RE: Nimda issue

Mon, 24 Sep 2001 00:08:18 -0700 

Also take a look at http://www.incidents.org/react/nimda.php
<http://www.incidents.org/react/nimda.php>  for detailed analysis. 
-----Original Message-----
From: Matthew Healy [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2001 09:36
To: NT System Admin Issues
Subject: RE: Nimda issue


The home page of http://www.sophos.com/ <http://www.sophos.com/>  has Nimda
info all over it, including a free removal tool.
 
I haven't tried it myself, so can't indicate either way to it effectiveness.
 
 
 
-----Original Message-----
From: James Costa [mailto:[EMAIL PROTECTED]]
Sent: Monday, 24 September 2001 17:00
To: NT System Admin Issues
Subject: Nimda issue



Hi guys.

I'm new to this list.  Was wondering if anyone had a problem getting rid of
the Nimda virus?  I use InoculateIT from Computer Associates as my virus
scanner, with newest virus update.  I think I have a pretty secure machine,
but that's only an opinion.  I speculate I was infected thru IIS, as I did
not have any email with the readme.exe file, and I have already patched the
MIME header problem.  Anyways, I noticed through my firewall that TFTP.EXE
(Trivial FTP) was trying to gain access to the internet, about 32 times in
the middle of the night in fact.  I did not give it explicit access, so it's
basically in my machine and can't get out, if it's even still on here.  I
noticed, however, from my firewall logs, that TFTP.EXE was trying to connect
to local DSL routers, and all IP's that it was trying to connect to had the
same first two octets, and always tried to connect from port 69.  I
speculate this is the Nimda virus, from the way it is randomly scanning for
more computers to infect.  TFTP.EXE is a listening app, I believe, that
waits for a signal from RIS from a remote machine to re-install windows.
Has anyone had this similar problem?  Maybe I am not clear enough, do I need
to specify something?  Maybe I am just a monkey and you guys don't want to
hear about my problems?  Well, I appreciate any attention in advance, and if
this isn't appropriate for this list, do not hesitate to let me know.
Thanks.

 

James Costa

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to