I had to deal with this earlier this week. We had to delete 2 registry entries, remove \inetpub\scripts\root.exe, remove \program files\common files\system\msadc\root.exe, then remove C:\explorer.exe and D:\explorer.exe (which were rather annoying). I imagine the symantec article mentions these though. Like Josh mentioned, you really need to think about reinstalling. We didn't, as we were infected by an internal source, but that was a call for the higher-ups. Dave On Fri, 10 Aug 2001, Nate Carlson wrote: > What do you need to do to get rid of Code Red v2 (the one that installs > /scripts/root.exe?) > > One of my clients has it, installed the patch from MS, but > /scripts/root.exe still works.. does he just need to delete the file? > > -- > Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > ----- "Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." -- Andrew S. Tanenbaum - Computer Networks