I'm in the middle of an all-nighter killing this thing, I'll tell you
what is working for me (you need to be at the console):
Delete Admin.dll and all TFTP* files from %driveletter%\Inetpub\scripts
Stop and disable the server service
Reboot
Apply IIS cumulative patch
Reboot
Apply hotfixes for either IE 5.01 SP1 or IE5.5 SP1 (mime header vulns)
Reboot
I am running NetShield, so I apply DAT 4161 and then scan and clean.
Kludgy, I know, we are working on scripting this. That is what we have
so far. I'll update unless someone else does before then. Back to
work....
-----Original Message-----
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 8:59 PM
To: NT System Admin Issues
Subject: How to remove Nimda from NT Server without a reload
Any links on how to remove Nimda from NT without a reload? when i run
the
removal tool from this list it crashes... any idea what services it
overwrites and runs as? i've heard cmd.exe and mmc.exe. we've got
mmc.exe
running but when i try to kill it with task manager it says access
denied...
ideas?
Matthew
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
