Try using Trend's fix tool, its run by command line so it could be scripted. Also, remember that nimda will screw with file permission and open shares if it can. It best to isolate the infected servers offline from the main windows environment while cleaning.
http://www.antivirus.com/vinfo/security/fix_nimda.com ----- Original Message ----- From: "joe vano" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 18, 2002 10:30 AM Subject: nimda fun in linux/win2k network > Okay, here's the deal: > > My boss set up a win NT box with IIS running on it to do work for a customer. Now my boss is an excellent programmer and knows his way around linux, but Windows eludes him. Within 24 hours of the NT box's installation, Nimda.E is everywhere on the network. We didn't have a good AV solution because its never been a problem before. > > We run linux file servers and Win2k Pro desktops (for the business guys). Of course, Nimda.E doesn't bother the linux servers one iota, but it played havoc w/ the windows boxes. We have the desktops cleared up by using Norton AV. > > Now to the real problem: > > The desktops are cleared and protected now, but the file server space keeps getting chewed up by copies of the worm. Also, having an uncontained worm on the file servers is no good for my sleeping habits. How the heck can I get Nimda off my fileserver? > > I've tried to scan and clear the windows-mountable shares by running Norton AV 2001 on my win2k desktop, but I can't seem to quarantine or delete any of the thousands of infected files. I'm thinking I might try to rm -rf *.eml from the root directory, but a nagging doubt is telling me that this might be a bad thing. A) It might delete perfectly good files B) Only most of the infected files are .eml; some are infected .exe > > If you're still reading by this point, I need some more advice if you are willing to impart it: One of my other bosses has already given me the go-ahead to get quotes for Norton Anti-virus Corporate 7.6. Now, this is all well and good. It will PROBABLY keep this fiasco from happening again (along w/ no IIS on a public IP in the office), but what if it does? Does anyone know if NAV corporate can handle file servers running under linux that are Windows mountable? I'm going to call Symantec about it, but they'll surely pump me full of sunshine and send me on my merry way. > > Thanks for your patience. I eagerly await your rely. > > Sincerely Yours, > A glorified desktop support tect pretending he's a sys admin > > _____________________________________________________________ > Fight the power! BlazeMail.com > > _____________________________________________________________ > Run a small business? Then you need professional email like [EMAIL PROTECTED] from Everyone.net http://www.everyone.net?tag >
