I've got a file server with a bunch of .eml files - desktop.eml fax1.eml
2.eml professional.eml etc. - all created at the same time in various
subdirectories of a public share & all the same size & all owned by the same
person.
That sounds suspiciously like this, but I can't find anything definitive
about these damn .eml files!!
-Michèle
Immigration site: <http://LadySun1969.tripod.com>
Our new 2001 Miata: <http://members.cardomain.com/bpituley>
Tiggercam: <http://www.tiggercam.co.uk>
---------------------------------------------------------
The fact that no one understands you doesn't mean you're an artist.
---------------------------------------------------------
-----Original Message-----
From: John Allhiser [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 3:39 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
I believe readme.eml is loaded to an infected IIS website as an attachment
to
every page in the site.
When the infected site is accessed, it is downloaded as an .exe
This is what I see on securityfocus.com and the noted anti-virus sites.
John Allhiser MCSE CCNA
Network Engineer
Business Men's Assurance
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 2:37 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
has anybody seen anything Official about the .eml files? I've just heard
anecdotal evidence about them.
-Michèle
Immigration site: <http://LadySun1969.tripod.com>
Our new 2001 Miata: <http://members.cardomain.com/bpituley>
Tiggercam: <http://www.tiggercam.co.uk>
---------------------------------------------------------
Why do they put pictures of criminals up in the Post Office? What are we
supposed to do . . . write to these men? Why don't they just put their
pictures on the postage stamps so the mailmen could look for them while they
delivered the mail?
---------------------------------------------------------
-----Original Message-----
From: Daniel Deward [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 3:37 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
If you block EXE's there is no need to wait for updates. For more
information, visit http://www.cmsconnect.com
Dan
-----Original Message-----
From: Pfefferkorn, Pete (PFEFFEPE) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 3:16 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
Yes, NAI released an extra.dat Still waiting for trend to put out an
update.
Pete Pfefferkorn
Senior Systems Engineer/Mail Administrator
University of Cincinnati
51 Goodman Street
Cincinnati, OH 45221
Phone - (513) 556-9076
Fax - (513) 556-2042
-----Original Message-----
From: Etts, Russell [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 2:51 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
Does anyone have any more info on this??
Does NAI have an update? I can't get through to them.
Thanks
Russell
-----Original Message-----
From: John Bricher [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:33 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
On the servers that were infected at our company, we found a mmc.exe that
was running in c:\winnt. This appeared to be regenerating the readme.eml
files. We killed the process, deleted the file, and deleted the .eml files.
This appears to have worked for now.
Not sure how to stop it from happening again.
John Bricher
Windows NT Engineer
Cybear, Inc.
561-999-3549
[EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
