figure out what to do to
get C$ back.
 
The only safe way to recover a computer that's been infected with this is to
wipe it and start over again.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 
Back
Top