When I scanned one of our servers with NAV, from a boot floppy it was
finding a lot of EXE's that it said was infected with NIMDA. The last folder
I saw that had several infected EXE's was "Program File\Outlook Express"
It could not clean these, they were different file sizes.
I did not want to delete these files...
Still looking at it. We were going to replace this server anyway.
Also got our proxy server - I already had a replacement for it setup. Just
not online yet.
Barry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ron Jameson
Sent: Wednesday, September 19, 2001 11:57 AM
To: Exchange Discussions
Subject: nimda virus changes on me
Well, I just put in a 24 hour shift to patch the ol' web, email, main and
terminal servers in one form or another and clean up 30 workstations. Was a
little too late in the blocking of all .exe files on the sybari but I think
this one entered thru the front web door on a client PC hitting an infected
web site.
Odd - two of the PC's out of the 30 were REALLY infected so as I could not
repair. I need to format these boxes. Has anyone seen this virus change or
morph into other executables other that the noted ones (riched20.dll,
readme.exe, load.exe, modified system.ini, plus several other windows
programs)?
Regards,
Ron Jameson
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
