Our
ISP apparently has many an IIS server yet to be patched from October of
2000.
The
inbound and outbound traffic toasted our connection. We had a trickling of
inbound emails and that is all. No successful HTTP browsing (read: not
able to research this worm thingie). Outbound emails sat in the IMS
queues.
Then
we had someone internally [1] get the readme.exe possibly from
Hotmail? 12,500 *.eml files and 1750
*.dll's later....
[1] an
associated company
Otherwise....
perfectly alright, given the circumstances.
You
probably weren't asking, but that's the scoop, nonetheless.
William
-----Original Message-----
From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:34 PM To: MS-Exchange Admin Issues Subject: RE: New Virus Alert Was
beginning to wonder if you took the day off? Steve
Clark Clark
Systems Support, LLC AVIEN
Charter Member www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax -----Original
Message----- >>If
it's any consolation Lance, it's banging the hell out of me
also. Well,
that's a little personal Stephen. >>CAI claims the
virus pattern files I updated this morning before the attack takes care of
it! <bigassumption> Well... it
seems we know who wrote it, then... </bigassumption> >>If
anyone knows exactly how this works, and I mean exactly, I'd sure like to know.
It seems
many are still up trying to determine that 100% >>deleting
load.exe I've
learned it not usually prudent to lose your load on a
computer. >>
Good luck. Thank
you. You as well. -----Original
Message----- If it's
any consolation Lance, it's banging the hell out of me also. Seems to replicate
richad20.dll and *.eml files on servers. I'm talking hundreds of thousands of
the suckers. Worst is, CAI claims the virus pattern files I updated this
morning before the attack takes care of it! Another load of horse manure form an
already suspect company. If anyone knows exactly how this works, and I mean
exactly, I'd sure like to know. Even with all workstations shut down, it still
replicates itself on my PDC as fast as I can delete the dll and eml files. On
infected workstations, repairing the sys.ini file and deleting load.exe from the
\\windows\system directory does not help.
On reboot, the sys.ini is modified again and the load.exe is back in place.
Making the system.ini file read only seems to help. Good
luck. Oh
yeah-tried calling Computer Associates tech support for two hours today. Was
kept in a holding pattern for 30 minutes and then disconnected. Nice people.
-----Original
Message----- Thanks. It's killing us. NAI seems to have
numerous update, as well as, MS. http://www.sunbelt-software.com/exchange_list_charter.htm |
- RE: New Virus Alert Arnold, Jamie
- Re: New Virus Alert Lance -a-lot
- RE: New Virus Alert Zangara, Jim
- RE: New Virus Alert John Matteson
- RE: New Virus Alert Zangara, Jim
- RE: New Virus Alert RZorz
- RE: New Virus Alert Lance -a-lot
- RE: New Virus Alert Stephen J. Norton
- RE: New Virus Alert Lefkovics, William
- RE: New Virus Alert Clark, Steve
- RE: New Virus Alert Lefkovics, William
- RE: New Virus Alert Clark, Steve
- RE: New Virus Alert Brian Bauer ** Network Technician
- RE: New Virus Alert Dahl, Peter
- RE: New Virus Alert Greg Page
- RE: New Virus Alert Lefkovics, William