r Tomorrow"
[EMAIL PROTECTED]
(858) 693-6929 (voice)
(858) 693-6916 (fax)
(310) 283-0806 (cell)
Please visit us online @ http://www.911RRT.com
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Sub
t: RE: Nimda - Thought we were protected
The eml files were returning even AFTER running all the Nimda scanners/
cleaners. (We used two of them)
Finally just gave up and wiped the drives.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbi
09/24/01 04:58PM >>>
Your sysmptoms read more like a Netware or other script not running to
completion.
ralph
Reply Separator________
Subject:RE: Nimda - Thought we were protected
Author: NT System Admin Issues <[EMAIL PROTECTED]>
Date:
The eml files were returning even AFTER running all the Nimda scanners/ cleaners. (We
used two of them)
Finally just gave up and wiped the drives.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PRO
OK. Trends analysis response came back. Send us your serial number or we won't look at
it.
Not smart. I KNOW it's Nimda. I though they would want to see it and see if it was in
fact a new strain. I only sent it to them because once before they asked me here in
this forum to do so whenever we
Yeah yeah, you got it
-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 17:33
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Don't u mean Sophos ?
-Original Message-
From: Gisler, Johnny [m
Don't u mean Sophos ?
-Original Message-
From: Gisler, Johnny [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 20:05
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [m
/www.911RRT.com
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
> About every fifteen minutes or so, the .EML files are all back again.
I've heard about t
How do you know your hit then?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 13:59
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Your sysmptoms read more like a Netware or other script not running to
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 13:59
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Your sysmptoms read more like a Netware or other script not running to
completion
ot;*.mpeg""AttachmentNames9"="*.avi""AttachmentNames10"="*.mpg""AttachmentNames11"="*.exe"
DisAllow.cmd
nav12.regnaveupdate.exe
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24,
Title: Message
Don't
forget to block WTC.exe (W32/Vote) while you're at it.
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24, 2001 4:09 PMTo: NT System Admin IssuesSubject: RE:
Nimda - Thought we were protected
Peter, you
System Admin IssuesSubject: RE:
Nimda - Thought we were protected
Peter, you got a doc on that from
symantec?
-Original Message-From: Kim, Peter J.
[mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001
2:26 PMTo: NT System Admin IssuesSubject: RE: Nimda
Title: RE: Nimda - Thought we were protected
We're
using MailMarshal - it lets you block any attachments you like and is
intelligent enough to inspect headers to determine the file type to get around
cunning users changing file extensions...
-Original Message-From: Miley
> About every fifteen minutes or so, the .EML files are all back again.
I've heard about this- in fact, just this afternoon. In this case, I
recommended to my customer to "quarantine" the machine (read: remove the
network cable!) and run the NIMDA scanner/fix from the machine locally (you
won't
Your sysmptoms read more like a Netware or other script not running to
completion.
ralph
Reply Separator
Subject:RE: Nimda - Thought we were protected
Author: NT System Admin Issues <[EMAIL PROTECTED]>
Date: 09/24/2001 7:54 AM
What mak
001 2:26
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec NAV for exchange, you make minor adjustments to the
Registry and it blocks all wanted attachments.
-Original
Message-From: Ian Kelly
[mailto:[
Title: RE: Nimda - Thought we were protected
trend
scanmail.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24,
2001 2:33 PMTo: NT System Admin IssuesSubject: RE: Nimda
- Thought we were protected
You
can't block attach
OK, The infected file to McAfee was returned as undeliverable. Any new addresses? This
one came from their site so should have been valid.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PROTECTED]
ROTECTED]] Sent: Monday, September 24, 2001 11:34
AMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL PROTECTED]-Love
may not make the world go round, but I must admi
MAIL PROTECTED]
Phone: (404) 827-0924
-Original Message-
From: Lenny Bensman [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:00 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could you please send the link to it? Does this tool clean
Title: Message
Peter,
you got a doc on that from symantec?
-Original Message-From: Kim, Peter J.
[mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:26
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec
Title: RE: Nimda - Thought we were protected
Thanks
to both of you who replied. I was going crazy trying to find something
that doesn't exist.
Kelly Gosh
Information Systems Manager
Brilliance Audio, Inc.
Phone: 616.846.5256 ext. 704
Fax: 616.846.0630
http://www.brillianceaudi
Are you talking about the servers only or the workstations ??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
SCAN ALL FILES (asp,js,htm,html,shtm
Title: RE: Nimda - Thought we were protected
Be careful using this tool. . . The fixnimda.com will delete all your shares. . so if you run this utility on a server you could be in for a long night of rebuilding your structure, esp if you use share based permissions.
Bobby A. Jones
Systems
D]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc: (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being protected with
: RE: Nimda - Thought we
were protected
Third
party tools!
Ian
-
[EMAIL PROTECTED]
-
Love may not make the world go round, but I must admit that it makes the ride
worthwhile. - Sean Connery
-Original Message-
From
Title: RE: Nimda - Thought we were protected
You
can't block attachments natively. You need 3rd party antivirus software.
-Original Message-From: Kelly Gosh
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001
11:07 AMTo: NT System Admin IssuesSubject: RE:
ngage in it."
-Original Message-From: Ian Kelly
[mailto:[EMAIL PROTECTED]] Sent: September 24, 2001 14:34
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL
-
From: Rudolph, Paul [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 1:05 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched
ptember 24, 2001 11:41 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched
Title: RE: Nimda - Thought we were protected
I've been continuously scanning all the drives (including the networked). There is a tool out on Symantec site. Please check this site. http:[EMAIL PROTECTED]
-Original Message-
From: Negrete, Arthur [mailto:[EMAIL PROTECTED]]
01 1:05 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched, and
has no signs of infection
Paul Rudolph, MCSE; MCP+Internet; CCA
perots
:[EMAIL PROTECTED]] Sent: September 24, 2001 14:07
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Where in Exchange 5.5 can you block certain attachments?
Ideally, I would like to block all *.exe and all *.vbs from most users.
I know how to block domains and
Title: RE: Nimda - Thought we were protected
Exchange 5.5 doesn't have attachment filtering/blocking capabilities.
You'll need some 3rd party software like Antigen - www.sybari.com
Regards,
Sean Martin,
MCSENetwork AdministratorRibelin Lowell &
CompanyInsurance Broke
D]
(404) 573-6630 Voice
6701 Roswell Road
Atlanta, GA 30328
-Original Message-
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:59 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Origin
Title: RE: Nimda - Thought we were protected
Where in Exchange 5.5 can you block certain attachments? Ideally, I would like to block all *.exe and all *.vbs from most users. I know how to block domains and email addresses, and I swear I've seen attachment blocking, but for the life of
Would you set the scan to continue scanning, delete or clean infected
files??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
SCAN ALL FILES (asp,js
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched20.dll and mcc.exe (if you ar
You also might try this free download from Symantec,
http:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 12:41 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please
Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could it
, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject:RE: Nimda - Thought we were protected
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Me
(bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
Yes, I had installed all the patches we discussed here on the site.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-
u find out
there.
Desiree Herrmann
Network Manager
MasterLink Corp.
[EMAIL PROTECTED]
-Original Message-
From: Wantland, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Her
h the
latest DAT files and early engines - pre 4.1.40 I believe - Just a thought..
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2001 15:54
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
What makes you think it is Nim
PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc: (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being prot
ick)** CTR **" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 10:44 AM
Subject: RE: Nimda - Thought we were protected
> I had exactly the same experience. All of the profiles all of the desktop
> files were deleted.
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could it be an issue with Novell instead of Microsoft? Just a
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were prot
Sounds more like the machine itself is having problems rather than Nimda
causing anything. OSme of our NT workstations have that problem but hit the
restart button and all works well on next reboot.
Regards
Davidt
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Mon
- Thought we were protected
Yes, I had installed all the patches we discussed here on the site.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PROTECTED] 09/24/01 10:59AM >>>
D
September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I
thought it might be a new strain. I sent the files to
Could it be an issue with Novell instead of Microsoft? Just a thought.
Frank Ouimette
Chief Information Officer
FreeYankee, Inc.
Phone - 801.553.9381
Fax - 801.553.9338
> -Original Message-
> From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 24, 2001 8:35 AM
> To:
Yes, I had installed all the patches we discussed here on the site.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
>>> [EMAIL PROTECTED] 09/24/01 10:59AM >>>
Did you have the IE patch applied? If the browsed
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I thought it might
be a new strain. I sent the files to McAfee for analysis already.
Steve Kelsay
Network Administration Group
South Carolina Department of Reven
Did you have the IE patch applied? If the browsed to a infected site they
can get the virus that way as well.
Robert Muncy
Sherman Financial Group
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:35 AM
To: NT System Admin Issues
Subject
What makes you think it is Nimda in the first place?
Your symptoms sound nothing like it at all.
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:35 AM
To: NT System Admin Issues
Subject: Nimda - Thought we were protected
First alert,
57 matches
Mail list logo