When you can't stop a process from the task manager try the reskit tool
kill.exe. Can also try the -f option to force a kill. You can kill by
process ID, process name, or wildcard. My cleaning batch file does a 'kill
mmc.exe' and 'kill mep'. Another worm executable will be call
'mep???.txt.exe' (or tmp.exe, I forget). If anything legitimate was also
had mep in the name it would get whacked, so you check first.
hth
-----Original Message-----
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:59 PM
To: NT System Admin Issues
Subject: How to remove Nimda from NT Server without a reload
Any links on how to remove Nimda from NT without a reload? when i run the
removal tool from this list it crashes... any idea what services it
overwrites and runs as? i've heard cmd.exe and mmc.exe. we've got mmc.exe
running but when i try to kill it with task manager it says access denied...
ideas?
Matthew
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm