Reformat. There is no way to 100% remove the virus from your system.
You can download and run utilities from Eeye, Norton, NAI, Commandcenter
.. But the bottom line, it's not going to be 100% cleaned.
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
Reformat. There is no way to 100% remove the
virus from your system.
I don't agree with that statement as an absolute, particularly if you
avoided rebooting the machine while the virus was running.
If you had a properly installed Hosted system, you could determine
what had been changed from a
By now there are probably tools that will remove (or at least claim to
remove) Nimda, but once you were infected your machine started
announcing to the world that everyone had access to it. Even if a tool
cleans up Nimda can you ever be sure that some enterprising script
kiddie hasn't placed a
Read the documentation from CERT, Eeye and other virus/ security
authorities. If the virus was executed on your server, it will open ports
and cause damage that can not be 100% removed.
However, your statement If you had a properly installed Hosted system, you
could determine what had been
If you had a properly installed Hosted system
Meant to say Host-based IDS system :)
==
ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT
==
Evil is done without
Have a server or two to migrate to Windows 2000,
anybody with horror stories they want to share. Any useful resources that should
be reviewed prior to taking the digital plunge.
Thanks in advance
-
RichardJones
Horror Story:
I did 5 months
of research and test builds of W2K Server, and thought, this will be a snap.
Famous last words eh.
Before you do
the upgrade, check the DNS tab of TCPIP properties, and see if you have a
domain name in there. If you do, use that name for your W2K
I have eliminated it. I used a nimba tool and then had Norton scan and
remove files. My server works fine now.
- Original Message -
From: Andrew S. Baker [EMAIL PROTECTED]
To: NT System Admin Issues [EMAIL PROTECTED]
Sent: Sunday, September 23, 2001 10:17 AM
Subject: RE: Nimda and
I would think that running a good port scanner against that box would be
a good idea. You never know what ports have been opened by the worm...
Rick
-Original Message-
From: Tiffany Belcher [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 10:26 AM
To: NT System Admin Issues
Hi all
Come across a stumbling block wonder if anyones got any ideas,
on windows 2000 rdisk don't exist, as ERD is built into NTBackup, and
looking thru the help file for ntbackup theres no command prompt
switches that can be used for ERD making only backup and restore,
Does anyone know if its
works well as long as you use the upgrade option...
have converted 3 data bases with no problems...
Jim
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Hi,
I'd done this before once. I used KIXTART which
is part of NT reskit.
It worked very fine.
first you write into your central login-script
all the printers (with the print-servers) and
the unc-name.
then, when users got their printers, it is very easy
to change the printserver by only changing
His poor attitude toward MS products in my opinion comes form his lack
of knowledge! Turning off IIS on a proxy machine is only something
someone who knows nothing of proxy would do, and is a clear message he
is administering products beyond his capability. I have never had any
one of the
Title: RE: Migrating printers from one print server to another.
Use printmig.exe from the W2K Server reskit, it's great, works with NT or 2K..
RE Young MCSE
C/S Systems Engineering
Dallas, TX USA
-Original Message-
From: SAAGER Stefan [mailto:[EMAIL PROTECTED]]
Sent:
one thing we had problems with was keeping global address list updated.
had to do an export -download -import and it's funky sometimes. I think
that's a limitation of outlook internet mail version. Don't know about the
CE version.
Dan
Words to live by:
If everyone is thinking alike then
If you have an idea what what IP or IP range the CE machines will connect
from, you can set IMS to deny relay to all but those adresses. I do this
with my mobile OmniSky/PPC users so they don't have to send through the
OmniSky SMTP server.
--Colin
you can push outgoing mail to your ISP's
What the F***? I believe is what he meant.
-Original Message-
From: Jesse E. Gardner [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 10:37 PM
To: NT System Admin Issues
Subject: RE: ISS and NT password crap
WTF?
Jesse E. Gardner, MCP
P.O. Box 11431
Columbia, SC 29211
Guys and Gals...
My department is currently looking at whether or not to keep a server or
two running ZAC from NAI running when we take over for a soon-to-be-gone
outsourcer. Do you have any gotchas or concerns with this product
(running on a Win2k Server) ?
TIA
Dave
well thanks Joe, obviously this post is full of useful information and i
will be filing it under my s*** from morons folder please continue to
contribute regulary to this forum, and i look forward to more useful advise
from your vast pool of infinite wisdom. Please let me know where to send
Folks
I am sorry if this
seems off topic - it is a question regarding Novell and NT being joined together
and the possibility of breaking that link.
Domain is Win NT 4
sp6a PDC and BDC Novell 4.11 NDS single server. Clients mix of mainly win
98 and a few 2000/NT WS.
A prior admin
IMHO Spoofing is only useful for DOS attacks, that is you do not want the
return packet, or you want the return packet to actually go to the spoofed
address.
The details in your web log mean that your web server was having a
conversation with that source, no spoofing involved.
I personally
ah now your talking and point taken - i am full of crap sometimes - comes
with listening to it on help desk all day... i apologized in the second
post.
now, your second comment is very interesting. care to elaborate? when you
say write a rule, your talking a rule that is on the web server or
You are concerned with outsiders causing your web server trouble.
Aside for the obvious harping on staying up to date on patches, if no
web pages are served off your proxy box, just don't allow http requests
in, don't publish... Why are you against upgrading to ISA, cuz bro, ISA
can be called a
only against ISA cos i know nothing about it (obvious remark here from you
guys would be i know nothing about IIS/proxy either, hehe)... flame
ignored
i don't want to stay uptodate with patches, i just want to deny http
requests in, publish is already turned off... how to do?
-Original
Hello,
I have been asked to research and potentially implement IM for a company
to communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real world implementation
concerns/ tips as well as the security
25 matches
Mail list logo
