Resolve for CodeRed-II description
A tool that removes CodeRed-II trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.
They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/CodeRed-II is a Trojan horse dropped by the CodeRed II worm. It affects
Windows NT and Windows 2000 computers running Microsoft Internet Information
Services (IIS) versions 4 and 5. IIS is installed by default on Windows 2000
Server and is easily installed on Windows 2000 Professional.
The files explorer.exe and root.exe take advantage of registry modifications
to allow remote access.
Troj/CodeRed-II can be removed from Windows computers automatically with the following tool:
rmred.bat is the name of the file users have to use in order to disinfect. After downloading this file please copy it’s content on a floppy disk and write-protect it.
Go to the infected computer. Log on as Administrator.
Close all programs leaving only the Windows Desktop. Place the floppy disk in
the A: drive.
At the Windows taskbar, select Start|Run. Type
A:RMRED and press .
Messages will tell you if your computer is infected, ‘Infection Active!’ or if
there is a further problem. You will also be told if you need to install the
Microsoft security patch.
Press a key to close the program, then close the program box if necessary.
If your computer is uninfected but you have not got the patch, go here and install the patch.
If your computer is uninfected and you have got the patch, ensure that your
anti-virus software is up-to-date.
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!