This Tool will not find patches for IIS, 2000 server and above.. The correct
tool to use is:
http://support.microsoft.com/support/kb/articles/q303/2/15.asp?id=303215&sd=
tech#Download
This will check for all relevant updates..
Nasir
-----Original Message-----
From: Slade [mailto:[EMAIL PROTECTED]]
Sent: 19 September 2001 15:28
To: [EMAIL PROTECTED]
Subject: RE: [imail] Nimda Virus
The issue that allows the exploit was addressed by Microsoft in October
of 2000. If people would keep up on hot fixes, critical updates, and
service packs, people wouldn't would minimize the issues caused these
Trojans that use back doors in Windows that have already been fixed.
To ENSURE that you have ALL of the hot fixes for your system installed
and applied, please visit the following URL and run the scanner. This
will work for Windows NT 4, 2000 Pro, Server, and Advanced Server.
http://www.microsoft.com/technet/mpsa/start.asp
Run the scanner and it will tell you what hotfixes you're missing.
Sincerely... Slade @ Here, Inc.
______________________________________________
Make your mark today on the Internet. Register your
new domain today at www.RocketNIC.com for only
$12.95 per year!
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jason Williamson
Sent: Wednesday, September 19, 2001 7:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [imail] Nimda Virus
I'm running win2k advanced server with SP2 and have had no trouble.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Webmaster Oilfield Directory
Sent: Wednesday, September 19, 2001 2:43 AM
To: [EMAIL PROTECTED]
Subject: RE: [imail] Nimda Virus
This is the new security roll up package from microsoft at
www.microsoft.com/ntserver/sp6asrp.asp for NT 4.0 check it out... it
also says that any win2k system and i quote them "A new worm is
affecting many customers. However, systems that are up to date on
security patches are at little risk from it." Microsoft...
Take it for what it's worth...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Chad Heugel
Sent: Tuesday, September 18, 2001 8:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [imail] Nimda Virus
There was another update to NT4 they released, I believe it was July 26
or 27th of this year, that included all service releases since SP6a up
until that date and should have included the original patch that should
fix the vulnerability. It would essentially be Service pack 7 IMO, but
was not released with that designation.
On the servers where that was installed via windowsupdate on the NT4
boxes they so far have shown no signs of infection to this point. As
have all SP2 Win2k machines. A few older NT4 boxes tho have shown these
signs, and even after cleaning, not quite sure if they have been
'cleansed' because they are still behaving strangely.
I could be wrong, but this is only what I 'believe' to know as true. :)
-Chh2
----- Original Message -----
From: "Charles Frolick" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 10:18 PM
Subject: RE: [imail] Nimda Virus
> Tell me about it. I still have two nt4.0, sp6a bricks. About to try
> reapplying sp6a, hope that works. Bummer is one of the boxes is my
secured
> site, and I don't have a backup of the key, and key manager says
> access denied, along with a bunch of other really needed files. If it
> weren't for cmd.com and it's utils I'd wouldn't be able to do much of
> anything. Would
be
> nice if I still had all the dos utils, got too used to doing it GUI
> (all
the
> floppies are probably past shelf life anyway).
>
> Chuck Frolick
> ArgoNet, Inc.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> David Rolling
> Sent: Tuesday, September 18, 2001 8:38 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [imail] Nimda Virus
>
>
> great list but you forgot about me*.tmp.exe files these are the base
> files for the mep*.tmp.exe files and can be reload by the iexplorer
> .exe the mmc.exe and winzip32.exe,MAPI32.DLL,MPR.DLL,system.ini files
> this is the worst virus/worm I have eve seen since being online for 5+
> years..
>
>
> David Rolling
> www.infovue.net
> President
> 877-722-2162 ========================================================
> On the Plains of Hesitation, Bleach the Bones of Countless
> Millions Who,
> at the Dawn of Victory, Sat Down to Wait and Waiting Died
> =========================================================
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Scot Desort
> Sent: Tuesday, September 18, 2001 9:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [imail] Nimda Virus
>
>
> I have cleaned (I think) one Win2k server. Here are the steps I
followed:
>
> Here's some suggestions that I've used successfully (so far at least).
> YMMV.
>
> Be sure and check your "Guest" user account. The worm will enable it
and
> also put it in the local administrators group.
>
> To fix the web pages:
> Open one of them in notepad or something and look at the last line of
the
> file. You should see:
> <html><script language="JavaScript">window.open("readme.eml", null,
> "resizable=no,top=6000,left=6000")</script></html>
>
> I used Search & Replace from www.funduc.com to search for this string
in
all
> *.htm, *.html, and *.asp files and remove it.
>
> Search for readme.eml, .eml, .nws, admin.dll, readme.exe,
riched20.dll.
> Delete them if the modified date on them is today. Also, mmc.exe.
The
good
> one should be in \winnt\system32 and will be a larger file size. Note
> admin.dll is a valid file for Front Page and will have a smaller file
size
> and different date.
>
> Search for MEP*.TMP.EXE in the \temp directory and delete them.
>
> Look for root.exe in your web directories and remove it.
>
> Remove the drive shares on the root of your drives.
>
> Other files to look for are load.exe and a modified system.ini. I did
not
> see these on NT.
>
> I also re-applied SP2 and rebooted.
>
> --
> Scot
>
>
> ----- Original Message -----
> From: "Charles Frolick" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 18, 2001 7:25 PM
> Subject: RE: [imail] Nimda Virus
>
>
> > Has anyone actually been able to completely remove the virus from
their
> > system and return to normal? I have used several scanners, and
manually
> did
> > everything I can find documented and still I have two servers that
> > essentially paper weights since I cannot connect them to the
network,
and
> > they keep losing more and more functionality. (First lost use of
> > Explorer.exe to serial crashing, now several programs are saying
access
> > denied.)
> >
> > Chuck Frolick
> > ArgoNet, Inc.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jasmine
> > Sent: Tuesday, September 18, 2001 3:37 PM
> > To: [EMAIL PROTECTED]
> > Subject: [imail] Nimda Virus
> >
> >
> > Has anyone found a separate virus removal tool that does not rely on
anti-
> > virus software yet?
> >
> > Thanks.
> > J.
> >
> >
> >
> >
______________________________________________________________________
> > The HKSI-IMail Admin List is hosted by........ Humankind Systems,
Inc.
> > Questions, Comments or Complain like Hell..
mailto:[EMAIL PROTECTED]
> > Message Archive...
http://www.tallylist.com/archives/index.cfm/mlist.4
> > To Manage your Subscription.........
http://humankindsystems.com/lists
> >
> >
> >
> >
> >
> >
______________________________________________________________________
> > The HKSI-IMail Admin List is hosted by........ Humankind Systems,
Inc.
> > Questions, Comments or Complain like Hell..
mailto:[EMAIL PROTECTED]
> > Message Archive...
http://www.tallylist.com/archives/index.cfm/mlist.4
> > To Manage your Subscription.........
http://humankindsystems.com/lists
> >
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
