F-Slammer
---------

F-Slammer is a special tool for detection of W32/Slammer worm 
in the computer's memory.

For detailed information on the W32/Slammer worm please visit

http://www.f-secure.com/v-descs/mssqlm.shtml

Usage
-----

1. Unpack the F-Slammer tool from the provided ZIP archive 
   either with WinZip or PkUnzip utilities. A trial version of 
   WinZip archiver can be downloaded from the following website:

http://www.winzip.com/ddchomea.htm
 
2, Start a command shell
   
   Click 'Start Menu->Run'

   Type 'cmd', press [Enter]

2, Change to the folder where the tool was unpacked

   Type 'cd \folder\where\the\tool\is'

3, Start the tool

   Type 'F-Slammer'

F-Slammer tool will scan the memory for infection and report
its findings. If the system is found to be infected the proper
patch has to be installed. The following pages contain detailed
information about the vulnerability and the available fixes

http://www.microsoft.com/technet/security/bulletin/MS02-061.asp

http://www.microsoft.com/technet/security/bulletin/MS02-039.asp

After installing the proper patch the computer has to be restarted
to ensure that the worm is deactivated from the memory.


Batch usage
-----------

When the tool exits it returns the two of the following error
codes:

0 - the system is clean

1 - the system is infected

The return code can be checked with the %ERRORLEVEL% variable
in a batch file.


Technical Note
--------------

The included psapi.dll is needed on Windows NT 4.0 systems only.
Under Windows 2000/XP this file is part of the operating system.


Contact information
-------------------

If you need further assistance using this tool please contact 
us on 'anti-virus-support@f-secure.com' address.


Copyright (C) 2003 F-Secure Corporation. All rights reserved.
