date:20010920

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Keith Nelson


Greg,

Did you download the Call Manger 3.1 OS update? It's under the High
Encryption link on CCO. It installs SP2 and the a bunch of IIS updates
and removes some services for security reasons. You don't need to be
running CM 3.1 to use this update. If you have already installed it then
you can disregard this message.

Keith Nelson
Network Administrator
Orange County School of the Arts
[EMAIL PROTECTED]


-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 5:59 PM
To: NT System Admin Issues
Subject: RE: Cisco Routers vulnerable to Nimda?

Fortunately my CCM and Unity are inward facing and not running external
xml
services. Cisco is way behind in their patches.

Greg


-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 8:38 PM
To: NT System Admin Issues
Subject: Re: Cisco Routers vulnerable to Nimda?


I pulled this from their Code Red Docs:
The following Cisco products are vulnerable because they run affected
versions of Microsoft IIS:

Cisco CallManager
Cisco Unity Server
Cisco uOne
Cisco ICS7750
Cisco Building Broadband Service Manager
IP/VC 3540 Application Server

They have an advisory list that you may want to look into.  I don't have
the
info here, but I will look for it -just remind me offline ;)

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 8:22 PM
Subject: RE: Cisco Routers vulnerable to Nimda?


> The IOS version is 11.295P. Apparently we're a few versions back 
> (12.2?). This is a managed service so now I'll have to find out why it

> hasn't been updated. So I guess my question is; Is our version 
> vulnerable to the code red/nimda worm(s)?
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

>
>
> -Original Message-
> From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 4:14 PM
> To: NT System Admin Issues
> Subject: Re: Cisco Routers vulnerable to Nimda?
>
>
> Yes, the same Cisco vunerabilities to the Code Red Word exist, if you 
> have not updated your router software.  What are you running on the 
> router, IOS version, etc. ?  I wonder if the HP printer vunerability 
> is still there as well...?
>
> -K
> - Original Message -
> From: "Sean Martin" <[EMAIL PROTECTED]>
> To: "NT System Admin Issues" <[EMAIL PROTECTED]>
> Sent: Thursday, September 20, 2001 7:50 PM
> Subject: Cisco Routers vulnerable to Nimda?
>
>
> > Has anyone heard of any Cisco vulnerabilities to the recent Nimda 
> > worm?
> I'm
> > experiencing some weird behavior from my Cisco 1601. The 
> > connectivity
> seems
> > to be going up and down, mainly down. At one point during testing 
> > with
the
> > ISP, they showed the protocol link being down, but everything else 
> > was
> > working(?) I even had our IPsec tunnel established with packets
going
both
> > directions, yet none of the users had connectivity through the 
> > tunnel or
> out
> > to the internet.
> >
> > T1 circuit  Cisco 1601 (E0 interface) - Watchguard 
> > SOHO
> > --- HP Switch
> >
> > I'll get into the complete scenario once I determine whether or not
> there's
> > any factors I haven't ruled out.
> >
> > Regards,
> >
> > Sean Martin, MCSE
> > Network Administrator
> > Ribelin Lowell & Company
> > Insurance Brokers, Inc.
> > 3111 C Street, Suite 300
> > Anchorage, Alaska 99503
> > Ph: (907) 561-1250
> > Fax: (907) 561-4315
> > Cell: (907) 229-0885
> > Email: [EMAIL PROTECTED]
> 
> > DO NOT read, copy or disseminate this communication unless you are 
> > the intended addressee. This e-mail communication contains 
> > confidential
and/or
> > privileged information intended only for the addressee. If you have
> received
> > this communication in error, please call us immediately at (907)
561-1250
> > and ask to speak to the sender of the communication. Also, please 
> > e-mail
> the
> > sender and notify the sender immediately that you have received the 
> > communication in error.
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> DO NOT read, copy or disseminate this communication unless you are the

> intended addressee. This e-mail communication contains confidential 
> and/or privileged information intended only for the addressee. If you 
> have
received
> this communication in error, please call us immediately at (907) 
> 561-1250 and ask to speak to the sender of the communication. Also, 
> please e-mail
the
> sender and notify the sender immediately that you have received the 
> communication in error.
>
> http://www.s

RE: Terminal Services/Citrix bug on a 933/1000Mhz multiproc syste m...?

2001-09-20 Thread Epper, Bruce


Vance,

I was concerned when I saw that just after we begain implementing a 20
machine Citrix server farm.  We have been running like this for
approximately 10 weeks averaging 20-25 users/server and haven't had any
"catastrophic failures" as described.  We are running Dell 2450 machines
with dual 1G processors and 2G of RAM.

Bruce Epper
ASARCO, Inc.
Network Analyst/DBA
520-798-7569

-Original Message-
From: Vance Krier [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 5:10 AM
To: NT System Admin Issues
Subject: Terminal Services/Citrix bug on a 933/1000Mhz multiproc
system...?


Hello all,

I ran across the following article that startled me somewhat. 

http://www.nwfusion.com/news/2001/0604infra.html

It talks about a bug that crashes MSTS and Citrix when run on a
multiprocessor 933 or 1000Mhz system.  I've searched, but I can't find
any other information on this.

Can anyone confirm/deny or point me in the direction of an article from
MS or Citrix or other?

Thanks!
Vance



#
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
For more information please visit www.marshalsoftware.com
#

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: HELP VIRUS ON NT MACHINE?

2001-09-20 Thread Rocky Stefano



A true idiot



-Original Message-
From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
Sent: September 20, 2001 10:58 PM
To: NT System Admin Issues
Subject: Re: HELP VIRUS ON NT MACHINE?



Yeah I cleaned my server up to. I used a redcodecleanup program and then
used norton to do the rest. It runs fine now. THis dam virus even edits all
the html pages in your webserver. WHo made this stupid thing?



- Original Message -
From: "Murray Freeman" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 10:23 AM
Subject: RE: HELP VIRUS ON NT MACHINE?


> HEY, not true, not true. We got hit on 3 servers and were able to cleanse
> manually and never even turned off the servers, nor did it impact our
> regular production.
>
> Murray
>
> -Original Message-
> From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 9:21 AM
> To: NT System Admin Issues
> Subject: RE: HELP VIRUS ON NT MACHINE?
>
>
>
> For those of you that were unfortunately hit with the latest worm. There
is
> usually no recourse but to wipe the machine clean and reload your
software.
> Trend Antivirus has released a cleaner for the virus. Here is the info.
>
> Trend Micro has developed a cleaning tool that will allow you to clean
> systems infected by PE_NIMDA.A. The cleaning tool and instructions, manual
> cleaning instructions, and the latest pattern file can be found on our FTP
> site at:
>
> ftp://us-web\[EMAIL PROTECTED]
>
> Password: tmcustomer
>
> Directory: Premium Customer\tool
>
> Files:
>
> Cleaning tool: FIX_NIMDA.zip
>
> Cleaning tool description and instructions: Readme_nimda.txt
>
> Manual cleaning documentation: How to Clean.txt
>
> Latest pattern file: ptn_942.zip
>
>
>
> -Original Message-
> From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
> Sent: September 19, 2001 5:35 PM
> To: NT System Admin Issues
> Subject: HELP VIRUS ON NT MACHINE?
>
>
>
> This thing is on a machine at work and it writes .eml files all over the
> place in the folders on the hard drive. Is there a way to get rid if this
> virus? What is it? Uninstalling outlook express or email would that do it?
> It ran very sluggish and now is frozen up. HELP
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Bartolini


paper bag?...you were lucky!
- Original Message - 
From: "Ross Wakelin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:31 PM
Subject: RE: Just a hoax ...WORST EVER VIRUS


> Ah Luxury
> 
> In my day we lived in the middle of the road, in an old
> paper bag...
> 
> Nah I won't go down that road today
> 
> --
> Ross Wakelin - Independent Information Technology Consultant
> Tel: +64 (0)3 3433186  Fax: +64 (0)3 3433196
> Cell: +64 (0)21 334380 
> 
> -Original Message-
> From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, 21 September 2001 09:55
> To: NT System Admin Issues
> Subject: RE: Just a hoax ...WORST EVER VIRUS
> 
> 
> Old timers?? :)
> 
> I remember back in my first job when we were running Exchange on an
> abacus. One time one of the little sticks broke and the beads fell out.
> Luckily we had a hot standby abacus. We were using AbicusServ (before it
> was acquired by CA), but it still didn't work worth a damn. We had to
> backup to a Victrola.
> 
> -Original Message-
> From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 2:31 PM
> To: NT System Admin Issues
> Subject: Just a hoax ...WORST EVER VIRUS
> 
> 
> It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
> first newbie to try and help out by posting a hoax that they thought was
> a real virus. Especially since there is a really nasty one running
> around. 
> Be sure to respond to whomever sent this to you and let them know to
> check out viruses on sites such as Symantec, NAI and such before they
> send them to you. Believe me, if a virus is running, this list will know
> about long before any User will and if you stay on this list every day,
> so will you. 
> Diane 
> -Original Message-
> From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 2:07 PM
> To: NT System Admin Issues
> Subject: Re: WORST EVER VIRUS (CNN announced)
> 
> No comment. 
> 
> K.Borndale 
> [EMAIL PROTECTED]  -home email
>  
> - Original Message - From: Sabrina Stolcz
>  To: NT System Admin Issues
>  Sent: Thursday, September
> 20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 
> 
> sorry, I sent it as soon as someone forwarded it.
> 
> -Original Message-
> From: Sabrina Stolcz []
> Sent: Thursday, September 20, 2001 4:18 PM
> To: NT System Admin Issues
> Subject: WORST EVER VIRUS (CNN announced)
> 
> 
> 
> WORST EVER VIRUS (CNN announced) 
> > > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
> LIST!! 
> > > >> A new virus has just been discovered that has
> been classified by 
> > > Microsoft 
> > > >> as the most destructive ever! 
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Exchange 5.5 and Windows CE - Tell me I am wrong...

2001-09-20 Thread Jay Kulsh


Hi folks,

I think if you use POP3 client on Windows CE machines (Tripad and Clio etc.)
to connect to Exchange 5.5, you would have to leave SMTP relay open-to-all
on Exchange server, otherwise users can not send out emails. In other words,
this Exchange server is open to abuse by spammers.


This is so because Windows CE does not have a settings for SMTP
authentication on its POP3 client. It does not even have setting to change
SMTP port# from default 25.

Tell me I am wrong... tell me I am ignorant. Better yet, tell me that there
is a workaround for this. If not, tell me I am right and make me sad...

Jay
__
Jay Kulsh
CCNA, MCSE+I, CCA


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Problem Connecting to Terminal Server

2001-09-20 Thread Bill Higgins


that was one of the first things I tried...

and that didn;t work...


hence the backing out SP2

-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 19:05
To: NT System Admin Issues
Subject: RE: Problem Connecting to Terminal Server


My guess... your win98 client for some reason has a low encryption client.
SP2 forces encryption to 128bit.
Grab a new client off the server with 128bit encryption and volia!!

-Original Message-
From: Bill Higgins [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 1:40 p.m.
To: NT System Admin Issues
Subject: RE: Problem Connecting to Terminal Server


Thanks all for everyone's suggestion...

I downgraded to SP1 and can connect fine now.

The terminal services client for win98 obviously has an issue with W2KSP2

>  -Original Message-
> From: Bill Higgins  
> Sent: Thursday, September 20, 2001 07:52
> To:   '[EMAIL PROTECTED]'
> Subject:  Problem Connecting to Terminal Server
> 
> Server1: W2K Advanced Server, SP2, running Terminal Server in remote
> administration mode
> Server2: W2K Advanced Server, SP1, running Terminal Server in remote
> administration mode
> 
> Client1: Win98
> Client2: W2K Advanced Server, SP1
> Client3: W2K Pro
> 
> Client2 and Client3 can connect to Server1 and Server2 with no problems.
> Client1 can connect to Server2 with no problem
> Client1 cannot connect to Server1, get "the terminal server has ended the
> connection" dialog box before a login box.
> 
> I have checked Technet and it is not:
> http://support.microsoft.com/support/kb/articles/Q237/7/92.ASP?LN=EN-US&SD
> =gn&FR=0&qry=%26quot%3Bthe%20terminal%20server%20has%20ended%20the%20conne
> ction%26quot%3B&rnk=11&src=DHCS_MSPSS_gn_SRCH&SPR=MSALL (running in admin
> mode, not app mode)
> 
> Any suggestions?
> 
> Bill Higgins
> Lead NT Systems Engineer
> (415) 402-3444 office
> (415) 720-7053 cell
> [EMAIL PROTECTED]
> 
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: HELP VIRUS ON NT MACHINE?

2001-09-20 Thread Dean Cunningham


look at using search and replace from www.funduc.com for your HTML files

should be able to strip the code using that

cheers
deanc


-Original Message-
From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 2:58 p.m.
To: NT System Admin Issues
Subject: Re: HELP VIRUS ON NT MACHINE?


Yeah I cleaned my server up to. I used a redcodecleanup program and then
used norton to do the rest. It runs fine now. THis dam virus even edits all
the html pages in your webserver. WHo made this stupid thing?



- Original Message -
From: "Murray Freeman" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 10:23 AM
Subject: RE: HELP VIRUS ON NT MACHINE?


> HEY, not true, not true. We got hit on 3 servers and were able to cleanse
> manually and never even turned off the servers, nor did it impact our
> regular production.
>
> Murray
>
> -Original Message-
> From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 9:21 AM
> To: NT System Admin Issues
> Subject: RE: HELP VIRUS ON NT MACHINE?
>
>
>
> For those of you that were unfortunately hit with the latest worm. There
is
> usually no recourse but to wipe the machine clean and reload your
software.
> Trend Antivirus has released a cleaner for the virus. Here is the info.
>
> Trend Micro has developed a cleaning tool that will allow you to clean
> systems infected by PE_NIMDA.A. The cleaning tool and instructions, manual
> cleaning instructions, and the latest pattern file can be found on our FTP
> site at:
>
> ftp://us-web\[EMAIL PROTECTED]
>
> Password: tmcustomer
>
> Directory: Premium Customer\tool
>
> Files:
>
> Cleaning tool: FIX_NIMDA.zip
>
> Cleaning tool description and instructions: Readme_nimda.txt
>
> Manual cleaning documentation: How to Clean.txt
>
> Latest pattern file: ptn_942.zip
>
>
>
> -Original Message-
> From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
> Sent: September 19, 2001 5:35 PM
> To: NT System Admin Issues
> Subject: HELP VIRUS ON NT MACHINE?
>
>
>
> This thing is on a machine at work and it writes .eml files all over the
> place in the folders on the hard drive. Is there a way to get rid if this
> virus? What is it? Uninstalling outlook express or email would that do it?
> It ran very sluggish and now is frozen up. HELP
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: HELP VIRUS ON NT MACHINE?

2001-09-20 Thread Tiffany Belcher


Yeah I cleaned my server up to. I used a redcodecleanup program and then
used norton to do the rest. It runs fine now. THis dam virus even edits all
the html pages in your webserver. WHo made this stupid thing?



- Original Message -
From: "Murray Freeman" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 10:23 AM
Subject: RE: HELP VIRUS ON NT MACHINE?


> HEY, not true, not true. We got hit on 3 servers and were able to cleanse
> manually and never even turned off the servers, nor did it impact our
> regular production.
>
> Murray
>
> -Original Message-
> From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 9:21 AM
> To: NT System Admin Issues
> Subject: RE: HELP VIRUS ON NT MACHINE?
>
>
>
> For those of you that were unfortunately hit with the latest worm. There
is
> usually no recourse but to wipe the machine clean and reload your
software.
> Trend Antivirus has released a cleaner for the virus. Here is the info.
>
> Trend Micro has developed a cleaning tool that will allow you to clean
> systems infected by PE_NIMDA.A. The cleaning tool and instructions, manual
> cleaning instructions, and the latest pattern file can be found on our FTP
> site at:
>
> ftp://us-web\[EMAIL PROTECTED]
>
> Password: tmcustomer
>
> Directory: Premium Customer\tool
>
> Files:
>
> Cleaning tool: FIX_NIMDA.zip
>
> Cleaning tool description and instructions: Readme_nimda.txt
>
> Manual cleaning documentation: How to Clean.txt
>
> Latest pattern file: ptn_942.zip
>
>
>
> -Original Message-
> From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
> Sent: September 19, 2001 5:35 PM
> To: NT System Admin Issues
> Subject: HELP VIRUS ON NT MACHINE?
>
>
>
> This thing is on a machine at work and it writes .eml files all over the
> place in the folders on the hard drive. Is there a way to get rid if this
> virus? What is it? Uninstalling outlook express or email would that do it?
> It ran very sluggish and now is frozen up. HELP
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Problem Connecting to Terminal Server

2001-09-20 Thread Dean Cunningham


My guess... your win98 client for some reason has a low encryption client.
SP2 forces encryption to 128bit.
Grab a new client off the server with 128bit encryption and volia!!

-Original Message-
From: Bill Higgins [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 1:40 p.m.
To: NT System Admin Issues
Subject: RE: Problem Connecting to Terminal Server


Thanks all for everyone's suggestion...

I downgraded to SP1 and can connect fine now.

The terminal services client for win98 obviously has an issue with W2KSP2

>  -Original Message-
> From: Bill Higgins  
> Sent: Thursday, September 20, 2001 07:52
> To:   '[EMAIL PROTECTED]'
> Subject:  Problem Connecting to Terminal Server
> 
> Server1: W2K Advanced Server, SP2, running Terminal Server in remote
> administration mode
> Server2: W2K Advanced Server, SP1, running Terminal Server in remote
> administration mode
> 
> Client1: Win98
> Client2: W2K Advanced Server, SP1
> Client3: W2K Pro
> 
> Client2 and Client3 can connect to Server1 and Server2 with no problems.
> Client1 can connect to Server2 with no problem
> Client1 cannot connect to Server1, get "the terminal server has ended the
> connection" dialog box before a login box.
> 
> I have checked Technet and it is not:
> http://support.microsoft.com/support/kb/articles/Q237/7/92.ASP?LN=EN-US&SD
> =gn&FR=0&qry=%26quot%3Bthe%20terminal%20server%20has%20ended%20the%20conne
> ction%26quot%3B&rnk=11&src=DHCS_MSPSS_gn_SRCH&SPR=MSALL (running in admin
> mode, not app mode)
> 
> Any suggestions?
> 
> Bill Higgins
> Lead NT Systems Engineer
> (415) 402-3444 office
> (415) 720-7053 cell
> [EMAIL PROTECTED]
> 
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Problem Connecting to Terminal Server

2001-09-20 Thread Bill Higgins


Thanks all for everyone's suggestion...

I downgraded to SP1 and can connect fine now.

The terminal services client for win98 obviously has an issue with W2KSP2

>  -Original Message-
> From: Bill Higgins  
> Sent: Thursday, September 20, 2001 07:52
> To:   '[EMAIL PROTECTED]'
> Subject:  Problem Connecting to Terminal Server
> 
> Server1: W2K Advanced Server, SP2, running Terminal Server in remote
> administration mode
> Server2: W2K Advanced Server, SP1, running Terminal Server in remote
> administration mode
> 
> Client1: Win98
> Client2: W2K Advanced Server, SP1
> Client3: W2K Pro
> 
> Client2 and Client3 can connect to Server1 and Server2 with no problems.
> Client1 can connect to Server2 with no problem
> Client1 cannot connect to Server1, get "the terminal server has ended the
> connection" dialog box before a login box.
> 
> I have checked Technet and it is not:
> http://support.microsoft.com/support/kb/articles/Q237/7/92.ASP?LN=EN-US&SD
> =gn&FR=0&qry=%26quot%3Bthe%20terminal%20server%20has%20ended%20the%20conne
> ction%26quot%3B&rnk=11&src=DHCS_MSPSS_gn_SRCH&SPR=MSALL (running in admin
> mode, not app mode)
> 
> Any suggestions?
> 
> Bill Higgins
> Lead NT Systems Engineer
> (415) 402-3444 office
> (415) 720-7053 cell
> [EMAIL PROTECTED]
> 
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Rocky Stefano

Its called selective reading

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: September 20, 2001 6:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Greg Page


Fortunately my CCM and Unity are inward facing and not running external xml
services. Cisco is way behind in their patches.

Greg


-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 8:38 PM
To: NT System Admin Issues
Subject: Re: Cisco Routers vulnerable to Nimda?


I pulled this from their Code Red Docs:
The following Cisco products are vulnerable because they run affected
versions of Microsoft IIS:

Cisco CallManager
Cisco Unity Server
Cisco uOne
Cisco ICS7750
Cisco Building Broadband Service Manager
IP/VC 3540 Application Server

They have an advisory list that you may want to look into.  I don't have the
info here, but I will look for it -just remind me offline ;)

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 8:22 PM
Subject: RE: Cisco Routers vulnerable to Nimda?


> The IOS version is 11.295P. Apparently we're a few versions back 
> (12.2?). This is a managed service so now I'll have to find out why it 
> hasn't been updated. So I guess my question is; Is our version 
> vulnerable to the code red/nimda worm(s)?
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

>
>
> -Original Message-
> From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 4:14 PM
> To: NT System Admin Issues
> Subject: Re: Cisco Routers vulnerable to Nimda?
>
>
> Yes, the same Cisco vunerabilities to the Code Red Word exist, if you 
> have not updated your router software.  What are you running on the 
> router, IOS version, etc. ?  I wonder if the HP printer vunerability 
> is still there as well...?
>
> -K
> - Original Message -
> From: "Sean Martin" <[EMAIL PROTECTED]>
> To: "NT System Admin Issues" <[EMAIL PROTECTED]>
> Sent: Thursday, September 20, 2001 7:50 PM
> Subject: Cisco Routers vulnerable to Nimda?
>
>
> > Has anyone heard of any Cisco vulnerabilities to the recent Nimda 
> > worm?
> I'm
> > experiencing some weird behavior from my Cisco 1601. The 
> > connectivity
> seems
> > to be going up and down, mainly down. At one point during testing 
> > with
the
> > ISP, they showed the protocol link being down, but everything else 
> > was
> > working(?) I even had our IPsec tunnel established with packets going
both
> > directions, yet none of the users had connectivity through the 
> > tunnel or
> out
> > to the internet.
> >
> > T1 circuit  Cisco 1601 (E0 interface) - Watchguard 
> > SOHO
> > --- HP Switch
> >
> > I'll get into the complete scenario once I determine whether or not
> there's
> > any factors I haven't ruled out.
> >
> > Regards,
> >
> > Sean Martin, MCSE
> > Network Administrator
> > Ribelin Lowell & Company
> > Insurance Brokers, Inc.
> > 3111 C Street, Suite 300
> > Anchorage, Alaska 99503
> > Ph: (907) 561-1250
> > Fax: (907) 561-4315
> > Cell: (907) 229-0885
> > Email: [EMAIL PROTECTED]
> 
> > DO NOT read, copy or disseminate this communication unless you are 
> > the intended addressee. This e-mail communication contains 
> > confidential
and/or
> > privileged information intended only for the addressee. If you have
> received
> > this communication in error, please call us immediately at (907)
561-1250
> > and ask to speak to the sender of the communication. Also, please 
> > e-mail
> the
> > sender and notify the sender immediately that you have received the 
> > communication in error.
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> DO NOT read, copy or disseminate this communication unless you are the 
> intended addressee. This e-mail communication contains confidential 
> and/or privileged information intended only for the addressee. If you 
> have
received
> this communication in error, please call us immediately at (907) 
> 561-1250 and ask to speak to the sender of the communication. Also, 
> please e-mail
the
> sender and notify the sender immediately that you have received the 
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Kelly Borndale


I pulled this from their Code Red Docs:
The following Cisco products are vulnerable because they run affected
versions of Microsoft IIS:

Cisco CallManager
Cisco Unity Server
Cisco uOne
Cisco ICS7750
Cisco Building Broadband Service Manager
IP/VC 3540 Application Server

They have an advisory list that you may want to look into.  I don't have the
info here, but I will look for it -just remind me offline ;)

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 8:22 PM
Subject: RE: Cisco Routers vulnerable to Nimda?


> The IOS version is 11.295P. Apparently we're a few versions back (12.2?).
> This is a managed service so now I'll have to find out why it hasn't been
> updated. So I guess my question is; Is our version vulnerable to the code
> red/nimda worm(s)?
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

>
>
> -Original Message-
> From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 4:14 PM
> To: NT System Admin Issues
> Subject: Re: Cisco Routers vulnerable to Nimda?
>
>
> Yes, the same Cisco vunerabilities to the Code Red Word exist, if you have
> not updated your router software.  What are you running on the router, IOS
> version, etc. ?  I wonder if the HP printer vunerability is still there as
> well...?
>
> -K
> - Original Message -
> From: "Sean Martin" <[EMAIL PROTECTED]>
> To: "NT System Admin Issues" <[EMAIL PROTECTED]>
> Sent: Thursday, September 20, 2001 7:50 PM
> Subject: Cisco Routers vulnerable to Nimda?
>
>
> > Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm?
> I'm
> > experiencing some weird behavior from my Cisco 1601. The connectivity
> seems
> > to be going up and down, mainly down. At one point during testing with
the
> > ISP, they showed the protocol link being down, but everything else was
> > working(?) I even had our IPsec tunnel established with packets going
both
> > directions, yet none of the users had connectivity through the tunnel or
> out
> > to the internet.
> >
> > T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> > --- HP Switch
> >
> > I'll get into the complete scenario once I determine whether or not
> there's
> > any factors I haven't ruled out.
> >
> > Regards,
> >
> > Sean Martin, MCSE
> > Network Administrator
> > Ribelin Lowell & Company
> > Insurance Brokers, Inc.
> > 3111 C Street, Suite 300
> > Anchorage, Alaska 99503
> > Ph: (907) 561-1250
> > Fax: (907) 561-4315
> > Cell: (907) 229-0885
> > Email: [EMAIL PROTECTED]
> 
> > DO NOT read, copy or disseminate this communication unless you are the
> > intended addressee. This e-mail communication contains confidential
and/or
> > privileged information intended only for the addressee. If you have
> received
> > this communication in error, please call us immediately at (907)
561-1250
> > and ask to speak to the sender of the communication. Also, please e-mail
> the
> > sender and notify the sender immediately that you have received the
> > communication in error.
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Dean Cunningham


http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml

Bear in mind that Nimda also uses the directory transversal, so it is
possible that is causing your problem rahter than code red


-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 12:22 p.m.
To: NT System Admin Issues
Subject: RE: Cisco Routers vulnerable to Nimda?


The IOS version is 11.295P. Apparently we're a few versions back (12.2?).
This is a managed service so now I'll have to find out why it hasn't been
updated. So I guess my question is; Is our version vulnerable to the code
red/nimda worm(s)?

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  


-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:14 PM
To: NT System Admin Issues
Subject: Re: Cisco Routers vulnerable to Nimda?


Yes, the same Cisco vunerabilities to the Code Red Word exist, if you have
not updated your router software.  What are you running on the router, IOS
version, etc. ?  I wonder if the HP printer vunerability is still there as
well...?

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 7:50 PM
Subject: Cisco Routers vulnerable to Nimda?


> Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm?
I'm
> experiencing some weird behavior from my Cisco 1601. The connectivity
seems
> to be going up and down, mainly down. At one point during testing with the
> ISP, they showed the protocol link being down, but everything else was
> working(?) I even had our IPsec tunnel established with packets going both
> directions, yet none of the users had connectivity through the tunnel or
out
> to the internet.
>
> T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> --- HP Switch
>
> I'll get into the complete scenario once I determine whether or not
there's
> any factors I haven't ruled out.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Sean Martin


The IOS version is 11.295P. Apparently we're a few versions back (12.2?).
This is a managed service so now I'll have to find out why it hasn't been
updated. So I guess my question is; Is our version vulnerable to the code
red/nimda worm(s)?

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  


-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:14 PM
To: NT System Admin Issues
Subject: Re: Cisco Routers vulnerable to Nimda?


Yes, the same Cisco vunerabilities to the Code Red Word exist, if you have
not updated your router software.  What are you running on the router, IOS
version, etc. ?  I wonder if the HP printer vunerability is still there as
well...?

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 7:50 PM
Subject: Cisco Routers vulnerable to Nimda?


> Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm?
I'm
> experiencing some weird behavior from my Cisco 1601. The connectivity
seems
> to be going up and down, mainly down. At one point during testing with the
> ISP, they showed the protocol link being down, but everything else was
> working(?) I even had our IPsec tunnel established with packets going both
> directions, yet none of the users had connectivity through the tunnel or
out
> to the internet.
>
> T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> --- HP Switch
>
> I'll get into the complete scenario once I determine whether or not
there's
> any factors I haven't ruled out.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: email to replace fax?

2001-09-20 Thread Ben Schorr

Title: RE: email to replace fax?





Outlook lets you create distribution lists - groups of users that you can message easily.  There are a lot of ways you can accomplish that with Outlook, by the way, though distribution lists are probably the easiest.

Aloha,


-Ben-
Ben M. Schorr, MVP-Outlook, CNA, MCPx3
Director of Information Services
Damon Key Leong Kupchak Hastert
http://www.hawaiilawyer.com



> -Original Message-
> From: Thomas Smith [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 1:40 PM
> To: NT System Admin Issues
> Subject: RE: email to replace fax?
> 
> 
> At 05:17 PM 9/7/01 -0400, you wrote:
> >Thomas,
> >
> >I'm not sure I understand what you're looking for.  Are you 
> considering 
> >some type of faxserver software that interfaces with your e-mail 
> >client?
> 
> No...I don't think so.  What I'm doing now via fax, I'd LIKE 
> to do via 
> email INSTEAD (I think).  But where my fax software allows me 
> to "group" 
> recipients (and put them into multiple groups if necessary), 
> it doesn't 
> appear that either of the two email clients I've seen (Eudora 
> and Outlook), 
> can let me organize recipients the same way.
> 
> Are there any email programs/clients that DO allow grouping 
> of recipients, 
> as I do now with my fax software?
> 
> THIS is what I'm asking.  :)  I don't where else to ask, or 
> how else to ask.
> 
> Thanks.
> 
> >If so,
> >there are several products that allow you to use your 
> Outlook/Exchange 
> >contact list.  Most have been discussed in this group previously.
> >
> >
> >Roger Wright
> >Southern Commerce Bank
> >___
> >
> >Procrastination:  The art of keeping up with yesterday.
> >
> >
> >-Original Message-
> >From: thomas smith [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, September 07, 2001 5:12 PM
> >To: NT System Admin Issues
> >Subject: email to replace fax?
> >
> >
> >I currently do my own price requests for equipment.  
> (Purchasing does 
> >everything EXCEPT computer gear.)  I use WinFax Pro.  I have 
> a database 
> >of recipients, organized into groups, based on 
> >hardware/software/whatever for which I require pricing.  
> Using WinFax 
> >Pro requires that I use my modem.  This is currently NOT a problem.
> >
> >But I HAVE been thinking...  Perhaps I could accomplish the 
> same thing 
> >via email.  I personally don't use Outlook...yet.  I'm still using 
> >Eudora.  But from what I've seen, it doesn't APPEAR that either is 
> >particularly conducive to creating groups to accomplish the 
> same thing.
> >
> >So I've been wondering...  Assuming I'm correct about neither being 
> >particularly suited to doing what I'm wanting to do, does 
> anyone know 
> >of some kind of email "app" that would allow this?  (I know 
> that WinFax 
> >Pro can interface to email.  And I tried it...once.  It 
> >sucks...assuming I was using it as designed...which I think I was.)  
> >Other than my Eudora client, Outlook or Exchange Server, I 
> am ignorant 
> >of email package(s) for ANYTHING.
> >
> >Thanks in advance, you help is appreciated. :)
> >
> >-
> >Thomas Smith
> >IT Supervisor, AKA: Systems Administrator,
> >Network Administrator, Database Administrator,
> >Security Administrator, Email Administrator, Telecommunications 
> >Administrator, Webmaster Henry Co Water and Sewerage Authority
> >770.957.6659 (v)   /   770.898.8416 (f)
> >[EMAIL PROTECTED]
> >
> >
> >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
> >
> >___
> >NOTICE:  The information contained in this electronic message is 
> >considered privileged and confidential under Florida 
> Statutes 455.251 
> >and 3905.017.  It is intended solely for the use of the 
> recipient named 
> >above.  If the reader is not the recipient named above, you 
> are hereby 
> >notified that any dissemination, distribution, copying or 
> disclosure of 
> >the contents of this message is prohibited. If you have 
> received this 
> >e-mail message in error, please immediately notify the sender and 
> >destroy the original message.
> >
> >
> >
> >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Kelly Borndale


Yes, the same Cisco vunerabilities to the Code Red Word exist, if you have
not updated your router software.  What are you running on the router, IOS
version, etc. ?  I wonder if the HP printer vunerability is still there as
well...?

-K
- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 7:50 PM
Subject: Cisco Routers vulnerable to Nimda?


> Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm?
I'm
> experiencing some weird behavior from my Cisco 1601. The connectivity
seems
> to be going up and down, mainly down. At one point during testing with the
> ISP, they showed the protocol link being down, but everything else was
> working(?) I even had our IPsec tunnel established with packets going both
> directions, yet none of the users had connectivity through the tunnel or
out
> to the internet.
>
> T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> --- HP Switch
>
> I'll get into the complete scenario once I determine whether or not
there's
> any factors I haven't ruled out.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Sean Martin


Thanks for the information Adrian, but it doesn't cover the 1600 Series.

Our ISP is blaming Circuit problems which a different provider handles. That
provider told our ISP that the circuits were checked onsite, when in fact
they hadn't. 

This political BS is starting to get to me.

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  


-Original Message-
From: Adrian Cooper [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:04 PM
To: NT System Admin Issues
Subject: Re: Cisco Routers vulnerable to Nimda?



- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 12:50 AM

I don't know whether Cisco routers can be affected as with code red, but
Cisco
have released information about how you can use your router as a defense:

http://www.cisco.com/warp/public/63/nimda.shtml

Adrian Cooper.



> Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm?
I'm
> experiencing some weird behavior from my Cisco 1601. The connectivity
seems
> to be going up and down, mainly down. At one point during testing with the
> ISP, they showed the protocol link being down, but everything else was
> working(?) I even had our IPsec tunnel established with packets going both
> directions, yet none of the users had connectivity through the tunnel or
out
> to the internet.
>
> T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> --- HP Switch
>
> I'll get into the complete scenario once I determine whether or not
there's
> any factors I haven't ruled out.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED]

> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have
received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail
the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Adrian Cooper



- Original Message -
From: "Sean Martin" <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 12:50 AM

I don't know whether Cisco routers can be affected as with code red, but Cisco
have released information about how you can use your router as a defense:

http://www.cisco.com/warp/public/63/nimda.shtml

Adrian Cooper.



> Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm? I'm
> experiencing some weird behavior from my Cisco 1601. The connectivity seems
> to be going up and down, mainly down. At one point during testing with the
> ISP, they showed the protocol link being down, but everything else was
> working(?) I even had our IPsec tunnel established with packets going both
> directions, yet none of the users had connectivity through the tunnel or out
> to the internet.
>
> T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
> --- HP Switch
>
> I'll get into the complete scenario once I determine whether or not there's
> any factors I haven't ruled out.
>
> Regards,
>
> Sean Martin, MCSE
> Network Administrator
> Ribelin Lowell & Company
> Insurance Brokers, Inc.
> 3111 C Street, Suite 300
> Anchorage, Alaska 99503
> Ph: (907) 561-1250
> Fax: (907) 561-4315
> Cell: (907) 229-0885
> Email: [EMAIL PROTECTED] 
> DO NOT read, copy or disseminate this communication unless you are the
> intended addressee. This e-mail communication contains confidential and/or
> privileged information intended only for the addressee. If you have received
> this communication in error, please call us immediately at (907) 561-1250
> and ask to speak to the sender of the communication. Also, please e-mail the
> sender and notify the sender immediately that you have received the
> communication in error.
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Well, this is reassuring...

2001-09-20 Thread Dean Cunningham



http://www.m-w.com/cgi-bin/dictionary
Main Entry: sod off
Function: intransitive verb
Etymology: sod
Date: 1960
British : SCRAM -- usually used as a command 

-Original Message-
From: Clayton [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:47 a.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Sod off? Stu...

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 4:34 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...

Yeah it does matter. The message you got from SANS does not appear to
come
from this list. There is *no* message like that in my exchange public
folder
that is subscribed to the list. It has not been intercepted at my AV
mail
gateway.

This means 1 of 2 things

1) I can't read a public folder.
2) You don't actually know where the message you got came from.

I tend to go with 2) (funnily enough) and considering your knee-jerk
reaction to act like chicken little without proper checking of the
facts,
means the some of the 2000+ sys admins of this list may well of wasted
time
, just like I have , checking for a file that was supposed to of entered
their mail servers that was infected and never detected by their AV
product.

So before you waste our time again, sod off, do some research and get
your
facts right, don't waste our time.

Oh and congratulations you have made my killfile, no doubt I have made
yours
:-)


-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 2:25 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Does it matter? I was fairly busy between the readme.txt and the
W32.Nimda
to not worry about the specifics. If it came from SANS, that's where it
came
from. I'm sorry if that offends you but what can I do? Actually, since I
got
it off this list, why don't you analyze it and tell us what you find.

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 10:01 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


So you actually looked at the smtp source and saw that it actually had
the
attachment in the email and not just a fragment?

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 1:55 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


It's not a rumor, it's what happened. That this e-mail got to one of
their
people and propagated is disturbing. Antigen caught it at my GW and
didn't
send it anywhere. What's there excuse?

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 9:19 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Careful before spreading such a rumor, the detecters may well be
oversensiitve at this point. McAffee did the same to me *because* a guy
had
posted to the mailing lust and email containing  a portion of the
javascript. I would suggest considering the source of teh messaging
being
blocked, that it is like they the message was benign and they too had a
portion of code in it that set the alarm bells off.
 
regards
Dean

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 12:49 p.m.
To: NT System Admin Issues
Subject: Well, this is reassuring...



Antigen for Exchange found readme.exe infected with JScript/Nimda.A.Worm
(CA(InoculateIT)) worm. The message is currently Purged.  The message,
"SANS
NewsBites Vol. 3 Num. 38", was sent from The SANS Institute  and was
discovered in IMC Queues\Inbound located at
ORGANIZATION/SITE-1/ALEXAPP001.



Greg 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
**

RE: Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Diane Beckham

I have a 1605 that hasn't hiccupped.  

-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:51 PM
To: NT System Admin Issues
Subject: Cisco Routers vulnerable to Nimda?

Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm? I'm
experiencing some weird behavior from my Cisco 1601. The connectivity seems
to be going up and down, mainly down. At one point during testing with the
ISP, they showed the protocol link being down, but everything else was
working(?) I even had our IPsec tunnel established with packets going both
directions, yet none of the users had connectivity through the tunnel or out
to the internet.

T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
--- HP Switch

I'll get into the complete scenario once I determine whether or not there's
any factors I haven't ruled out.

Regards,

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Cisco Routers vulnerable to Nimda?

2001-09-20 Thread Sean Martin


Has anyone heard of any Cisco vulnerabilities to the recent Nimda worm? I'm
experiencing some weird behavior from my Cisco 1601. The connectivity seems
to be going up and down, mainly down. At one point during testing with the
ISP, they showed the protocol link being down, but everything else was
working(?) I even had our IPsec tunnel established with packets going both
directions, yet none of the users had connectivity through the tunnel or out
to the internet.

T1 circuit  Cisco 1601 (E0 interface) - Watchguard SOHO
--- HP Switch

I'll get into the complete scenario once I determine whether or not there's
any factors I haven't ruled out.

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: email to replace fax?

2001-09-20 Thread Malcolm Reitz


Outlook will let you create "Distribution Lists", which sounds like what you
are looking for. Individual recipients can be members of multiple
distribution lists.

Malcolm
 


-Original Message-
From: Thomas Smith [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 6:40 PM
To: NT System Admin Issues
Subject: RE: email to replace fax?


At 05:17 PM 9/7/01 -0400, you wrote:
>Thomas,
>
>I'm not sure I understand what you're looking for.  Are you considering 
>some type of faxserver software that interfaces with your e-mail 
>client?

No...I don't think so.  What I'm doing now via fax, I'd LIKE to do via 
email INSTEAD (I think).  But where my fax software allows me to "group" 
recipients (and put them into multiple groups if necessary), it doesn't 
appear that either of the two email clients I've seen (Eudora and Outlook), 
can let me organize recipients the same way.

Are there any email programs/clients that DO allow grouping of recipients, 
as I do now with my fax software?

THIS is what I'm asking.  :)  I don't where else to ask, or how else to ask.

Thanks.

>If so,
>there are several products that allow you to use your Outlook/Exchange 
>contact list.  Most have been discussed in this group previously.
>
>
>Roger Wright
>Southern Commerce Bank
>___
>
>Procrastination:  The art of keeping up with yesterday.
>
>
>-Original Message-
>From: thomas smith [mailto:[EMAIL PROTECTED]]
>Sent: Friday, September 07, 2001 5:12 PM
>To: NT System Admin Issues
>Subject: email to replace fax?
>
>
>I currently do my own price requests for equipment.  (Purchasing does 
>everything EXCEPT computer gear.)  I use WinFax Pro.  I have a database 
>of recipients, organized into groups, based on 
>hardware/software/whatever for which I require pricing.  Using WinFax 
>Pro requires that I use my modem.  This is currently NOT a problem.
>
>But I HAVE been thinking...  Perhaps I could accomplish the same thing 
>via email.  I personally don't use Outlook...yet.  I'm still using 
>Eudora.  But from what I've seen, it doesn't APPEAR that either is 
>particularly conducive to creating groups to accomplish the same thing.
>
>So I've been wondering...  Assuming I'm correct about neither being 
>particularly suited to doing what I'm wanting to do, does anyone know 
>of some kind of email "app" that would allow this?  (I know that WinFax 
>Pro can interface to email.  And I tried it...once.  It 
>sucks...assuming I was using it as designed...which I think I was.)  
>Other than my Eudora client, Outlook or Exchange Server, I am ignorant 
>of email package(s) for ANYTHING.
>
>Thanks in advance, you help is appreciated. :)
>
>-
>Thomas Smith
>IT Supervisor, AKA: Systems Administrator,
>Network Administrator, Database Administrator,
>Security Administrator, Email Administrator, Telecommunications 
>Administrator, Webmaster Henry Co Water and Sewerage Authority
>770.957.6659 (v)   /   770.898.8416 (f)
>[EMAIL PROTECTED]
>
>
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
>
>___
>NOTICE:  The information contained in this electronic message is 
>considered privileged and confidential under Florida Statutes 455.251 
>and 3905.017.  It is intended solely for the use of the recipient named 
>above.  If the reader is not the recipient named above, you are hereby 
>notified that any dissemination, distribution, copying or disclosure of 
>the contents of this message is prohibited. If you have received this 
>e-mail message in error, please immediately notify the sender and 
>destroy the original message.
>
>
>
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: email to replace fax?

2001-09-20 Thread Thomas Smith


At 05:17 PM 9/7/01 -0400, you wrote:
>Thomas,
>
>I'm not sure I understand what you're looking for.  Are you considering some
>type of faxserver software that interfaces with your e-mail client?

No...I don't think so.  What I'm doing now via fax, I'd LIKE to do via 
email INSTEAD (I think).  But where my fax software allows me to "group" 
recipients (and put them into multiple groups if necessary), it doesn't 
appear that either of the two email clients I've seen (Eudora and Outlook), 
can let me organize recipients the same way.

Are there any email programs/clients that DO allow grouping of recipients, 
as I do now with my fax software?

THIS is what I'm asking.  :)  I don't where else to ask, or how else to ask.

Thanks.

>If so,
>there are several products that allow you to use your Outlook/Exchange
>contact list.  Most have been discussed in this group previously.
>
>
>Roger Wright
>Southern Commerce Bank
>___
>
>Procrastination:  The art of keeping up with yesterday.
>
>
>-Original Message-
>From: thomas smith [mailto:[EMAIL PROTECTED]]
>Sent: Friday, September 07, 2001 5:12 PM
>To: NT System Admin Issues
>Subject: email to replace fax?
>
>
>I currently do my own price requests for equipment.  (Purchasing does
>everything EXCEPT computer gear.)  I use WinFax Pro.  I have a database of
>recipients, organized into groups, based on hardware/software/whatever for
>which I require pricing.  Using WinFax Pro requires that I use my
>modem.  This is currently NOT a problem.
>
>But I HAVE been thinking...  Perhaps I could accomplish the same thing via
>email.  I personally don't use Outlook...yet.  I'm still using Eudora.  But
>from what I've seen, it doesn't APPEAR that either is particularly
>conducive to creating groups to accomplish the same thing.
>
>So I've been wondering...  Assuming I'm correct about neither being
>particularly suited to doing what I'm wanting to do, does anyone know of
>some kind of email "app" that would allow this?  (I know that WinFax Pro
>can interface to email.  And I tried it...once.  It sucks...assuming I was
>using it as designed...which I think I was.)  Other than my Eudora client,
>Outlook or Exchange Server, I am ignorant of email package(s) for ANYTHING.
>
>Thanks in advance, you help is appreciated. :)
>
>-
>Thomas Smith
>IT Supervisor, AKA: Systems Administrator,
>Network Administrator, Database Administrator,
>Security Administrator, Email Administrator,
>Telecommunications Administrator, Webmaster
>Henry Co Water and Sewerage Authority
>770.957.6659 (v)   /   770.898.8416 (f)
>[EMAIL PROTECTED]
>
>
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
>
>___
>NOTICE:  The information contained in this electronic message is considered
>privileged and confidential under Florida Statutes 455.251 and 3905.017.  It
>is intended solely for the use of the recipient named above.  If the reader
>is not the recipient named above, you are hereby notified that any
>dissemination, distribution, copying or disclosure of the contents of this
>message is prohibited. If you have received this e-mail message in error,
>please immediately notify the sender and destroy the original message.
>
>
>
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Repost: Spam to non-existent e-mail address-PLEASE HELP

2001-09-20 Thread Dean Cunningham


People are probably spoofing the reply to address ([EMAIL PROTECTED],
[EMAIL PROTECTED]) and sending SPAM  out by their SMTP server , which is
configured to relay.

When the message bounces from the recipient , it is sent back to your SMTP
server.

For those people that are complaining , get them to send the full SMTP
headers of the message they got from [EMAIL PROTECTED] or whatever)and you will
then be able to trace where the message came from.

Feel free to contact me offline with the full mail headers from a
complainant and I'll see if I can figure out what is happening.

regards
Dean

-Original Message-
From: Steve Jacobson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 1:31 p.m.
To: NT System Admin Issues
Subject: Repost: Spam to non-existent e-mail address-PLEASE HELP


Please help!

I administer the e-mail server (Exchange 5.5) for my small consulting
company (DJI). I am getting lots of spam mail addressed to non-existent
e-mail addresses. These addresses have never been used. Some seem to be
valid
addresses ([EMAIL PROTECTED], or [EMAIL PROTECTED]), while others seem to be made up
from some random character generator ([EMAIL PROTECTED], [EMAIL PROTECTED]).

I get about 30-50 of these messages per day. Naturally, they are bounced by
the server, and I route them to the Administrator mailbox. Some of the
bounce messages back to the sender also get bounced (mainly due to invalid
addresses).

I am now getting e-mail from someone telling me (actually they are sending
it to one of the invalid e-mail addresses) not to spam them anymore.  I have
spam relaying turned off in Exchange.

Do any of you folks have this problem, and if so, what do you do about it?
I am desperate, and am considering disabling the dji.com MX record in the
dns (for a week) so that (hopefully) this spam will be stopped at the
source.

This is causing me quite a problem.

Steve Jacobson
[EMAIL PROTECTED]
[EMAIL PROTECTED] (for this list)




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Disk Usage

2001-09-20 Thread MJohnston


If you have security auditing turned on, that would cause the drives to be active.  We 
got one of our servers back from AT&T and I thought we might have some type of disk 
problem because the drives were cranking all the time.  Tuned out that they had 
security auditing turned on for EVERYTHING.  I turned it off and the drives returned 
to normal activity.

-Original Message-
From: Michael Brubaker [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:52 PM
To: NT System Admin Issues
Subject: Disk Usage


Does anyone have any tools that will allow me to see which applications
are using the harddrives on my server? The server should be idle and the
hardrives are chugging away. Help
 


Michael Brubaker
Vice President Tel: (321) 631-8073 Fax: (321) 632-8769 [EMAIL PROTECTED]
  
  IICwww.iictel.com 


International InterConnect
297 Barnes Blvd.
Rockledge, FL 32955
 
 
 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Ben Schorr

Title: RE: Microsoft Has Nimda





You need IIS if you want to run Exchange 2000.[1]



[1] Well, at least if you want it to do anything useful [2].
[2] Hi Dean and/or Sherry.


Aloha,


-Ben-
Ben M. Schorr, MVP-Outlook, CNA, MCPx3
Director of Information Services
Damon Key Leong Kupchak Hastert
http://www.hawaiilawyer.com



> -Original Message-
> From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 12:23 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> Uhhmm.. Lets remember one other BIG THING!!
> 
> 
> How many servers that got affected actually need IIS? You 
> only need it if you are running a web server or ftp server. 
> You do not require it to run a DC, or any other function 
> within Windows 2000. It is a default installed option and 
> should be removed if possible upon installation. 
> 
> -Original Message-
> From: Clayton [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 6:57 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> Remind me not to invite you around then :-)
> 
> Clayton Doige 
> IT Manager MCSE, MCP + I
> Gameday International N.V. 
> Bound in a nutshell, King of infinite space... 
> 
> T: +5 999 736 0309 ext 4537
> C: +5 999 563 1845 
> F: +5 999 733 1259 
> E: [EMAIL PROTECTED] 
> 
> 
> -Original Message-
> From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
> Sent: September 20, 2001 3:53 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> Although firing is definitley a pretty harsh item, I would be 
> looking at the quality of my department, and what Im paying 
> my guys who are supporting me. i.e. paper MCSE etc etc.. 
> 
> Everyone thinks they are okay until someone like me gets 
> called in to consult and validate the happenings. Typically 
> that results in a job loss. I think I did two in the past 
> three weeks. 
> 
> My most recent event was their IT guy telling them that 
> Veritas Backup Exec *ALWAYS* fails because of the open file 
> management. Heh.. After I spent 20 mins and ran a successful 
> backup he was no longer employed
> 
> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 4:10 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> Some mistakes are worse than others. The worse the mistake, 
> the harsher the punishment.
> 
> Sometimes people need to be fired.
> 
> 
> 
> John Hornbuckle
> Network Manager
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347 
> 
> 
> 
> -Original Message-
> From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 3:54 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> 
> 
> If firing someone or cutting off somebody's head for any 
> mistake was an answer, you'd have heard bombs by now!
> 
> 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: How do you all do it?

2001-09-20 Thread Alan Peery


Only if you are still awake after reading the list. :-)

Alan

Martin Blackstone wrote:

>
> I guarantee you, you sub to these lists, your knowledge will grow
> exponentially, and you will look like a hero to your boss when you know
> the S*&T is about to hit the fan well before anyone else does.
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Greg Kavalec


"Get any work done"...?


-
Cry 'Havoc,' and let slip the dogs of war; 
That this foul deed shall smell above the earth 
With carrion men, groaning for burial. 



-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 5:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


Where do you work?? Hiring?? I want one of those jobs.. Does it pay
well?? if so you better contact me off list I am ready to move: >

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:33 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


we are paid for reading these mails.

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Disk Usage

2001-09-20 Thread Michael Brubaker


Does anyone have any tools that will allow me to see which applications
are using the harddrives on my server? The server should be idle and the
hardrives are chugging away. Help
 


Michael Brubaker
Vice President Tel: (321) 631-8073 Fax: (321) 632-8769 [EMAIL PROTECTED]
  
  IICwww.iictel.com 


International InterConnect
297 Barnes Blvd.
Rockledge, FL 32955
 
 
 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Secuirty Downloads - Microsoft

2001-09-20 Thread Sean Martin


http://corporate.windowsupdate.microsoft.com

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  


-Original Message-
From: Ryan McBride [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:50 PM
To: NT System Admin Issues
Subject: Secuirty Downloads - Microsoft


I want to download security patches to update a couple of my NT Servers. I
can download security updates from the windowsupdate.microsoft.com site
however i have close to a dozen boxes that will all need the same
patching.

Is there a site on MS (not virus infected!!!) that I can download secuirty
patches and just save them to our support area for distribution to all our
servers

Thanx

Ryan McBride (MCSE)

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Dean Cunningham


Ah, no always been Dean[1], I am trying to figure out how I make you all
read them and start over, as you suggested I do?? :-)

[1] contrary to rumors about me being Sherry[2]
[2] Hi Sherry

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:29 a.m.
To: NT System Admin Issues
Subject: RE: How do you all do it?


You are sherry now//???

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:26 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Yes you called?

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:08 a.m.
To: NT System Admin Issues
Subject: RE: How do you all do it?

[snip]

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry


Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Mal Sasalu

we are paid for reading these mails.

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: How do you all do it?

2001-09-20 Thread Kelly Borndale


We're good.  And we have remote control packages installed on our clients
and servers so that we don't have to walk to the machine.

-K
- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 200
> messages today.  How do you all keep up with this list and get any work
> done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED]
> www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Secuirty Downloads - Microsoft

2001-09-20 Thread Ryan McBride


I want to download security patches to update a couple of my NT Servers. I
can download security updates from the windowsupdate.microsoft.com site
however i have close to a dozen boxes that will all need the same
patching.

Is there a site on MS (not virus infected!!!) that I can download secuirty
patches and just save them to our support area for distribution to all our
servers

Thanx

Ryan McBride (MCSE)

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Microsoft Has Nimda

2001-09-20 Thread Bartolini


That is too easy.
Most sites I have visited check off every option and 
Sometimes the Windows Help splash screen loads at startup.

- Original Message - 
From: "Benjamin Zachary" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:22 PM
Subject: RE: Microsoft Has Nimda


> Uhhmm.. Lets remember one other BIG THING!!
> 
> 
> How many servers that got affected actually need IIS? You only need it
> if you are running a web server or ftp server. You do not require it to
> run a DC, or any other function within Windows 2000. It is a default
> installed option and should be removed if possible upon installation. 
> 
> -Original Message-
> From: Clayton [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 6:57 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> Remind me not to invite you around then :-)
> 
> Clayton Doige 
> IT Manager MCSE, MCP + I
> Gameday International N.V. 
> Bound in a nutshell, King of infinite space... 
> 
> T: +5 999 736 0309 ext 4537
> C: +5 999 563 1845 
> F: +5 999 733 1259 
> E: [EMAIL PROTECTED] 
> 
> 
> -Original Message-
> From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
> Sent: September 20, 2001 3:53 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> Although firing is definitley a pretty harsh item, I would be looking at
> the quality of my department, and what Im paying my guys who are
> supporting me. i.e. paper MCSE etc etc.. 
> 
> Everyone thinks they are okay until someone like me gets called in to
> consult and validate the happenings. Typically that results in a job
> loss. I think I did two in the past three weeks. 
> 
> My most recent event was their IT guy telling them that Veritas Backup
> Exec *ALWAYS* fails because of the open file management. Heh.. After I
> spent 20 mins and ran a successful backup he was no longer employed
> 
> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 4:10 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> Some mistakes are worse than others. The worse the mistake, the harsher
> the punishment.
> 
> Sometimes people need to be fired.
> 
> 
> 
> John Hornbuckle
> Network Manager
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347 
> 
> 
> 
> -Original Message-
> From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 3:54 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> 
> 
> If firing someone or cutting off somebody's head for any mistake was an
> answer, you'd have heard bombs by now!
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Ross Wakelin


Ah Luxury

In my day we lived in the middle of the road, in an old
paper bag...

Nah I won't go down that road today

--
Ross Wakelin - Independent Information Technology Consultant
Tel: +64 (0)3 3433186  Fax: +64 (0)3 3433196
Cell: +64 (0)21 334380 

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: Friday, 21 September 2001 09:55
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus. One time one of the little sticks broke and the beads fell out.
Luckily we had a hot standby abacus. We were using AbicusServ (before it
was acquired by CA), but it still didn't work worth a damn. We had to
backup to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Well, this is reassuring...

2001-09-20 Thread Dean Cunningham


these days ... virtual ones sounds far better than "i gonna set a rule
to delete all messages from you"
Are we both showing our age here... :-)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 9:35 a.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Wow... people still use killfiles??? ;-)



> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 5:34 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Yeah it does matter. The message you got from SANS does not 
> appear to come
> from this list. There is *no* message like that in my 
> exchange public folder
> that is subscribed to the list. It has not been intercepted 
> at my AV mail
> gateway.
> 
> This means 1 of 2 things
> 
> 1) I can't read a public folder.
> 2) You don't actually know where the message you got came from.
> 
> I tend to go with 2) (funnily enough) and considering your knee-jerk
> reaction to act like chicken little without proper checking 
> of the facts,
> means the some of the 2000+ sys admins of this list may well 
> of wasted time
> , just like I have , checking for a file that was supposed to 
> of entered
> their mail servers that was infected and never detected by 
> their AV product.
> 
> So before you waste our time again, sod off, do some research 
> and get your
> facts right, don't waste our time.
> 
> Oh and congratulations you have made my killfile, no doubt I 
> have made yours
> :-)
> 
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 2:25 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Does it matter? I was fairly busy between the readme.txt and 
> the W32.Nimda
> to not worry about the specifics. If it came from SANS, 
> that's where it came
> from. I'm sorry if that offends you but what can I do? 
> Actually, since I got
> it off this list, why don't you analyze it and tell us what you find.
> 
> Greg
> 
> 
> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
> Sent: Wednesday, September 19, 2001 10:01 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> So you actually looked at the smtp source and saw that it 
> actually had the
> attachment in the email and not just a fragment?
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 1:55 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> It's not a rumor, it's what happened. That this e-mail got to 
> one of their
> people and propagated is disturbing. Antigen caught it at my 
> GW and didn't
> send it anywhere. What's there excuse?
> 
> Greg
> 
> 
> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
> Sent: Wednesday, September 19, 2001 9:19 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Careful before spreading such a rumor, the detecters may well be
> oversensiitve at this point. McAffee did the same to me 
> *because* a guy had
> posted to the mailing lust and email containing  a portion of the
> javascript. I would suggest considering the source of teh 
> messaging being
> blocked, that it is like they the message was benign and they 
> too had a
> portion of code in it that set the alarm bells off.
>  
> regards
> Dean
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 12:49 p.m.
> To: NT System Admin Issues
> Subject: Well, this is reassuring...
> 
> 
> 
> Antigen for Exchange found readme.exe infected with 
> JScript/Nimda.A.Worm
> (CA(InoculateIT)) worm. The message is currently Purged.  The 
> message, "SANS
> NewsBites Vol. 3 Num. 38", was sent from The SANS Institute  and was
> discovered in IMC Queues\Inbound located at 
> ORGANIZATION/SITE-1/ALEXAPP001.
> 
> 
> 
> Greg 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***
> This e-mail is  not an  official  statement o

RE: How do you all do it?

2001-09-20 Thread Dean Cunningham


I just assign the incoming to a public exchange folder and age it to 60
days. then if I am looking for something in particular, search the folder.
What I am looking for usually turns up (aka generally things are repeated
within 2 months on the list)


cheers
Dean
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:12 a.m.
To: NT System Admin Issues
Subject: RE: How do you all do it?


My mailing list folder is 98MB and I archive it every two weeks.
Keep in mind, there are NO attachments in these folders.

-Original Message-
From: T. Bradley Dean [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:25 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Outlook is showing 3127 deleted messages, and I clear that out daily...

~Brad 

-Original Message-
From: Bartolini [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:13 PM
To: NT System Admin Issues
Subject: Re: How do you all do it?


In the old days...when the boss walked by and saw you playing Quake it
was obvious you were goofing off. Now with the help of the list you can
actually look like you are working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 
> 200 messages today.  How do you all keep up with this list and get any

> work done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED] www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Martin Blackstone


I was going to say that.
There are some MAJOR advantages to being on these lists.
As an example, many of us knew about Nimda hours before anyone else did.
Granted we didn't have technical details or a name, but we knew there
was something bad happening and to start battening down the hatches. You
cant put a price on info like that.
I guarantee you, you sub to these lists, your knowledge will grow
exponentially, and you will look like a hero to your boss when you know
the S*&T is about to hit the fan well before anyone else does.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:26 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Hey, this IS work.  Knowing about a virus BEFORE users tell us, is major
work

Diane

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: How do you all do it?

2001-09-20 Thread Adrian Cooper



- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 11:02 PM

Only 200 - that is a mere trickle :-)

I get on average 2500 mails every day to this address alone - excluding any spam
most of which gets filtered.

I use alot of Outlook Express mail rules to sort my mail into many folders, and
then I scan the subject lines to see which needs dealing with as a matter of
priority.

Like everything else - it is a matter of prioritising.

Adrian Cooper.


> I just joined this list today and am overwhelmed with email.  Almost 200
> messages today.  How do you all keep up with this list and get any work
> done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED]
> www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


You are sherry now//???

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:26 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Yes you called?

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:08 a.m.
To: NT System Admin Issues
Subject: RE: How do you all do it?

[snip]

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry


Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Diane Beckham

Hey, this IS work.  Knowing about a virus BEFORE users tell us, is major
work

Diane

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Benjamin Zachary


Uhhmm.. Lets remember one other BIG THING!!


How many servers that got affected actually need IIS? You only need it
if you are running a web server or ftp server. You do not require it to
run a DC, or any other function within Windows 2000. It is a default
installed option and should be removed if possible upon installation. 

-Original Message-
From: Clayton [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 6:57 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda


Remind me not to invite you around then :-)

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 3:53 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

Although firing is definitley a pretty harsh item, I would be looking at
the quality of my department, and what Im paying my guys who are
supporting me. i.e. paper MCSE etc etc.. 

Everyone thinks they are okay until someone like me gets called in to
consult and validate the happenings. Typically that results in a job
loss. I think I did two in the past three weeks. 

My most recent event was their IT guy telling them that Veritas Backup
Exec *ALWAYS* fails because of the open file management. Heh.. After I
spent 20 mins and ran a successful backup he was no longer employed

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:10 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda


Some mistakes are worse than others. The worse the mistake, the harsher
the punishment.

Sometimes people need to be fired.



John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347 



-Original Message-
From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:54 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda




If firing someone or cutting off somebody's head for any mistake was an
answer, you'd have heard bombs by now!


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Dean Cunningham

Yes you called?

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Friday, 21 September 2001 10:08 a.m.
To: NT System Admin Issues
Subject: RE: How do you all do it?

[snip]

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


Wimps.. I love to push the limits and wait for my PST to hit 500 megs,
then I archive everything in a month pst that has any value [1] then I
run the pst compressor, goto bed, get up the next day hope it is done,
and run scanpst 5 times. 

[1] normally 2 times a month

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:21 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Oh god, last I saw KMs he was in the hundreds I think.. Hehe.. I run the
rules for each list Im in, sort by topic and date, and that keeps it
pretty simple. I also run the auto archive every day against it and
delete 15 days old. So I never have more than about 1k msgs from each
list.. 

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 6:12 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


My mailing list folder is 98MB and I archive it every two weeks.
Keep in mind, there are NO attachments in these folders.

-Original Message-
From: T. Bradley Dean [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:25 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Outlook is showing 3127 deleted messages, and I clear that out daily...

~Brad 

-Original Message-
From: Bartolini [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:13 PM
To: NT System Admin Issues
Subject: Re: How do you all do it?


In the old days...when the boss walked by and saw you playing Quake it
was obvious you were goofing off. Now with the help of the list you can
actually look like you are working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 
> 200 messages today.  How do you all keep up with this list and get any

> work done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED] www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Diane Beckham


LOL!!!

Definition "Old-timers" persons who have been on this list for over 1 year.

Definition "Old-Fa*ts" male persons who think they know it all.  Does not
pertain to chronological age.

HTH, 

Diane

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:55 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread TDI Custom Computers


"We had to backupto a Victrola."

ROFLMAO!

- Original Message - 
From: "Martin Blackstone" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 4:54 PM
Subject: RE: Just a hoax ...WORST EVER VIRUS


> Old timers?? :)
> 
> I remember back in my first job when we were running Exchange on an
> abacus.
> One time one of the little sticks broke and the beads fell out. Luckily
> we had a hot standby abacus. We were using AbicusServ (before it was
> acquired by CA), but it still didn't work worth a damn. We had to backup
> to a Victrola.
> 
> -Original Message-
> From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 2:31 PM
> To: NT System Admin Issues
> Subject: Just a hoax ...WORST EVER VIRUS
> 
> 
> It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
> first newbie to try and help out by posting a hoax that they thought was
> a real virus. Especially since there is a really nasty one running
> around. 
> Be sure to respond to whomever sent this to you and let them know to
> check out viruses on sites such as Symantec, NAI and such before they
> send them to you. Believe me, if a virus is running, this list will know
> about long before any User will and if you stay on this list every day,
> so will you. 
> Diane 
> -Original Message-
> From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 2:07 PM
> To: NT System Admin Issues
> Subject: Re: WORST EVER VIRUS (CNN announced)
> 
> No comment. 
> 
> K.Borndale 
> [EMAIL PROTECTED]  -home email
>  
> - Original Message - From: Sabrina Stolcz
>  To: NT System Admin Issues
>  Sent: Thursday, September
> 20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 
> 
> sorry, I sent it as soon as someone forwarded it.
> 
> -Original Message-
> From: Sabrina Stolcz []
> Sent: Thursday, September 20, 2001 4:18 PM
> To: NT System Admin Issues
> Subject: WORST EVER VIRUS (CNN announced)
> 
> 
> 
> WORST EVER VIRUS (CNN announced) 
> > > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
> LIST!! 
> > > >> A new virus has just been discovered that has
> been classified by 
> > > Microsoft 
> > > >> as the most destructive ever! 
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Benjamin Zachary


Oh god, last I saw KMs he was in the hundreds I think.. Hehe.. I run the
rules for each list Im in, sort by topic and date, and that keeps it
pretty simple. I also run the auto archive every day against it and
delete 15 days old. So I never have more than about 1k msgs from each
list.. 

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 6:12 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


My mailing list folder is 98MB and I archive it every two weeks.
Keep in mind, there are NO attachments in these folders.

-Original Message-
From: T. Bradley Dean [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:25 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Outlook is showing 3127 deleted messages, and I clear that out daily...

~Brad 

-Original Message-
From: Bartolini [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:13 PM
To: NT System Admin Issues
Subject: Re: How do you all do it?


In the old days...when the boss walked by and saw you playing Quake it
was obvious you were goofing off. Now with the help of the list you can
actually look like you are working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost
> 200 messages today.  How do you all keep up with this list and get any

> work done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED] www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Microsoft Has Nimda

2001-09-20 Thread Brian Steele


It's fairly easy to determine which directory you've used to install
Windows, so this can be considered only as a minor deterrent. Now, if you
were to also (1) install IIS on a different partition, and (2) configure IIS
to use host headers for all sites...


Brian

- Original Message -
From: "Clayton" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:31 PM
Subject: RE: Microsoft Has Nimda


How many people out there still install Windows (what ever version) into
the Winnt or Windows directory? How many of these stupid worms would die
if Windows was installed into a directory with some other name?
H.

Clayton Doige
IT Manager MCSE, MCP + I
Gameday International N.V.
Bound in a nutshell, King of infinite space...

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845
F: +5 999 733 1259
E: [EMAIL PROTECTED]


-Original Message-
From: McCarthy, Kathleen [mailto:[EMAIL PROTECTED]]
Sent: September 20, 2001 3:46 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

Hey, I agree too.  From what I've read about Nimda thus far, it uses
exploits that there have been patches out for for months.  And the
spreading
through file sharing issue takes advantage of systems that haven't
locked
down their permissions.  I've kept my servers and workstations patched
with
the most current and I lock down my machines - I don't leave any default
permissions, I remove/disable services that aren't needed, etc.  I
haven't
been infected by anything for over 2 years now - but I have plenty of
logs
to show that I've been attacked, just none have been successful as of
yet.

I'm sure that there are/will be worms developed to exploit
vulnerabilities
that there aren't already patches for, but it seems to me that the
majority
of the worms circulating all exploit vulnerabilities that there are
already
fixes for. If someone gets hit with something there are already patches
for,
I can't feel sorry for them.

Kathleen McCarthy

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 14:15
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

I was beginning to think I was the only person who held this opinion!


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS, etc.

2001-09-20 Thread Roger Wright


Cracked me up!  Well done!

 
Roger Wright
Southern Commerce Bank
___
 
There's no such thing as pure pleasure; some anxiety always goes with it.


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 5:55 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



___
NOTICE:  The information contained in this electronic message is considered
privileged and confidential under Florida Statutes 455.251 and 3905.017.  It
is intended solely for the use of the recipient named above.  If the reader
is not the recipient named above, you are hereby notified that any
dissemination, distribution, copying or disclosure of the contents of this
message is prohibited. If you have received this e-mail message in error,
please immediately notify the sender and destroy the original message.  



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Martin Blackstone


We enjoy helping others more than we enjoy our own work

-Original Message-
From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:20 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?




> -Original Message-
> From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 6:03 PM
> To: NT System Admin Issues
> Subject: How do you all do it?
>
>
> I just joined this list today and am overwhelmed with email.  Almost 
> 200 messages today.  How do you all keep up with this list and get any

> work done?  (Not meant to imply anything)

We don't...maybe you are on the wrong list...we are all independently
wealthy and just like to keep hacking.

...you work?

John
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED] www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


Well for beginners

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:08 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Are you actually advocating the deaning of messages???

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:08 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


You mean you do things beside list email?? Just wait till you get
involved in them and join all the "other lists" then 200 a day seems
like no one is talking to you at all, you start to feel lonely and get
depressed, then you get those pretty drugs and that men come in the van
in the white coats... Mm wait I was starting to break into song there..
Anyhow.. 

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry


Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread John Cesta - Lists




> -Original Message-
> From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 6:03 PM
> To: NT System Admin Issues
> Subject: How do you all do it?
>
>
> I just joined this list today and am overwhelmed with email.  Almost 200
> messages today.  How do you all keep up with this list and get any work
> done?  (Not meant to imply anything)

We don't...maybe you are on the wrong list...we are all independently
wealthy and just like to keep hacking.

...you work?

John
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED]
> www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Martin Blackstone


My mailing list folder is 98MB and I archive it every two weeks.
Keep in mind, there are NO attachments in these folders.

-Original Message-
From: T. Bradley Dean [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:25 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Outlook is showing 3127 deleted messages, and I clear that out daily...

~Brad 

-Original Message-
From: Bartolini [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:13 PM
To: NT System Admin Issues
Subject: Re: How do you all do it?


In the old days...when the boss walked by and saw you playing Quake it
was obvious you were goofing off. Now with the help of the list you can
actually look like you are working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 
> 200 messages today.  How do you all keep up with this list and get any

> work done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED] www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


Didn't you make the quote this week that we could not handle the truth??

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Don't worry, the truth doesn't hurt us. 

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Clayton


Some folks have more time than others. It seems today, I have too much
time on my hands :-) Generally, I delete most of what comes in. I have
rules (duh) to sort the mail, and then sort the various boxes by
conversation topic. When I come to my desk, a quick scan of the topics
sends me on my way, and I can read or delete as suits my schedule, spare
time, or need for information.

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 5:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread T. Bradley Dean


Outlook is showing 3127 deleted messages, and I clear that out daily...

~Brad 

-Original Message-
From: Bartolini [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:13 PM
To: NT System Admin Issues
Subject: Re: How do you all do it?


In the old days...when the boss walked by and saw you playing Quake it was
obvious you were goofing off.
Now with the help of the list you can actually look like you are
working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 200
> messages today.  How do you all keep up with this list and get any work
> done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED]
> www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Martin Blackstone

Are you actually advocating the deaning of messages???

-Original Message-
From: Kevin Miller [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:08 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?

You mean you do things beside list email?? Just wait till you get
involved in them and join all the "other lists" then 200 a day seems
like no one is talking to you at all, you start to feel lonely and get
depressed, then you get those pretty drugs and that men come in the van
in the white coats... Mm wait I was starting to break into song there..
Anyhow.. 

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry

Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: How do you all do it?

2001-09-20 Thread Bartolini


In the old days...when the boss walked by and saw you playing Quake it was
obvious you were goofing off.
Now with the help of the list you can actually look like you are
working..  o:)

- Original Message -
From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 6:02 PM
Subject: How do you all do it?


> I just joined this list today and am overwhelmed with email.  Almost 200
> messages today.  How do you all keep up with this list and get any work
> done?  (Not meant to imply anything)
>
>
> _
> Don Collier
> Network Administrator
> Intermap Technologies Inc.
> Voice:  303-708-0955 x-207
> Fax:303-708-0952
> [EMAIL PROTECTED]
> www.intermaptechnologies.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Kevin Miller


You mean you do things beside list email?? Just wait till you get
involved in them and join all the "other lists" then 200 a day seems
like no one is talking to you at all, you start to feel lonely and get
depressed, then you get those pretty drugs and that men come in the van
in the white coats... Mm wait I was starting to break into song there..
Anyhow.. 

Some times if you get behind just "dean [1]" that helps

[1] make them all as read and start over [2]
[2] hi Sherry


Kevinm WLKMMAS, UCC+WCA
~~~
All spelling and Factual errors are the fault of Bob Barker
~~~
This space has been rented by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

2001-09-20 Thread Martin Blackstone

Don't worry, the truth doesn't hurt us. 

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?

I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Martin Blackstone


We were a dotgoldrush company in SFlots of gold around to buy that
stuff.

-Original Message-
From: Clayton [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:00 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS


You guys actually had an abicus?

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 4:56 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS

Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus. One time one of the little sticks broke and the beads fell out.
Luckily we had a hot standby abacus. We were using AbicusServ (before it
was acquired by CA), but it still didn't work worth a damn. We had to
backup to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Smith Joseph


Abacus?!?  Weren't you the lucky one!
We had to make our own abacus...


Joseph Smith

Network Administrator
Perlos, Inc.
5201 Alliance Gateway
Fort Worth, TX 76178-3729
Work: 817-224-9012
Cell: 817-999-7703
[EMAIL PROTECTED]


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:56 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

How do you all do it?

2001-09-20 Thread Don Collier (Intermap Denver)


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Clayton


You guys actually had an abicus?

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 4:56 PM
To: NT System Admin Issues
Subject: RE: Just a hoax ...WORST EVER VIRUS

Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NAV 2002

2001-09-20 Thread Mier, Juan


Yep.

I think they make you get NAV Corporate or Enterprise (is there such a
thing?).  

> -Original Message-
> From: David N. Precht [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 2:50 PM
> To: NT System Admin Issues
> Subject: RE: NAV 2002
> 
> 
> NAV 2k2 will only work on 2k Pro or XP Pro ?
> 
> -Original Message-
> From: TDI Custom Computers [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 17:13
> To: NT System Admin Issues
> Subject: NAV 2002
> 
> 
> Just noticed that NAV 2002 will no longer work on servers, 
> W2k. Those who have single or dual servers in an environment 
> are now using what Norton product?
> 
> Mike
> 
> 
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



_

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Clayton


Remind me not to invite you around then :-)

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 3:53 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

Although firing is definitley a pretty harsh item, I would be looking at
the quality of my department, and what Im paying my guys who are
supporting me. i.e. paper MCSE etc etc.. 

Everyone thinks they are okay until someone like me gets called in to
consult and validate the happenings. Typically that results in a job
loss. I think I did two in the past three weeks. 

My most recent event was their IT guy telling them that Veritas Backup
Exec *ALWAYS* fails because of the open file management. Heh.. After I
spent 20 mins and ran a successful backup he was no longer employed

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:10 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda


Some mistakes are worse than others. The worse the mistake, the harsher
the punishment.

Sometimes people need to be fired.



John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347 



-Original Message-
From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:54 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda




If firing someone or cutting off somebody's head for any mistake was an
answer, you'd have heard bombs by now!


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Martin Blackstone


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NAV 2002

2001-09-20 Thread Diane Beckham

I don't know about servers, I run Nav 7.51 Enterprise, but NAV2002 will run
on Win2K and Win98 (I have it on both at home).

Diane

-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:50 PM
To: NT System Admin Issues
Subject: RE: NAV 2002

NAV 2k2 will only work on 2k Pro or XP Pro ?

-Original Message-
From: TDI Custom Computers [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 17:13
To: NT System Admin Issues
Subject: NAV 2002

Just noticed that NAV 2002 will no longer work on servers, W2k. Those
who have single or dual servers in an environment are now using what
Norton product?

Mike

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Martin Blackstone


Old timers?? :)

I remember back in my first job when we were running Exchange on an
abacus.
One time one of the little sticks broke and the beads fell out. Luckily
we had a hot standby abacus. We were using AbicusServ (before it was
acquired by CA), but it still didn't work worth a damn. We had to backup
to a Victrola.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:31 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER VIRUS


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was
a real virus. Especially since there is a really nasty one running
around. 
Be sure to respond to whomever sent this to you and let them know to
check out viruses on sites such as Symantec, NAI and such before they
send them to you. Believe me, if a virus is running, this list will know
about long before any User will and if you stay on this list every day,
so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September
20, 2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT
LIST!! 
> > >> A new virus has just been discovered that has
been classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Well, this is reassuring...

2001-09-20 Thread Clayton


Sod off? Stu...

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 4:34 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...

Yeah it does matter. The message you got from SANS does not appear to
come
from this list. There is *no* message like that in my exchange public
folder
that is subscribed to the list. It has not been intercepted at my AV
mail
gateway.

This means 1 of 2 things

1) I can't read a public folder.
2) You don't actually know where the message you got came from.

I tend to go with 2) (funnily enough) and considering your knee-jerk
reaction to act like chicken little without proper checking of the
facts,
means the some of the 2000+ sys admins of this list may well of wasted
time
, just like I have , checking for a file that was supposed to of entered
their mail servers that was infected and never detected by their AV
product.

So before you waste our time again, sod off, do some research and get
your
facts right, don't waste our time.

Oh and congratulations you have made my killfile, no doubt I have made
yours
:-)


-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 2:25 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Does it matter? I was fairly busy between the readme.txt and the
W32.Nimda
to not worry about the specifics. If it came from SANS, that's where it
came
from. I'm sorry if that offends you but what can I do? Actually, since I
got
it off this list, why don't you analyze it and tell us what you find.

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 10:01 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


So you actually looked at the smtp source and saw that it actually had
the
attachment in the email and not just a fragment?

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 1:55 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


It's not a rumor, it's what happened. That this e-mail got to one of
their
people and propagated is disturbing. Antigen caught it at my GW and
didn't
send it anywhere. What's there excuse?

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 9:19 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Careful before spreading such a rumor, the detecters may well be
oversensiitve at this point. McAffee did the same to me *because* a guy
had
posted to the mailing lust and email containing  a portion of the
javascript. I would suggest considering the source of teh messaging
being
blocked, that it is like they the message was benign and they too had a
portion of code in it that set the alarm bells off.
 
regards
Dean

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 12:49 p.m.
To: NT System Admin Issues
Subject: Well, this is reassuring...



Antigen for Exchange found readme.exe infected with JScript/Nimda.A.Worm
(CA(InoculateIT)) worm. The message is currently Purged.  The message,
"SANS
NewsBites Vol. 3 Num. 38", was sent from The SANS Institute  and was
discovered in IMC Queues\Inbound located at
ORGANIZATION/SITE-1/ALEXAPP001.



Greg 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread ebrastow


The problem I see with that, and maybe I'm wrong, is that just like our own
login scripts and such, I doubt any virus would use C:\WINNT as a path.
Instead, it would likely use variables like %SystemRoot%.

Evan


 -Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, September 20, 2001 5:39 PM
To: NT System Admin Issues
Subject:RE: Microsoft Has Nimda

Hmm... 
Takes notes...
(And not LOTUS notes...)



> -Original Message-
> From: Clayton [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 6:32 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> How many people out there still install Windows (what ever 
> version) into
> the Winnt or Windows directory? How many of these stupid 
> worms would die
> if Windows was installed into a directory with some other name?
> H.
> 
> Clayton Doige 
> IT Manager MCSE, MCP + I
> Gameday International N.V. 
> Bound in a nutshell, King of infinite space... 
> 
> T: +5 999 736 0309 ext 4537
> C: +5 999 563 1845 
> F: +5 999 733 1259 
> E: [EMAIL PROTECTED] 
> 
> 
> -Original Message-
> From: McCarthy, Kathleen [mailto:[EMAIL PROTECTED]] 
> Sent: September 20, 2001 3:46 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> Hey, I agree too.  From what I've read about Nimda thus far, it uses
> exploits that there have been patches out for for months.  And the
> spreading
> through file sharing issue takes advantage of systems that haven't
> locked
> down their permissions.  I've kept my servers and workstations patched
> with
> the most current and I lock down my machines - I don't leave 
> any default
> permissions, I remove/disable services that aren't needed, etc.  I
> haven't
> been infected by anything for over 2 years now - but I have plenty of
> logs
> to show that I've been attacked, just none have been successful as of
> yet.
> 
> I'm sure that there are/will be worms developed to exploit
> vulnerabilities
> that there aren't already patches for, but it seems to me that the
> majority
> of the worms circulating all exploit vulnerabilities that there are
> already
> fixes for. If someone gets hit with something there are 
> already patches
> for,
> I can't feel sorry for them.
> 
> Kathleen McCarthy
> 
> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 14:15
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> I was beginning to think I was the only person who held this opinion!
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Using secure SMTP (POP3) on Windows CE

2001-09-20 Thread Jay Kulsh


Hi folks,

One of our client uses Tripad and Clio (Windows CE machines). Users use POP3
to connect to Exchange server 5.5 but there is no setting for authentcation
for SMTP (outgoing) mail on those machines and we are forced to leave our
SMTP relay open to all on Exchange server.

Is there work around for this? Currently our Exchange server is being used
for sending SPAM by others from time to time. Thanks.

Jay
__
Jay Kulsh



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NAV 2002

2001-09-20 Thread Martin Blackstone

Norton Corporate Edition

-Original Message-
From: TDI Custom Computers [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 2:13 PM
To: NT System Admin Issues
Subject: NAV 2002

Just noticed that NAV 2002 will no longer work on servers, W2k. Those
who have single or dual servers in an environment are now using what
Norton product?

Mike

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: ie6 vs. ie5.5

2001-09-20 Thread Don Collier (Intermap Denver)


Maybe I just never configured IE5.5 to do it, I just don't know if it was
there, but I like the media sidebar, the auto resize.  Just minor things
that look ok to me.

 
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED] 
www.intermaptechnologies.com

-Original Message-
From: Benjamin Scott [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:51 PM
To: NT System Admin Issues
Subject: RE: ie6 vs. ie5.5


On Thu, 20 Sep 2001, Don Collier (Intermap Denver) wrote:
> I do like the new features though.

  What exactly are the new features?  From the description on the MSFT web
pages, it sounded like it did next to nothing, in practice.  Oh boy, it will
resize images automatically now, be still my heart.  On the systems I've
installed it on, the only thing I noticed was that annoying "Image Toolbar"
that pops up over the part of the image you are trying to study.  ;-)

  Does it really do all that much more, or did they just need an excuse to
increase the major revision number?

-- 
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not
|
| necessarily represent the views or policy of any other person, entity or
|
| organization.  All information is provided without warranty of any kind.
|



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Clayton










Well said…

 



Clayton Doige 
IT Manager MCSE,
MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite
space... 

T: +5 999 736 0309 ext
4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 



-Original Message-
From: Diane Beckham
[mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 4:19 PM
To: NT System Admin Issues
Subject: Just a hoax ...WORST EVER
VIRUS

 



It's OK Sabrina. 
Don't let these "old-timers" scare you.  You are not the first
newbie to try and help out by posting a hoax that they thought was a real
virus.  Especially since there is a really nasty one running around. 






 





Be sure to respond to
whomever sent this to you and let them know to check out viruses on sites such
as Symantec, NAI and such before they send them to you.  Believe me, if a
virus is running, this list will know about long before any User will and if
you stay on this list every day, so will you.





 





Diane





-Original Message-
From: Kelly Borndale
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001
2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN
announced)



No comment.






K.Borndale





 





[EMAIL PROTECTED]
-home email








- Original Message - 





From: Sabrina Stolcz






To: NT System Admin Issues 





Sent: Thursday,
September 20, 2001 4:39 PM





Subject: RE: WORST
EVER VIRUS (CNN announced)





 



sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been
classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and
no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero
from the
> > hard 
> > >> disk, where vital information for its Functioning are
stored.  This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list
with the 
> > title 
> > >> "A Virtual  Card for You."  As soon as
the supposed virtual card is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When
the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys
Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New
York, 
> > >> according to news broadcast by CNN. This alert was received
by an 
> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the
mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please
contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please
contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Diane Beckham


It's OK Sabrina. Don't let these "old-timers" scare you. You are not the
first newbie to try and help out by posting a hoax that they thought was a
real virus. Especially since there is a really nasty one running around. 
Be sure to respond to whomever sent this to you and let them know to check
out viruses on sites such as Symantec, NAI and such before they send them to
you. Believe me, if a virus is running, this list will know about long
before any User will and if you stay on this list every day, so will you. 
Diane 
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:07 PM
To: NT System Admin Issues
Subject: Re: WORST EVER VIRUS (CNN announced)

No comment. 

K.Borndale 
[EMAIL PROTECTED]  -home email
 
- Original Message - From: Sabrina Stolcz
 To: NT System Admin Issues
 Sent: Thursday, September 20,
2001 4:39 PM Subject: RE: WORST EVER VIRUS (CNN announced) 

sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz []
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been
classified by 
> > Microsoft 
> > >> as the most destructive ever! 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NAV 2002

2001-09-20 Thread David N. Precht

NAV 2k2 will only work on 2k Pro or XP Pro ?

-Original Message-
From: TDI Custom Computers [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 17:13
To: NT System Admin Issues
Subject: NAV 2002

Just noticed that NAV 2002 will no longer work on servers, W2k. Those
who have single or dual servers in an environment are now using what
Norton product?

Mike

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

_

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: HELP VIRUS ON NT MACHINE?

2001-09-20 Thread TDI Custom Computers


"The simple presence of .eml/.nws files, or copies of readme.exe, does not
in and of itself indicate an infected machine. If the files are put there
because of an infected client through a file share, they may not have been
run on the server yet."

100% of the clients I have seen, 25+, that have .eml files are infected and
many without the .eml files are also infected.

Just what I have seen,
Mike

- Original Message -
From: <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 9:11 AM
Subject: RE: HELP VIRUS ON NT MACHINE?


> The following is from Russ Cooper off NTBugtraq - sent last night.
>
>
> -BEGIN PGP SIGNED MESSAGE-
>
> Its been an exhaustive couple of days, for you all I'm sure.
>
> The Problem
> - ---
> I've just gotten off the phone with numerous experts from the major
> companies (including AV experts and CARO members) in an effort to
> answer the question; "Is it possible to trust a cleansed server?"
>
> See, due to the things Nimda does, it may well leave your machine
> open to easy access. Even if the virus/worm components have been
> removed/cleansed, if another attack occurs that exploits the open
> shares (for example) who knows what the attack might do or leave
> behind. The effects of such an attack are not going to be obvious to
> an AV product.
>
> Basically, cleansers available now do not address some of the more
> insidious components of Nimda;
>
> - - Guest account being enabled. In the case of an infected Domain
> Controller, this means the account is enabled in the Domain.
>
> - - Guest account being added to the Administrators group. Again, on
> DCs the Guest user is added to the Domain Admins group.
>
> - - Modification to registry keys. Some reports say that values under
> LanManServer\Parameters are deleted, in an effort to remove any
> AutoShareServer value that might prevent the availability of C$,
> etc...), while other reports talk only of the creation of new shares
> (C$, D$, etc...) under that key.
>
> - - Numerous critical system files are modified, including files in the
> dllcache directory, and its questionable whether or not these can be
> restored to good health by an untested cleanser (the suggestion that
> SSL functionality might not work after cleansing.)
>
> Then there is the question as to whether or not all of the effects of
> Nimda have actually been determined. With its buggy operation, its
> possible it might do other things inconsistently, in a way that might
> leave cleansers lacking.
>
> Testing we performed today suggested that cleansers that were
> available all did a reasonable job of disinfecting an infected file,
> but the testing was limited to that since cleansing infected systems
> would require an extremely wide variety of installations.
>
> Additional Threats
> - --
>
> With the open shares available, it would be possible for an attacker
> to gain entry to your system and retrieve or deposit other tools or
> data (like copying your SAM). These effects will be undetectable as
> part of AV Nimda cleansing, and could only be uncovered as a result
> of an extensive forensic effort.
>
> You should seriously consider the possibility that this has already
> happened to machines which might hold sensitive information if you
> have left them connected, or reconnect prior to a comprehensive
> cleansing and inspection.
>
> Decision Time
> - -
>
> The bottom line folks is that as of the time of writing, you have to
> make a decision;
>
> a) I need the system up and running now!
>
> Fine, disconnect it from infection vectors, restore it from tape or
> reformat and install fresh, patch it. Restore the data (even if its
> infected), run the currently available cleanser, and scan it again
> with your AV product. If it passes, reconnect it to the 'net and
> carry on.
>
> b) I can leave the machine turned off until Friday.
>
> Better, wait for a comprehensive cleanser from your AV Vendor
> (assuming they make one.) McAfee may already have one available and
> Symantec will have one shortly. Other AV Vendors may/will probably
> also produce one. The complexity of this thing has been such that
> multiple versions of cleansers have been required in order to do it
> "right". The same may be true of these additional cleansers.
>
> The Problem with Rebooting
> - --
>
> We noticed in our testing one cleanser that only worked if the
> machine was rebooted. Problem is that with a fully infected system, a
> reboot is not likely to bring up a live system. Depending on which
> files have been infected, a system might fail a reboot completely,
> partially, or succeed completely. Its probably safe to assume that
> rebooting an infected server is going to lead to a complete system
> failure and cause to re-install the OS.
>
> Without rebooting it may not be possible to cleanse all of the files
> that might cause re-infection. McAfee's recommendation

RE: Microsoft Has Nimda

2001-09-20 Thread JSlattery


Hmm... 
Takes notes...
(And not LOTUS notes...)



> -Original Message-
> From: Clayton [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 6:32 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> 
> How many people out there still install Windows (what ever 
> version) into
> the Winnt or Windows directory? How many of these stupid 
> worms would die
> if Windows was installed into a directory with some other name?
> H.
> 
> Clayton Doige 
> IT Manager MCSE, MCP + I
> Gameday International N.V. 
> Bound in a nutshell, King of infinite space... 
> 
> T: +5 999 736 0309 ext 4537
> C: +5 999 563 1845 
> F: +5 999 733 1259 
> E: [EMAIL PROTECTED] 
> 
> 
> -Original Message-
> From: McCarthy, Kathleen [mailto:[EMAIL PROTECTED]] 
> Sent: September 20, 2001 3:46 PM
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> Hey, I agree too.  From what I've read about Nimda thus far, it uses
> exploits that there have been patches out for for months.  And the
> spreading
> through file sharing issue takes advantage of systems that haven't
> locked
> down their permissions.  I've kept my servers and workstations patched
> with
> the most current and I lock down my machines - I don't leave 
> any default
> permissions, I remove/disable services that aren't needed, etc.  I
> haven't
> been infected by anything for over 2 years now - but I have plenty of
> logs
> to show that I've been attacked, just none have been successful as of
> yet.
> 
> I'm sure that there are/will be worms developed to exploit
> vulnerabilities
> that there aren't already patches for, but it seems to me that the
> majority
> of the worms circulating all exploit vulnerabilities that there are
> already
> fixes for. If someone gets hit with something there are 
> already patches
> for,
> I can't feel sorry for them.
> 
> Kathleen McCarthy
> 
> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, September 20, 2001 14:15
> To: NT System Admin Issues
> Subject: RE: Microsoft Has Nimda
> 
> I was beginning to think I was the only person who held this opinion!
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Well, this is reassuring...

2001-09-20 Thread JSlattery


Wow... people still use killfiles??? ;-)



> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 5:34 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Yeah it does matter. The message you got from SANS does not 
> appear to come
> from this list. There is *no* message like that in my 
> exchange public folder
> that is subscribed to the list. It has not been intercepted 
> at my AV mail
> gateway.
> 
> This means 1 of 2 things
> 
> 1) I can't read a public folder.
> 2) You don't actually know where the message you got came from.
> 
> I tend to go with 2) (funnily enough) and considering your knee-jerk
> reaction to act like chicken little without proper checking 
> of the facts,
> means the some of the 2000+ sys admins of this list may well 
> of wasted time
> , just like I have , checking for a file that was supposed to 
> of entered
> their mail servers that was infected and never detected by 
> their AV product.
> 
> So before you waste our time again, sod off, do some research 
> and get your
> facts right, don't waste our time.
> 
> Oh and congratulations you have made my killfile, no doubt I 
> have made yours
> :-)
> 
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 2:25 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Does it matter? I was fairly busy between the readme.txt and 
> the W32.Nimda
> to not worry about the specifics. If it came from SANS, 
> that's where it came
> from. I'm sorry if that offends you but what can I do? 
> Actually, since I got
> it off this list, why don't you analyze it and tell us what you find.
> 
> Greg
> 
> 
> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
> Sent: Wednesday, September 19, 2001 10:01 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> So you actually looked at the smtp source and saw that it 
> actually had the
> attachment in the email and not just a fragment?
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 1:55 p.m.
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> It's not a rumor, it's what happened. That this e-mail got to 
> one of their
> people and propagated is disturbing. Antigen caught it at my 
> GW and didn't
> send it anywhere. What's there excuse?
> 
> Greg
> 
> 
> -Original Message-
> From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
> Sent: Wednesday, September 19, 2001 9:19 PM
> To: NT System Admin Issues
> Subject: RE: Well, this is reassuring...
> 
> 
> Careful before spreading such a rumor, the detecters may well be
> oversensiitve at this point. McAffee did the same to me 
> *because* a guy had
> posted to the mailing lust and email containing  a portion of the
> javascript. I would suggest considering the source of teh 
> messaging being
> blocked, that it is like they the message was benign and they 
> too had a
> portion of code in it that set the alarm bells off.
>  
> regards
> Dean
> 
> -Original Message-
> From: Greg Page [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 20 September 2001 12:49 p.m.
> To: NT System Admin Issues
> Subject: Well, this is reassuring...
> 
> 
> 
> Antigen for Exchange found readme.exe infected with 
> JScript/Nimda.A.Worm
> (CA(InoculateIT)) worm. The message is currently Purged.  The 
> message, "SANS
> NewsBites Vol. 3 Num. 38", was sent from The SANS Institute  and was
> discovered in IMC Queues\Inbound located at 
> ORGANIZATION/SITE-1/ALEXAPP001.
> 
> 
> 
> Greg 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> ***
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Benjamin Zachary


Although firing is definitley a pretty harsh item, I would be looking at
the quality of my department, and what Im paying my guys who are
supporting me. i.e. paper MCSE etc etc.. 

Everyone thinks they are okay until someone like me gets called in to
consult and validate the happenings. Typically that results in a job
loss. I think I did two in the past three weeks. 

My most recent event was their IT guy telling them that Veritas Backup
Exec *ALWAYS* fails because of the open file management. Heh.. After I
spent 20 mins and ran a successful backup he was no longer employed

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:10 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda


Some mistakes are worse than others. The worse the mistake, the harsher
the punishment.

Sometimes people need to be fired.



John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347 



-Original Message-
From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:54 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda




If firing someone or cutting off somebody's head for any mistake was an
answer, you'd have heard bombs by now!


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Mal Sasalu


It's ok. All of us are not John Hornbuckle's. You will not be punished.
Cheers
Mal

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:39 PM
To: NT System Admin Issues
Subject: RE: WORST EVER VIRUS (CNN announced)


sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero from the
> > hard 
> > >> disk, where vital information for its Functioning are stored.  This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list with the 
> > title 
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New York, 
> > >> according to news broadcast by CNN. This alert was received by an 
> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread RZorz

Title: RE: Microsoft Has Nimda





I think all John was trying to point out is that of all companies, MS should be more on top of all this crap than anyone, since all too often we're having to connect to them to get patches/fixes/etc to fix vulnerabilities in their products. 

Weren't the MS sites we were connecting to get the Code Red security patches infected themselves?  Wasn't there a problem with the Microsoft/Frontpage site caused by Nimda? 

That's some serious negligence on Microsoft's part.  


-Original Message-
From: Dillon, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:29 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda



Operant Conditioning 101: behavior is controlled by its consequences, but
most IT depts are skilled at dodging those consequences (which reinforces
THAT behavior), so nothing changes/improves.  The problem that management
has is determining whether any given admin "crime" is worthy of the death
sentence, since a firing impacts morale and often requires a new (expensive)
hire.  I see two places where improvement could be made:  1)upgrade the
multitude of admins (not fast or easy or cheap), or 2)upgrade the product's
ability to keep ITSELF patched (which is Microsoft's baby).  There seems to
be a certain efficiency in #2.


-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:10 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda



Some mistakes are worse than others. The worse the mistake, the harsher
the punishment.


Sometimes people need to be fired.




John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347 




-Original Message-
From: Mal Sasalu [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:54 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda





If firing someone or cutting off somebody's head for any mistake was an
answer, you'd have heard bombs by now!



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

NAV 2002

2001-09-20 Thread TDI Custom Computers


Just noticed that NAV 2002 will no longer work on servers, W2k. Those who
have single or dual servers in an environment are now using what Norton
product?

Mike


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Just a hoax ...WORST EVER VIRUS

2001-09-20 Thread Diane Beckham




It's 
OK Sabrina.  Don't let these "old-timers" scare you.  You are not the 
first newbie to try and help out by posting a hoax that they thought was a real 
virus.  Especially since there is a really nasty one running around.  

 
Be 
sure to respond to whomever sent this to you and let them know to check out 
viruses on sites such as Symantec, NAI and such before they send them to 
you.  Believe me, if a virus is running, this list will know about long 
before any User will and if you stay on this list every day, so will 
you.
 
Diane

  -Original Message-From: Kelly Borndale 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 20, 2001 
  2:07 PMTo: NT System Admin IssuesSubject: Re: WORST EVER 
  VIRUS (CNN announced)
  No comment.
  K.Borndale
   
  [EMAIL PROTECTED] -home 
  email
  
- Original Message - 
From: 
Sabrina 
Stolcz 
To: NT System Admin 
Issues 
Sent: Thursday, September 20, 2001 4:39 
PM
Subject: RE: WORST EVER VIRUS (CNN 
announced)
sorry, I sent it as soon as someone forwarded 
it.-Original Message-From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]Sent: 
Thursday, September 20, 2001 4:18 PMTo: NT System Admin 
IssuesSubject: WORST EVER VIRUS (CNN announced)WORST 
EVER VIRUS (CNN announced) > > >> PLEASE SEND THIS TO 
EVERYONE ON YOUR CONTACT LIST!! > > >> A new virus has just 
been discovered that has been classified by > > Microsoft > 
> >> as the most destructive ever! > > >> This 
virus was discovered yesterday afternoon by McAfee and no> vaccine 
> > has > > >> yet been developed. This virus 
simply destroys Sector Zero from the> > hard > > 
>> disk, where vital information for its Functioning are stored.  
This > > virus > > >> acts in the following 
manner: > > >> It sends itself automatically to all contacts 
on your list with the > > title > > >> "A 
Virtual  Card for You."  As soon as the supposed virtual card is 
> > opened, > > >> the computer freezes so that 
the user has to reboot. When the > > ctrl+alt+del > > 
>> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus > > >> permanently destroying the 
hard disk. > > >> Yesterday in just a few hours this virus 
caused panic in New York, > > >> according to news broadcast 
by CNN. This alert was received by an > > employee > > 
>> of Microsoft itself. So don't open any mails with subject: > 
> >> "A Virtual Card for You." As soon as you get the mail, delete 
it.This 
email with all information contained herein or attached hereto 
maycontain confidential and/or privileged information intended for 
theaddressee(s) only.  If you have received this email in error, 
please contactthe sender and immediately delete this email in its 
entirety and anyattachments thereto..http://www.sunbelt-software.com/ntsysadmin_list_charter.htmThis 
email with all information contained herein or attached hereto 
maycontain confidential and/or privileged information intended for 
theaddressee(s) only.  If you have received this email in error, 
please contactthe sender and immediately delete this email in its 
entirety and anyattachments thereto..http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Well, this is reassuring...

2001-09-20 Thread Dean Cunningham


Yeah it does matter. The message you got from SANS does not appear to come
from this list. There is *no* message like that in my exchange public folder
that is subscribed to the list. It has not been intercepted at my AV mail
gateway.

This means 1 of 2 things

1) I can't read a public folder.
2) You don't actually know where the message you got came from.

I tend to go with 2) (funnily enough) and considering your knee-jerk
reaction to act like chicken little without proper checking of the facts,
means the some of the 2000+ sys admins of this list may well of wasted time
, just like I have , checking for a file that was supposed to of entered
their mail servers that was infected and never detected by their AV product.

So before you waste our time again, sod off, do some research and get your
facts right, don't waste our time.

Oh and congratulations you have made my killfile, no doubt I have made yours
:-)


-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 2:25 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Does it matter? I was fairly busy between the readme.txt and the W32.Nimda
to not worry about the specifics. If it came from SANS, that's where it came
from. I'm sorry if that offends you but what can I do? Actually, since I got
it off this list, why don't you analyze it and tell us what you find.

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 10:01 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


So you actually looked at the smtp source and saw that it actually had the
attachment in the email and not just a fragment?

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 1:55 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


It's not a rumor, it's what happened. That this e-mail got to one of their
people and propagated is disturbing. Antigen caught it at my GW and didn't
send it anywhere. What's there excuse?

Greg


-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 19, 2001 9:19 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...


Careful before spreading such a rumor, the detecters may well be
oversensiitve at this point. McAffee did the same to me *because* a guy had
posted to the mailing lust and email containing  a portion of the
javascript. I would suggest considering the source of teh messaging being
blocked, that it is like they the message was benign and they too had a
portion of code in it that set the alarm bells off.
 
regards
Dean

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 12:49 p.m.
To: NT System Admin Issues
Subject: Well, this is reassuring...



Antigen for Exchange found readme.exe infected with JScript/Nimda.A.Worm
(CA(InoculateIT)) worm. The message is currently Purged.  The message, "SANS
NewsBites Vol. 3 Num. 38", was sent from The SANS Institute  and was
discovered in IMC Queues\Inbound located at ORGANIZATION/SITE-1/ALEXAPP001.



Greg 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Clayton


How many people out there still install Windows (what ever version) into
the Winnt or Windows directory? How many of these stupid worms would die
if Windows was installed into a directory with some other name?
H.

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: McCarthy, Kathleen [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 3:46 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

Hey, I agree too.  From what I've read about Nimda thus far, it uses
exploits that there have been patches out for for months.  And the
spreading
through file sharing issue takes advantage of systems that haven't
locked
down their permissions.  I've kept my servers and workstations patched
with
the most current and I lock down my machines - I don't leave any default
permissions, I remove/disable services that aren't needed, etc.  I
haven't
been infected by anything for over 2 years now - but I have plenty of
logs
to show that I've been attacked, just none have been successful as of
yet.

I'm sure that there are/will be worms developed to exploit
vulnerabilities
that there aren't already patches for, but it seems to me that the
majority
of the worms circulating all exploit vulnerabilities that there are
already
fixes for. If someone gets hit with something there are already patches
for,
I can't feel sorry for them.

Kathleen McCarthy

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 14:15
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

I was beginning to think I was the only person who held this opinion!


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Sean Martin


I can understand the 'itchy trigger finger' response to this email in light
of everything going on the past two weeks. I have seen reports on CNN about
the Nimda virus so that right there could be one reason. Granted, this
person should've read through the entire email and then should've checked
the AV sites, but I think a little leniency should be awarded.

It's been a rough couple of weeks for all of us, let's not be too harsh.

Regards,
 
Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]  


-Original Message-
From: Clayton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:53 PM
To: NT System Admin Issues
Subject: RE: WORST EVER VIRUS (CNN announced)


I bet she's glad she posted it eh:-)

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 3:37 PM
To: NT System Admin Issues
Subject: RE: WORST EVER VIRUS (CNN announced)

The "A Virtual  Card for You" is a hoax.  You will find it listed on
most AV sites.

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero from
the
> > hard 
> > >> disk, where vital information for its Functioning are stored.
This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list with
the 
> > title 
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card
is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New
York, 
> > >> according to news broadcast by CNN. This alert was received by an

> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please
contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Montagna, Mark


Thanks...I've never ended a day laughing so hard...this list needs more
humor!



-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:39 PM
To: NT System Admin Issues
Subject: RE: WORST EVER VIRUS (CNN announced)


sorry, I sent it as soon as someone forwarded it.

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft
> > >> as the most destructive ever!
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine
> > has
> > >> yet been developed. This virus simply destroys Sector Zero from 
> > >> the
> > hard
> > >> disk, where vital information for its Functioning are stored.  
> > >> This
> > virus
> > >> acts in the following manner:
> > >> It sends itself automatically to all contacts on your list with the 
> > title
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card 
> > >> is
> > opened,
> > >> the computer freezes so that the user has to reboot. When the
> > ctrl+alt+del
> > >> keys or the reset button are pressed, the virus destroys Sector
> > Zero,thus
> > >> permanently destroying the hard disk.
> > >> Yesterday in just a few hours this virus caused panic in New York, 
> > >> according to news broadcast by CNN. This alert was received by an 
> > employee
> > >> of Microsoft itself. So don't open any mails with subject:
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Setting Kixtart logon window

2001-09-20 Thread Malcolm Reitz


Charles,

For item 2, you need to add this registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"RunLogonScriptSync"="1"


Malcolm
 


-Original Message-
From: Dewar Charles R [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 3:18 PM
To: NT System Admin Issues
Subject: Setting Kixtart logon window


When Kixtart is run on our PC's sometimes it is windowed, sometimes it is
minimized. How can I make sure that it euns as a window so the user can see
the progress.

Also, is there a setting to prevent W2K from loading the desktop until the
script is finished? Again, some PC's wait and others do not.

Weird.

Charles R. Dewar
Systems Administrator
North Hills Hospital
Phone: 817.255.1777
Toll-free Fax: 866.947.3756


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Goldoff, Erik


How could a professional post such obvious and old HOAX crap on this list


Erik Goldoff
Systems Manager
The HoneyBaked Ham Company
678-966-3320
[EMAIL PROTECTED]



-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero from the
> > hard 
> > >> disk, where vital information for its Functioning are stored.  This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list with the 
> > title 
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New York, 
> > >> according to news broadcast by CNN. This alert was received by an 
> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Clayton


I bet she's glad she posted it eh:-)

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of infinite space... 

T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: September 20, 2001 3:37 PM
To: NT System Admin Issues
Subject: RE: WORST EVER VIRUS (CNN announced)

The "A Virtual  Card for You" is a hoax.  You will find it listed on
most AV sites.

-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)



WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero from
the
> > hard 
> > >> disk, where vital information for its Functioning are stored.
This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list with
the 
> > title 
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card
is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New
York, 
> > >> according to news broadcast by CNN. This alert was received by an

> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.









This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please
contact
the sender and immediately delete this email in its entirety and any
attachments thereto..



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread Kelly Borndale




No comment.
K.Borndale
 
[EMAIL PROTECTED] -home 
email

  - Original Message - 
  From: 
  Sabrina 
  Stolcz 
  To: NT System Admin Issues 
  Sent: Thursday, September 20, 2001 4:39 
  PM
  Subject: RE: WORST EVER VIRUS (CNN 
  announced)
  sorry, I sent it as soon as someone forwarded 
  it.-Original Message-From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]Sent: 
  Thursday, September 20, 2001 4:18 PMTo: NT System Admin IssuesSubject: 
  WORST EVER VIRUS (CNN announced)WORST EVER VIRUS (CNN 
  announced) > > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT 
  LIST!! > > >> A new virus has just been discovered that has 
  been classified by > > Microsoft > > >> as the most 
  destructive ever! > > >> This virus was discovered yesterday 
  afternoon by McAfee and no> vaccine > > has > > 
  >> yet been developed. This virus simply destroys Sector Zero from 
  the> > hard > > >> disk, where vital information for 
  its Functioning are stored.  This > > virus > > 
  >> acts in the following manner: > > >> It sends itself 
  automatically to all contacts on your list with the > > title 
  > > >> "A Virtual  Card for You."  As soon as the 
  supposed virtual card is > > opened, > > >> the 
  computer freezes so that the user has to reboot. When the > > 
  ctrl+alt+del > > >> keys or the reset button are pressed, the 
  virus destroys Sector > > Zero,thus > > >> 
  permanently destroying the hard disk. > > >> Yesterday in just 
  a few hours this virus caused panic in New York, > > >> 
  according to news broadcast by CNN. This alert was received by an > 
  > employee > > >> of Microsoft itself. So don't open any 
  mails with subject: > > >> "A Virtual Card for You." As soon 
  as you get the mail, delete 
  it.This 
  email with all information contained herein or attached hereto maycontain 
  confidential and/or privileged information intended for theaddressee(s) 
  only.  If you have received this email in error, please contactthe 
  sender and immediately delete this email in its entirety and 
  anyattachments thereto..http://www.sunbelt-software.com/ntsysadmin_list_charter.htmThis 
  email with all information contained herein or attached hereto maycontain 
  confidential and/or privileged information intended for theaddressee(s) 
  only.  If you have received this email in error, please contactthe 
  sender and immediately delete this email in its entirety and 
  anyattachments thereto..http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread John Hornbuckle


But since organizations cannot force #2 to happen, they must instead opt
for #1 (at least for the time being).



John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347 

-Original Message-
From: Dillon, Jeff [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 4:29 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda


Operant Conditioning 101: behavior is controlled by its consequences,
but most IT depts are skilled at dodging those consequences (which
reinforces THAT behavior), so nothing changes/improves.  The problem
that management has is determining whether any given admin "crime" is
worthy of the death sentence, since a firing impacts morale and often
requires a new (expensive) hire.  I see two places where improvement
could be made:  1)upgrade the multitude of admins (not fast or easy or
cheap), or 2)upgrade the product's ability to keep ITSELF patched (which
is Microsoft's baby).  There seems to be a certain efficiency in #2.


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: File Creation Dates

2001-09-20 Thread Goldoff, Erik

also found links for :
http://www.direct-print.com/setfdate.htm
http://www.windmillpoint.com/fdaexe.htm
http://www.javajeff.com/tips/tip3/tip3.html

but haven't tested them myself, ymmv.

Erik Goldoff
Systems Manager
The HoneyBaked Ham Company
678-966-3320
[EMAIL PROTECTED]

-Original Message-
From: Len Hammond [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:05 PM
To: NT System Admin Issues
Subject: RE: File Creation Dates

Where does one find such an applet?  Searches on Tucows, ZDnet and general
searches with MSN and Google didn't turn up any slap or touch that affected
file dates.  Slap and Touch did get a few interesting hits not related to
computers 

I did see that touch is available on an NT4 box as a Posix command but on my
box, not enough info was found at the help command to let me figure out how
to use it.

Can you post a link to these or others?
Thanks
Len Hammond
Network Administrator
[EMAIL PROTECTED]

-Original Message-
From: Goldoff, Erik [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:52 PM
To: NT System Admin Issues
Subject: RE: File Creation Dates

many such applets.. two that come to mind are command line:
slap 
touch

Erik Goldoff
Systems Manager
The HoneyBaked Ham Company
678-966-3320
[EMAIL PROTECTED]

-Original Message-
From: Len Hammond [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 10:30 AM
To: NT System Admin Issues
Subject: RE: File Creation Dates

Just curious...  Is there a utility available to adjust the creation date of
a file.  One of our SPC applications looks for a file with a specific date
on it before it runs in the "full" mode instead of "Evaluation" mode.
However, the contents of the file needs to change but when I change it, it
runs the way I want it to but reverts back to an eval copy.  So...  I need
to edit the file and then change it's date back to the original date.

Len Hammond
Network Administrator
Pontiac Coil, Inc.
[EMAIL PROTECTED]

-Original Message-
From: Kenneth Taira [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 14, 2001 5:55 PM
To: NT System Admin Issues
Subject: Re: File Creation Dates

Err...you can make monster zip files as they save the creation date...then 
unzip them
on the target.

At 04:03 PM 9/14/2001 -0500, you wrote:
>Hello All,
>
>I have the need to transfer a large amount of data from one server to 
>another. The source
>system is NT3.51 and the destination is Win2K.  I am attempting to 
>transfer these files
>across the network. My problem is that I need to maintain the file 
>creation date on each
>file. I might also add that these files where created over several years 
>of usage.
>Does anyone know of a utility or a switch that would allow for this?
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Microsoft Has Nimda

2001-09-20 Thread Benjamin Zachary

HAHAHAH I was flipping through it going I didn't see him curse in
there.. And I looked at it and looked at it for like 2 mins.. Then it
hit me.. Like a brick :)

-Original Message-
From: Miley, Dan [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 20, 2001 5:06 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda

please don't use the "F" word on this list.

-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]]

Some mistakes are worse than others. The worse the mistake, the harsher
the punishment.

Sometimes people need to be fired.

This e-mail may be privileged and/or confidential, and the sender does
not waive any related rights and obligations. Any distribution, use or
copying of this e-mail or the information it contains by other than an
intended recipient is unauthorized. If you received this e-mail in
error, please advise me (by return e-mail or otherwise) immediately. 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WORST EVER VIRUS (CNN announced)

2001-09-20 Thread David Herrick

Title: RE: WORST EVER VIRUS (CNN announced)






Virtual Card for You
Reported on: January 10, 2001 
Last Updated on: April 19, 2001 at 09:50:38 AM PDT 



Printer-friendly version  Tell a Friend  


The Virtual Card for You is a hoax that should be ignored. The following is the text that may be received as an email message: 

Virus Alert VIRUS WARNING To ALL INTERNET USERS:


A new virus has just been discovered that has been classified by Microsoft (www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive ever!

This virus was discovered yesterday afternoon by McAfee and no vaccine has yet been developed.  This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title "A Virtual Card for You".

As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot.  When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.

Please distribute this message to the greatest number of people possible.  Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN www.cnn.com).  This alert was received by an employee of Microsoft itself.

A Dutch translation of this hoax has also been seen:


**
WAARSCHUWING !!! 
 
"Er is een nieuw virus ontdekt door Microsoft en Mc Afee. Men zegt
dat het een fataal virus is. Het virus is twee dagen geleden in
Amerika ontdekt en er is nog geen anti virus. Het virus vernietigt
"Sector Zero" van de hard disk, waar vitale info is opgeslagen voor
het functioneren van je PC. Het virus verspreidt zich via de
contactenlijsten van de ontvangende computers. Het virus draagt de
naam: "A Virtual Card for You". Zodra je de zogenaamde kaart geopend
hebt slaat de computer zodanid vast dat je moet resetten. Ctrl + Alt
+  Del betekent het einde van je harde schijf. Het virus heeft voor
paniek gezorgd in New York. Zelfs CNN maakte melding van het virus!
Dus "A Virtual ! card for You" niet openen ! Zodra je de mail krijgt
definitief verwijderen ! " Tevens wordt door Intel gewaarschuwd voor
het e-mail "An Internet Flower for you".Open het niet ! Dit virus
verwijdert alle .dll files van je hard disk. Stuur dit uit het Engels
vertaalde bericht zo snel mogelijk op naar al je contacten !(het
oorspronkelijk bericht is van Neil Quigley van New Media Computer
Corp). 



Type: Hoax 


Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.


-Original Message-
From: Sabrina Stolcz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:18 PM
To: NT System Admin Issues
Subject: WORST EVER VIRUS (CNN announced)




WORST EVER VIRUS (CNN announced) 
> > >> PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!! 
> > >> A new virus has just been discovered that has been classified by 
> > Microsoft 
> > >> as the most destructive ever! 
> > >> This virus was discovered yesterday afternoon by McAfee and no
> vaccine 
> > has 
> > >> yet been developed. This virus simply destroys Sector Zero from the
> > hard 
> > >> disk, where vital information for its Functioning are stored.  This 
> > virus 
> > >> acts in the following manner: 
> > >> It sends itself automatically to all contacts on your list with the 
> > title 
> > >> "A Virtual  Card for You."  As soon as the supposed virtual card is 
> > opened, 
> > >> the computer freezes so that the user has to reboot. When the 
> > ctrl+alt+del 
> > >> keys or the reset button are pressed, the virus destroys Sector 
> > Zero,thus 
> > >> permanently destroying the hard disk. 
> > >> Yesterday in just a few hours this virus caused panic in New York, 
> > >> according to news broadcast by CNN. This alert was received by an 
> > employee 
> > >> of Microsoft itself. So don't open any mails with subject: 
> > >> "A Virtual Card for You." As soon as you get the mail, delete it.










This email with all information contained herein or attached hereto may
contain confidential and/or privileged information intended for the
addressee(s) only.  If you have received this email in error, please contact
the sender and immediately delete this email in its entirety and any
attachments thereto..




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

1 2 3 >

1 - 100 of 280 matches

Mail list logo