The only thing that I would add is that rather than attaching to the net un-patched
and downloading it, you should burn as much as possible to CD and load it from there
before attaching to the net the first time.
For instance the SP and all current hotfixes can be downloaded, batched and burned.
This keeps you from getting infected that first time that you connect.
JayW
>>> [EMAIL PROTECTED] 09/24/01 07:32PM >>>
NT System Admin List:
We are doing the following with a great deal of success:
Simple Option - if not too badly infected:
1. Have the system on the net only long enough to get the latest virus
update.
2. Run Norton Anti-Virus with the latest virus update.
3. Reboot with your Win2k or WinNT or Win98 (etc) CD and run it in Repair
mode.
4. Go back on the Internet - avoid the local net if you can.
5. Get IE 5.5 SP2 right away.
6. Reapply the latest Service Packs to the OS and Office and IIS - if
appropriate.
7. Make sure NAV is running daily and getting updates daily or more
frequently.
8. Set NAV to clean all your email and downloads.
9. Clean all other machines before plugging (or allowing) it back onto the
local net.
10. Make sure Windows Critical Update Notification is installed - and pay
attention to it.
11. Reconnect only after all the other machines that are allowed on the
local net are clean.
If BADLY infected:
1. Load the OS (Win2k or WinNT or Win98 (etc)) on a partition that does NOT
have a boot loader on it.
2. OR plug in a new drive (temporarily) in the IDE 0 position and change the
BIOS to reflect the new drive
3. Load a new copy of the OS on this clean partition/drive.
4. Go back on the Internet - avoid the local net if you can.
5. Get IE 5.5 SP2 immediately - Don't go anywhere else but
http://windowsupdate.microsoft.com
6. Reapply the latest Service Packs to the OS.
7. Install NAV
8. Run Norton Anti-Virus with the latest virus update on all drives.
9. Shut it down and boot from the original partition. (If you added a
drive, undo it and reset BIOS)
10. Go back on the Internet - avoid the local net if you can.
11. Get IE 5.5 SP2
12. Reapply the latest Service Packs to the OS.
13. Install NAV
14. Run Norton Anti-Virus with the latest virus update on all drives -
again.
15. Reapply the latest Service Packs to IIS and Office.
16. Make sure NAV is running daily and getting updates daily or more
frequently.
17. Set NAV to clean all your email and downloads.
18. Make sure Windows Critical Update Notification is installed - and pay
attention to it.
19. Reconnect only after all the other machines that are allowed on the
local net are clean.
Good Luck!
Bud James
Rapid Response Team
"Preparing You for Tomorrow"
[EMAIL PROTECTED]
(858) 693-6929 (voice)
(858) 693-6916 (fax)
(310) 283-0806 (cell)
Please visit us online @ http://www.911RRT.com
-----Original Message-----
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
> About every fifteen minutes or so, the .EML files are all back again.
I've heard about this- in fact, just this afternoon. In this case, I
recommended to my customer to "quarantine" the machine (read: remove the
network cable!) and run the NIMDA scanner/fix from the machine locally (you
won't have any other choice) and re-examine the machine when finished. That
solved their problem, but it did take time to do.
Sorry if my fix seems too pedestrian....
-Marc Miller
Sr. Programmer/Analyst
Virtual Systems
207 Kirkland Ave.,
Kirkland, WA 98033
(425) 828-9495
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
