404 is a page not found error, which is a good thing. It indicates the
server couldn't find the requested file. As long as these URLs aren't
showing up anywhere in your good page requests reports you shouldn't have to
worry.
-Original Message-
From: Willis Olivo [mailto:[EMAIL PROTECTED
Thank you for all the inputs regarding Nimda, but I am seeking
something else -
1. reformatting and reinstalling is at present not an option for me
2. How do I find out what mischief the patch I installed did, after
which the web server does not run - how do I diagnose that and have the
web se
r Tomorrow"
[EMAIL PROTECTED]
(858) 693-6929 (voice)
(858) 693-6916 (fax)
(310) 283-0806 (cell)
Please visit us online @ http://www.911RRT.com
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Sub
The other thing to do, is regedit and the .elm and .eml out of the registry.
If it can't find what program to use, then it will prompt you.
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 9:27 AM
To: NT System Admin Issues
Subjec
09/24/01 04:58PM >>>
Your sysmptoms read more like a Netware or other script not running to
completion.
ralph
Reply Separator________
Subject:RE: Nimda - Thought we were protected
Author: NT System Admin Issues <[EMAIL PROTECTED]>
Date:
The eml files were returning even AFTER running all the Nimda scanners/ cleaners. (We
used two of them)
Finally just gave up and wiped the drives.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PRO
OK. Trends analysis response came back. Send us your serial number or we won't look at
it.
Not smart. I KNOW it's Nimda. I though they would want to see it and see if it was in
fact a new strain. I only sent it to them because once before they asked me here in
this forum to do so whenever we
Yeah yeah, you got it
-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 17:33
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Don't u mean Sophos ?
-Original Message-
From: Gisler, Johnny [m
Don't u mean Sophos ?
-Original Message-
From: Gisler, Johnny [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 20:05
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [m
/www.911RRT.com
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
> About every fifteen minutes or so, the .EML files are all back again.
I've heard about t
How do you know your hit then?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 13:59
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Your sysmptoms read more like a Netware or other script not running to
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 13:59
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Your sysmptoms read more like a Netware or other script not running to
completion
ot;*.mpeg""AttachmentNames9"="*.avi""AttachmentNames10"="*.mpg""AttachmentNames11"="*.exe"
DisAllow.cmd
nav12.regnaveupdate.exe
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24,
Title: Message
Don't
forget to block WTC.exe (W32/Vote) while you're at it.
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24, 2001 4:09 PMTo: NT System Admin IssuesSubject: RE:
Nimda - Thought we were protected
Peter, you
System Admin IssuesSubject: RE:
Nimda - Thought we were protected
Peter, you got a doc on that from
symantec?
-Original Message-From: Kim, Peter J.
[mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001
2:26 PMTo: NT System Admin IssuesSubject: RE: Nimda
Title: RE: Nimda - Thought we were protected
We're
using MailMarshal - it lets you block any attachments you like and is
intelligent enough to inspect headers to determine the file type to get around
cunning users changing file extensions...
-Original Message-From: Miley
> About every fifteen minutes or so, the .EML files are all back again.
I've heard about this- in fact, just this afternoon. In this case, I
recommended to my customer to "quarantine" the machine (read: remove the
network cable!) and run the NIMDA scanner/fix from the machine locally (you
won't
Your sysmptoms read more like a Netware or other script not running to
completion.
ralph
Reply Separator
Subject:RE: Nimda - Thought we were protected
Author: NT System Admin Issues <[EMAIL PROTECTED]>
Date: 09/24/2001 7:54 AM
What mak
001 2:26
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec NAV for exchange, you make minor adjustments to the
Registry and it blocks all wanted attachments.
-Original
Message-From: Ian Kelly
[mailto:[
Title: RE: Nimda - Thought we were protected
trend
scanmail.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24,
2001 2:33 PMTo: NT System Admin IssuesSubject: RE: Nimda
- Thought we were protected
You
can't block attach
OK, The infected file to McAfee was returned as undeliverable. Any new addresses? This
one came from their site so should have been valid.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PROTECTED]
ROTECTED]] Sent: Monday, September 24, 2001 11:34
AMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL PROTECTED]-Love
may not make the world go round, but I must admi
MAIL PROTECTED]
Phone: (404) 827-0924
-Original Message-
From: Lenny Bensman [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:00 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could you please send the link to it? Does this tool clean
Title: Message
Peter,
you got a doc on that from symantec?
-Original Message-From: Kim, Peter J.
[mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:26
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec
Title: RE: Nimda - Thought we were protected
Thanks
to both of you who replied. I was going crazy trying to find something
that doesn't exist.
Kelly Gosh
Information Systems Manager
Brilliance Audio, Inc.
Phone: 616.846.5256 ext. 704
Fax: 616.846.0630
http://www.brillianceaudi
Are you talking about the servers only or the workstations ??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
SCAN ALL FILES (asp,js,htm,html,shtm
Title: RE: Nimda - Thought we were protected
Be careful using this tool. . . The fixnimda.com will delete all your shares. . so if you run this utility on a server you could be in for a long night of rebuilding your structure, esp if you use share based permissions.
Bobby A. Jones
Systems
D]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc: (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being protected with
: RE: Nimda - Thought we
were protected
Third
party tools!
Ian
-
[EMAIL PROTECTED]
-
Love may not make the world go round, but I must admit that it makes the ride
worthwhile. - Sean Connery
-Original Message-
From
Title: RE: Nimda - Thought we were protected
You
can't block attachments natively. You need 3rd party antivirus software.
-Original Message-From: Kelly Gosh
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001
11:07 AMTo: NT System Admin IssuesSubject: RE:
ngage in it."
-Original Message-From: Ian Kelly
[mailto:[EMAIL PROTECTED]] Sent: September 24, 2001 14:34
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL
-
From: Rudolph, Paul [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 1:05 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched
Could you please send the link to it? Does this tool clean all the areas?
(shares, registry, exe/dlls, etc...?)
-Original Message-
From: KRUSE,TIM (Non-HP-Richardson,ex1) [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 1:34 PM
To: NT System Admin Issues
Subject: RE: Nimda
Title: RE: Nimda - Thought we were protected
I've been continuously scanning all the drives (including the networked). There is a tool out on Symantec site. Please check this site. http:[EMAIL PROTECTED]
-Original Message-
From: Negrete, Arthur [mailto:[EMAIL PROTECTED]]
to crash,
update bios & device drives to latest rev 1st. Then install SP6a.
-Original Message-
From: Andy Cottrell [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:11 AM
To: NT System Admin Issues
Subject: RE: Nimda Help for NT
http:[EMAIL PROTECTED] is a good
page with
01 1:05 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched, and
has no signs of infection
Paul Rudolph, MCSE; MCP+Internet; CCA
perots
:[EMAIL PROTECTED]] Sent: September 24, 2001 14:07
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Where in Exchange 5.5 can you block certain attachments?
Ideally, I would like to block all *.exe and all *.vbs from most users.
I know how to block domains and
To: NT System Admin Issues
Subject: RE: Nimda Help for NT
http:[EMAIL PROTECTED] is a good
page with step by step instructions for removing the virus.
-Original Message-
From: Scott Vanderlip [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:38 AM
To: NT System Admin Issues
Title: RE: Nimda - Thought we were protected
Exchange 5.5 doesn't have attachment filtering/blocking capabilities.
You'll need some 3rd party software like Antigen - www.sybari.com
Regards,
Sean Martin,
MCSENetwork AdministratorRibelin Lowell &
CompanyInsurance Broke
D]
(404) 573-6630 Voice
6701 Roswell Road
Atlanta, GA 30328
-Original Message-
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:59 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Origin
Title: RE: Nimda - Thought we were protected
Where in Exchange 5.5 can you block certain attachments? Ideally, I would like to block all *.exe and all *.vbs from most users. I know how to block domains and email addresses, and I swear I've seen attachment blocking, but for the life of
http://www.sarc.com
-Original Message-
From: Scott Vanderlip [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:38 AM
To: NT System Admin Issues
Subject: Nimda Help for NT
We were hit by the Nimda on both our NT and 2000 machines. We are working
now to recover them.
Is th
Hi,
The virus summary on nai.com is very good and also lists the executables to add to the
file types for scanning.
regards,
Ian Lord
24/09/01 17:37:48, "Scott Vanderlip" <[EMAIL PROTECTED]> wrote:
>We were hit by the Nimda on both our NT and 2000 machines. We are working
>now to recover them.
Would you set the scan to continue scanning, delete or clean infected
files??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
SCAN ALL FILES (asp,js
Scott
Answer to "single site to search for the "q" numbers"
The HFNETCHK.exe is a program from www.microsoft.com/security that will tell
you which IIS patches need to be applied or which one are applied. The
Q's are the Microsoft articles that refer to these patches. When I am
applying II
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched20.dll and mcc.exe (if you ar
You also might try this free download from Symantec,
http:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 12:41 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please
I was wondering the same. I have been running this eEye Nimda
scanner...detecting INFECTED systems, but when I look at the systems in
question, they simply have a guest account enabled - no signs of the actual
virus. Any difinitive way to scan remotely and be sure it is reporting
correctly...i hat
A useful site to visit is TechRepublic, there is an article by John
McCormick with useful info and links to other info. May not give ALL the
info you want but probably most of it. i.e. MS01_044 patches five
vulnerabilities. Worth a look. As to companies with expertise, There are
thousands (the
http:[EMAIL PROTECTED] is a good
page with step by step instructions for removing the virus.
-Original Message-
From: Scott Vanderlip [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:38 AM
To: NT System Admin Issues
Subject: Nimda Help for NT
We were hit by the Nimda on bo
Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could it
, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject:RE: Nimda - Thought we were protected
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Me
QAII-441
Veenpluis 4 - 6, 5684 PC Best
The Netherlands
"Steve Kelsay" <[EMAIL PROTECTED]> on 09/24/2001 05:11:25 PM
Please respond to "NT System Admin Issues" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc:
u find out
there.
Desiree Herrmann
Network Manager
MasterLink Corp.
[EMAIL PROTECTED]
-Original Message-
From: Wantland, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Her
h the
latest DAT files and early engines - pre 4.1.40 I believe - Just a thought..
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2001 15:54
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
What makes you think it is Nim
PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc: (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being prot
ick)** CTR **" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 10:44 AM
Subject: RE: Nimda - Thought we were protected
> I had exactly the same experience. All of the profiles all of the desktop
> files were deleted.
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could it be an issue with Novell instead of Microsoft? Just a
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were prot
Sounds more like the machine itself is having problems rather than Nimda
causing anything. OSme of our NT workstations have that problem but hit the
restart button and all works well on next reboot.
Regards
Davidt
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Mon
I had exactly the same experience. All of the profiles all of the desktop
files were deleted. And Task Manager will not launch.
Rick
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda
September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I
thought it might be a new strain. I sent the files to
Could it be an issue with Novell instead of Microsoft? Just a thought.
Frank Ouimette
Chief Information Officer
FreeYankee, Inc.
Phone - 801.553.9381
Fax - 801.553.9338
> -Original Message-
> From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 24, 2001 8:35 AM
> To:
Yes, I had installed all the patches we discussed here on the site.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PROTECTED] 09/24/01 10:59AM >>>
Did you have the IE patch applied? If the browsed
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I thought it might
be a new strain. I sent the files to McAfee for analysis already.
Steve Kelsay
Network Administration Group
South Carolina Department of Reven
Did you have the IE patch applied? If the browsed to a infected site they
can get the virus that way as well.
Robert Muncy
Sherman Financial Group
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:35 AM
To: NT System Admin Issues
Subject
What makes you think it is Nimda in the first place?
Your symptoms sound nothing like it at all.
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:35 AM
To: NT System Admin Issues
Subject: Nimda - Thought we were protected
First alert,
www.microsoft.com/technet/security/bulletin/MS01-044.asp
http:[EMAIL PROTECTED]
Regards
- Original Message -
From: "Roger Ali" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 3:16 PM
Subject: RE: Nimda Breakout H
Sent: Monday, September 24, 2001 7:17 AM
To: NT System Admin Issues
Subject: RE: Nimda Breakout Help!
That's the problem, the machine that is infected is our file server, web
outlook server, and our email server. I can't shut these things down as
they are core to the business. The virus cam
've blocked
all attachments, I dunno how long it will last with our business. But we'll
see. Any other ideas?
Thanks
Roger Ali
-Original Message-
From: Kelly Borndale [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 7:57 PM
To: NT System Admin Issues
Subject
Try this instead...
http://www.grisoft.com/html/us_index.html
- Original Message -
From:
James Costa
To: NT System Admin Issues
Sent: Monday, September 24, 2001 2:00
AM
Subject: Nimda issue
Hi guys.
I’m new to this
list. Was wondering if anyone had
Also take a look at http://www.incidents.org/react/nimda.php
<http://www.incidents.org/react/nimda.php> for detailed analysis.
-Original Message-
From: Matthew Healy [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2001 09:36
To: NT System Admin Issues
Subject: RE: Nimda issue
Th
The
home page of http://www.sophos.com/ has Nimda info all
over it, including a free removal tool.
I
haven't tried it myself, so can't indicate either way to it
effectiveness.
-Original Message-From: James Costa
[mailto:[EMAIL PROTECTED]]Sent: Monday, 24 September 2001
17:0
HI,
First diable TFTP by changing the line tftp 69/udp to tftp 0/udp in
services file located drivers\etc to avoids the spreading of virus .
> --
> From: James Costa[SMTP:[EMAIL PROTECTED]]
> Reply To: NT System Admin Issues
> Sent: Monday, September 24, 2001 12:30
Subject: Re: Nimda and patch end up shutting my Web Server
I have eliminated it. I used a nimba tool and then had Norton scan and
remove files. My server works fine now.
- Original Message -
From: "Andrew S. Baker" <[EMAIL PROTECTED]>
To: "NT System Admin Issu
I have eliminated it. I used a nimba tool and then had Norton scan and
remove files. My server works fine now.
- Original Message -
From: "Andrew S. Baker" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Sunday, September 23,
"Evil is done without effort, naturally, it is the working
of fate; good is always the product of an art." -- Charles Baudelaire
(1821-67)
>-Original Message-
>From: Andrew S. Baker [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, September 23, 2001 10:17 AM
>To: NT System A
age-
From: Andrew S. Baker [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 10:17 AM
To: NT System Admin Issues
Subject: RE: Nimda and patch end up shutting my Web Server
>>Reformat. There is no way to 100% remove the
>>virus from your system.
I don't agree with tha
By now there are probably tools that will remove (or at least claim to
remove) Nimda, but once you were infected your machine started
announcing to the world that everyone had access to it. Even if a tool
cleans up Nimda can you ever be sure that some enterprising script
kiddie hasn't placed a tro
ile=~MoreInfo.TXT
==
"Feed a stranger's expired parking meter." -- H. Jackson Brown Jr.
>-Original Message-
>From: Clark, Steve [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, September 23, 2001 9:55 AM
>To: NT System Admin Issues
>Subj
"Fdisk...format... Reinstall..do da.." comes to mind
-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 09:55
To: NT System Admin Issues
Subject: RE: Nimda and patch end up shutting my Web Server
Reformat. There is no way to 1
Reformat. There is no way to 100% remove the virus from your system.
You can download and run utilities from Eeye, Norton, NAI, Commandcenter
.. But the bottom line, it's not going to be 100% cleaned.
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
30
Unplug the infected machine from the network.
-K
> -Original Message-
> From: Roger Ali [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 22, 2001 2:06 PM
> To: NT System Admin Issues
> Subject: Nimda Breakout Help!
>
>
> Guys,
> Does anyone know a way to prevent the PE_Nimda
Defintely keep up to date on patches...especially for IIS. Check out
Microsoft's bulletin: MS01-044. It has links for the cumulative patch
(fixes all known errors) for IIS.
I use Norton and of my 10 servers only one got bit my Nimda (one of my
BDCs). Luckily Norton contained it and only shut d
1. Keep your servers up to date on patches. NIMDA used old
vulnerabilities
2. Use something like URLScan and IISSecure on Web Servers
3. Make use of AV software
4. Employ good security practices
5. Read the security lists
6. Read the AV sites
See the following:
http://www.ultratech-llc.com/KB/?F
Good thinking!
I did try the url several times and wasn't getting a response from the
server, which is why I included the code.
-Original Message-
From: Randal, Phil [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 12:52 PM
To: NT System Admin Issues
Subject: RE: Nimd
925.371.3159 fax
"Do not follow where the path may lead. Go instead where there is no
path, and leave a trail."
-Ralph Waldo Emerson
-Original Message-
From: Randal, Phil [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 9:52 AM
To: NT System Admin Issues
Subject: RE: Nimd
stem Admin Issues
> Subject: RE: Nimda and HTML Files
>
>
> Yikes!! I got a bunch of antigen messages after including
> that code in the
> email. Looks like a lot of people are scanning for it.
>
> -Original Message-
> From: Bunting, Jeff [mailto:[EMAIL PROTECTE
Thanks to all. Just what I was looking for.
Mark
-Original Message-
From: Randal, Phil [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:51 AM
To: NT System Admin Issues
Subject: RE: Nimda and HTML Files
Check out this document:
http://www.incidents.org/react
Yikes!! I got a bunch of antigen messages after including that code in the
email. Looks like a lot of people are scanning for it.
-Original Message-
From: Bunting, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 12:13 PM
To: NT System Admin Issues
Subject: RE: Nimda
This is what it adds at the end of .htm, .html, and .asp files:
window.open("readme.eml", null,
"resizable=no,top=6000,left=6000")
It is only one line; I haven't seen anything else.
Jeff
-Original Message-
From: Mark Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11
: Re: NIMDA cleanup questions...
Can you kill them from a DOS box, or DOS boot, or boot disk?
Mike
- Original Message -
From: "Eric Brouwer" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 9:32 AM
Subject:
Can you kill them from a DOS box, or DOS boot, or boot disk?
Mike
- Original Message -
From: "Eric Brouwer" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 9:32 AM
Subject: NIMDA cleanup questions...
> I know half the camp says the o
Check out this document:
http://www.incidents.org/react/nimdaprint.php
The details you want are half way through...
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: Mark Kelsay [mailto:[E
www.nai.com - look for the virus description and it tells you the lines
added,
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-Original Message-
From: Mark Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Frida
you have probably done this but have you stopped the www service
-Original Message-
From: Bunting, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 8:46 AM
To: NT System Admin Issues
Subject: RE: NIMDA cleanup questions...
can you take ownership of the files
can you take ownership of the files?
-Original Message-
From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 10:33 AM
To: NT System Admin Issues
Subject: NIMDA cleanup questions...
I know half the camp says the only way to recover from NIMDA is to do a
fresh in
Why be skeptical?
If you have the virus your fsked anyhow, so why worry about trying the
fix?
-Original Message-
From: David Coffey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 8:22 AM
To: NT System Admin Issues
Subject: NIMDA FIX
Good morning,
Is anyone having good lu
I guess that it works fine. I didn't think that I had any infected machines
but ran it anyway and came up with no infected computers. No virus warning
yet.
_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice: 303-708-0955 x-207
Fax:303-708
stem Admin Issues
Subject: RE: NIMDA virus Help please
Does this apply to Red Code II as well?
-Eric Larsen
-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 1:41 PM
To: NT System Admin Issues
Subject: RE: NIMDA virus Help ple
1 - 100 of 110 matches
Mail list logo
