By now there are probably tools that will remove (or at least claim to
remove) Nimda, but once you were infected your machine started
announcing to the world that everyone had access to it. Even if a tool
cleans up Nimda can you ever be sure that some enterprising script
kiddie hasn't placed a trojan/backdoor on it? Wipe-n-load is the only
way to be sure.
jbh
-----Original Message-----
From: Vani Murarka [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 7:49 AM
To: NT System Admin Issues
Subject: Nimda and patch end up shutting my Web Server
NT and IIS Gurus, please help.
My system was infected by Nimda. Norton found certain TFTPxxx files
under Inetpub/scripts which were infected. It could not clean it. It
quarantined it. I deleted those files. But new TFTPxxx files kept
getting created in that directory, and Norton kept saying those are
infected with Nimda.
I searched the internet to see what patch I must install. Following
links from Symantec, this is the one I downloaded and installed -
http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default
.asp
The patch was called "Windows 4.0 Hotfix"
Ever since installing that, my Web Server does not run. Trying to run
it from Internet Service Manager, says, "The specified module could not
be found".
I am also not being unable to uninstall the patch from Control Panel -
Add/Remove Programs as the page from where I downloaded it suggests,
because it is not listed there.
Maybe I selected the inappropriate patch - but now I am at a loss as to
what to do next.
Please give pointers.
Thanks
Vani
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
