Here's the original message regarding the script:

-----Original Message-----
From: Daniel Schultz [mailto:DSchultzNetworkServicesGroup.com]
Sent: Wednesday, September 19, 2001 4:54 AM
Subject: Nimda cleaner!

Network Services Group (Indy's leading Microsoft Certified Technical
Education Center and Solution Provider) has come up with a single line
command that will extract the malicious Javascript from all HTM, HTML, and
ASP files, including the subdirectories! Webservers could have thousands of
these files that are infected from the Nimba worm.

From Windows 2000 (it should work from NT as well) simply type from the
command prompt:

for /R %f in (*.htm *.html *.asp) do ren %f %~nf.old & findstr /L /V
"readme.eml" %~nf.old >%f

This one line will clean the file of the bad javascript, and rename the
original file to *.old for backup purposes. This will even clean files that
were infected more than once!

If you would like to use this on your website or any other means, please
acknowledge Network Services Group, our web address, the fact we are a
Microsoft Certified Technical Education Center in Indianapolis and our
phone.

Please email or call if you have questions...

P.S. We had the latest security hot fixes installed for over a month yet our
iis 4 server was infected with this nimda worm!

Sincerely,
Dan Schultz
http:\\NetworkServicesGroup.com

[snipped sig footer]

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]