NT and IIS Gurus, please help.
My system was infected by Nimda. Norton found certain TFTPxxx files
under Inetpub/scripts which were infected. It could not clean it. It
quarantined it. I deleted those files. But new TFTPxxx files kept
getting created in that directory, and Norton kept saying th
Reformat. There is no way to 100% remove the virus from your system.
You can download and run utilities from Eeye, Norton, NAI, Commandcenter
.. But the bottom line, it's not going to be 100% cleaned.
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
30
"Fdisk...format... Reinstall..do da.." comes to mind
-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 09:55
To: NT System Admin Issues
Subject: RE: Nimda and patch end up shutting my Web Server
Reformat. There is no way to 100% remove
>>Reformat. There is no way to 100% remove the
>>virus from your system.
I don't agree with that statement as an absolute, particularly if you
avoided rebooting the machine while the virus was running.
If you had a properly installed Hosted system, you could determine
what had been changed from
By now there are probably tools that will remove (or at least claim to
remove) Nimda, but once you were infected your machine started
announcing to the world that everyone had access to it. Even if a tool
cleans up Nimda can you ever be sure that some enterprising script
kiddie hasn't placed a tro
Read the documentation from CERT, Eeye and other virus/ security
authorities. If the virus was executed on your server, it will open ports
and cause damage that can not be 100% removed.
However, your statement "If you had a properly installed Hosted system, you
could determine what had been chang
>If you had a properly installed Hosted system
Meant to say "Host-based IDS system" :)
==
ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT
==
"Evil is done withou
Have a server or two to migrate to Windows 2000,
anybody with horror stories they want to share. Any useful resources that should
be reviewed prior to taking the digital plunge.
Thanks in advance
-
Richard Jones
http://www.sunbelt-software.com/ntsy
Horror Story:
I did 5 months
of research and test builds of W2K Server, and thought, ‘this will be a snap’.
Famous last words eh.
Before you do
the upgrade, check the DNS tab of TCPIP properties, and see if you have a
domain name in there. If you do, use that name for your W2K Dom
I have eliminated it. I used a nimba tool and then had Norton scan and
remove files. My server works fine now.
- Original Message -
From: "Andrew S. Baker" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Sunday, September 23, 2001 10:17 AM
Subject: RE: Nimda a
I would think that running a good port scanner against that box would be
a good idea. You never know what ports have been opened by the worm...
Rick
-Original Message-
From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 10:26 AM
To: NT System Admin Issues
S
Hi all
Come across a stumbling block wonder if anyones got any ideas,
on windows 2000 rdisk don't exist, as ERD is built into NTBackup, and
looking thru the help file for ntbackup theres no command prompt
switches that can be used for ERD making only backup and restore,
Does anyone know if its p
works well as long as you use the "upgrade" option...
have converted 3 data bases with no problems...
Jim
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
I'm far from a MS bigot (we run many Linux and until recently Solaris
boxes), but I am not pissed at the number of patches. ALL operating systems
have 'issues', be they security or stability or compatibility, that require
patches. Linux has patches, Solaris has patches, VMS has patches. It's
ju
Hi,
I'd done this before once. I used KIXTART which
is part of NT reskit.
It worked very fine.
first you write into your central login-script
all the printers (with the print-servers) and
the unc-name.
then, when users got their printers, it is very easy
to change the printserver by only changing
His poor attitude toward MS products in my opinion comes form his lack
of knowledge! Turning off IIS on a proxy machine is only something
someone who knows nothing of proxy would do, and is a clear message he
is administering products beyond his capability. I have never had any
one of the machines
Title: RE: Migrating printers from one print server to another.
Use printmig.exe from the W2K Server reskit, it's great, works with NT or 2K..
RE Young MCSE
C/S Systems Engineering
Dallas, TX USA
-Original Message-
From: SAAGER Stefan [mailto:[EMAIL PROTECTED]]
Sent: Sunday
one thing we had problems with was keeping global address list updated.
had to do an export ->download ->import and it's funky sometimes. I think
that's a limitation of outlook internet mail version. Don't know about the
CE version.
Dan
Words to live by:
"If everyone is thinking alike then s
If you have an idea what what IP or IP range the CE machines will connect
from, you can set IMS to deny relay to all but those adresses. I do this
with my mobile OmniSky/PPC users so they don't have to send through the
OmniSky SMTP server.
--Colin
>
> >
> > you can push outgoing mail to your I
What the F***? I believe is what he meant.
-Original Message-
From: Jesse E. Gardner [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 10:37 PM
To: NT System Admin Issues
Subject: RE: ISS and NT password crap
WTF?
Jesse E. Gardner, MCP
P.O. Box 11431
Columbia, SC 29211
(803
Guys and Gals...
My department is currently looking at whether or not to keep a server or
two running ZAC from NAI running when we take over for a soon-to-be-gone
outsourcer. Do you have any gotchas or concerns with this product
(running on a Win2k Server) ?
TIA
Dave
well thanks Joe, obviously this post is full of useful information and i
will be filing it under my s*** from morons folder please continue to
contribute regulary to this forum, and i look forward to more useful advise
from your vast pool of infinite wisdom. Please let me know where to send
Folks
I am sorry if this
seems off topic - it is a question regarding Novell and NT being joined together
and the possibility of breaking that link.
Domain is Win NT 4
sp6a PDC and BDC Novell 4.11 NDS single server. Clients mix of mainly win
98 and a few 2000/NT WS.
A prior admin
You posted derogatory remarks in frustration I am guessing towards MS
stuff in an MS list, what did you expect? Why point outside HTTP req's
to any ip if there is not a valid web server anyway? Why don't you just
not write a rule/route for http period?
Signed,
The moron
-Original Message
IMHO Spoofing is only useful for DOS attacks, that is you do not want the
return packet, or you want the return packet to actually go to the spoofed
address.
The details in your web log mean that your web server was having a
conversation with that source, no spoofing involved.
I personally believ
ah now your talking and point taken - i am full of crap sometimes - comes
with listening to it on help desk all day... i apologized in the second
post.
now, your second comment is very interesting. care to elaborate? when you
say write a rule, your talking a rule that is on the web server or a
You are concerned with outsiders causing your web server trouble.
Aside for the obvious harping on staying up to date on patches, if no
web pages are served off your proxy box, just don't allow http requests
in, don't publish... Why are you against upgrading to ISA, cuz bro, ISA
can be called a fi
only against ISA cos i know nothing about it (obvious remark here from you
guys would be i know nothing about IIS/proxy either, hehe)...
i don't want to stay uptodate with patches, i just want to deny http
requests in, publish is already turned off... how to do?
-Original Message-
Fr
Hello,
I have been asked to research and potentially implement IM for a company
to communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real world implementation
concerns/ tips as well as the security
Hi all,
I just joined the list.
I have a problem regarding NT 4.0
My environment is 10/100 Switched network on CISCO
switches.
For some reason I keep loosing network connectivity
to servers.
A PING works fine but not a NET VIEW (System error
53 has occurred. The network path was not
found.
I would honestly check the basics on those server
machines with the problem your describing. Check the cabling to those machines,
and check their NICs. Seems like you might need to replace one or the other
there.
Hope that helps.
-Joe Krajewski
- Original Message -
From:
Do you have a firewall in between the client machines and the servers you
are trying to browse?
If so, ensure the rules are set up to allow Netbios traffic through ..
otherwise, ensure that on the server machines in the Bindings section, that
Netbios has not been disabled.
Giles
-Original
But PING works always. I don't think it's a
physical issue.
Uso
- Original Message -
From:
Joe Krajewski
To: NT System Admin Issues
Sent: Monday, September 24, 2001 10:42
AM
Subject: Re: Servers get
unresponsive
I would honestly check the basics on th
Hi guys.
I’m new to this list. Was wondering if anyone had a problem
getting rid of the Nimda virus? I use InoculateIT
from Computer Associates as my virus scanner, with newest virus update. I think I have a pretty secure machine,
but that’s only an opinion. I
speculate I was infected
Uso,
I know
this problem, You can try 2 things (2. second will work :-))
First:
go to the server, restart the server service (it will stop other services, but
You can restart them later)
If
this will not solve the problem, only the restart will help
You
We
have this problem somet
Sounds
to me like a browsing issue. I ran into something similar last week.
You can use browmon and/or browstat in the NT Res kit to troubleshoot
this.
-Original Message-From: Uso S.
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001 1:44
AMTo: NT System Admin Issue
Are
you using WINs for name resolution?
-Original Message-From: Gordon W. Smith
[mailto:[EMAIL PROTECTED]]Sent: 24 September 2001
08:20To: NT System Admin IssuesSubject: RE: Servers get
unresponsive
Sounds to me like a browsing issue. I ran into something similar
last
In Exchange 2000 what is the quickest way to prevent a user logging onto
their mailbox while we check out a complaint against them?
In 5.5 I used to just changed the NT Account to my own account so that
logon would fail
Thanks
Stu
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Uso,
We faced the similar problem also. Some error regarding pagefile.sys. Had to
move the pagefile location to a different drive and restart the server.
Pradeep Jose
-Original Message-
From: Pajor, Gabor (GEL,NonGE,MSX) [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:
Yes, am using Wins.
But I don't really think it's a WINS problem
because I tried LMHOSTS files and it didn't change the behaviour.
regards
Osama
- Original Message -
From:
Dave Oseman
To: NT System Admin Issues
Sent: Monday, September 24, 2001 11:25
AM
Subject:
HI,
First diable TFTP by changing the line tftp 69/udp to tftp 0/udp in
services file located drivers\etc to avoids the spreading of virus .
> --
> From: James Costa[SMTP:[EMAIL PROTECTED]]
> Reply To: NT System Admin Issues
> Sent: Monday, September 24, 2001 12:30
Scenario:
OS = 2000
Laptop = 2K Pro
Server = 2K Adv Srvr
Laptop:
I have
been using an ID (admin level [local]) for years (profile is just how I want
it). Created a network at
home. Can see the network, but
when I create a network ID I lose my desktop (profile) settings
42 matches
Mail list logo
