My mistake I meant not to delete them until the virus is contained or it
will just re populate itself with different file names
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Szlucha, Chris
Sent: Tuesday, September 18, 2001 5:46 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
I believe, but I may be mistaken, that you need to delete all of the
instances of the file in it's many iterations, the .EML files, the .EXE
files that it created, the MMC.EXE that was modified, the .DLL file it
modifies, and the .TMP.EXE files that it creates under your temp folder.
And check your system.ini for the telltale modification it makes and delete
that also.
But I'm not a virus guy so I could be wrong. :)
-----Original Message-----
From: Jeffrey Witt [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 6:35 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
Don't delete the .eml files! I did on one machine that I pulled from the
network. They just showed up again with different names and the .eml
extension. Right now they are sitting on the network volume as desktop.eml
and lightning.eml
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 5:15 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
Some users access external mail servers such as private ISP's using other
email clients. Our users are senior consultants, lawyers etc so it's hard
to control them. We have the company email protected but they do things
that we would prevent if we could. So far I've been seeing the
readme.exe, desktop.exe, readme.eml, desktop.eml, and I have a ton of eml
files on my servers that are either completely the virus or infected
existing files - dont know yet. Might have to do a mass restore
whenever we can protect against this.
Wes Owen
<[EMAIL PROTECTED]> To: "NT 2000
Discussions"
Sent by: <[EMAIL PROTECTED]>
bounce-nt2000-135231@ls cc:
.swynk.com Subject: RE: New
Virus - NIMBA
09/18/2001 02:57 PM
Please respond to "NT
2000 Discussions"
So did you have some users actually got the readme.exe file? We have not
seen a single one of these hit our scanners yet.
BTW, we run Mailsweeper and even though we do not block all executables we
were able to quickly block readme.exe. Even though Sophos had an update
out
about 10 minutes after we got that done.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 4:35 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
I use Opera and this morning an infected web site offerred me a download.
If
I had accepted the download I would have been a casualty in this war. IE
users can get infected automatically and because all of our workstations
have it, we had some get infected before we could notify everyone. We
think some users got infected from Outlook too.
"Szlucha, Chris"
<[EMAIL PROTECTED]> To: "NT 2000
Discussions"
Sent by: <[EMAIL PROTECTED]>
bounce-nt2000-135231@ls cc:
.swynk.com Subject: RE: New
Virus - NIMBA
09/18/2001 02:18 PM
Please respond to "NT
2000 Discussions"
Incorrect! If your users visit an infected website, they can get it
directly because it's embedded in the HTML. They can also get it through
Hotmail and any other web-based email system.
-----Original Message-----
From: Ryan Malayter [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 5:11 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
If you were blocking all executable attachments, you wouldn't have to wait
for your antivirus vendor...
-----Original Message-----
From: Anthony L. Sollars [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 4:09 PM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
SYMANTEC...MOVE IT MOVE IT
-----Original Message-----
From: Marc Callahan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 2:04 PM
To: NT 2000 Discussions
Subject: Re: New Virus - NIMBA
c'mon Symantec!
----- Original Message -----
From: "Chinnery Paul" <[EMAIL PROTECTED]>
To: "NT 2000 Discussions" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 4:03 PM
Subject: RE: New Virus - NIMBA
> Trend has just within the last few minutes released it's update. I
> can't get it yet, though, probably because of site traffic.
>
> -----Original Message-----
> From: Jeffrey Witt [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 5:05 PM
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
>
> It already hit us trying to download the detection and fix file now
> from McAfee its going real slow. Think they are busy?
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Szlucha, Chris
> Sent: Tuesday, September 18, 2001 3:56 PM
> To: NT 2000 Discussions
> Subject: New Virus - NIMBA
>
>
> Just an FYI, folks. There is a new virus spreading rapidly!!! SARC
> and others are still researching it, but McAfee seems to have a DAT
> file that will at least recognize it.
>
> Seems to be a bit nasty in it's propagation. Check out the web site
> for more details.
>
> http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
> <http://vil.nai.com/vil/virusSummary.asp?virus_k=99209>
> http:[EMAIL PROTECTED]
> <http:[EMAIL PROTECTED]>
>
> -Chris Sz
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
This e-mail and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If you are NOT the intended recipient or the person responsible
for delivering the e-mail to the intended recipient, be advised that you
have received this e-mail in error and that any use, dissemination,
forwarding, printing, or copying of this e-mail is strictly prohibited.
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
