FYI for McAfee users Just found out that if you downloaded and ran McAfee's 4159 DAT file, it deletes infected .EXE files instead of cleaning them. Not good if your running Windows 2000. The new DAT file (4160) is supposed to fix this problem. -----Original Message----- From: Jeffrey Kessler [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:04 AM To: NT 2000 Discussions Subject: RE: New Virus - NIMBA McAfee sent a second series of DATs out tonight, 4160. I had a "tmp.exe" file on one PC that 4159 found but could not delete but when I updated to the 4160 DAT it did delete the file. Jeffrey Kessler MCSE MCP+I Technology Coordinator Newport (NH) School District 603-863-2414 ext 1116 [EMAIL PROTECTED] > -----Original Message----- > From: Lars Norman S�ndergaard [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 12:48 AM > To: NT 2000 Discussions > Subject: RE: New Virus - NIMBA > > > Anyone managed to download Trends' pattern 941 for Mail Scan > / Exchange. My > MailScan seems to think pattern 939 is the latest. > > Lars > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: 19. september 2001 00:15 > To: NT 2000 Discussions > Subject: RE: New Virus - NIMBA > > > > Some users access external mail servers such as private ISP's > using other > email clients. Our users are senior consultants, lawyers > etc so it's hard > to control them. We have the company email protected but > they do things > that we would prevent if we could. So far I've been seeing the > readme.exe, desktop.exe, readme.eml, desktop.eml, and I have > a ton of eml > files on my servers that are either completely the virus or infected > existing files - dont know yet. Might have to do a mass restore > whenever we can protect against this. > > > > > Wes Owen > > <[EMAIL PROTECTED]> To: "NT 2000 > Discussions" > Sent by: > <[EMAIL PROTECTED]> > > bounce-nt2000-135231@ls cc: > > .swynk.com Subject: > RE: New > Virus - NIMBA > > > > > 09/18/2001 02:57 PM > > Please respond to "NT > > 2000 Discussions" > > > > > > > > So did you have some users actually got the readme.exe file? > We have not > seen a single one of these hit our scanners yet. > > BTW, we run Mailsweeper and even though we do not block all > executables we > were able to quickly block readme.exe. Even though Sophos > had an update > out > about 10 minutes after we got that done. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 4:35 PM > To: NT 2000 Discussions > Subject: RE: New Virus - NIMBA > > > > I use Opera and this morning an infected web site offerred me > a download. > If > I had accepted the download I would have been a casualty in > this war. IE > users can get infected automatically and because all of our > workstations > have it, we had some get infected before we could notify > everyone. We > think some users got infected from Outlook too. > > > > > "Szlucha, Chris" > > <[EMAIL PROTECTED]> To: "NT 2000 > Discussions" > Sent by: > <[EMAIL PROTECTED]> > > bounce-nt2000-135231@ls cc: > > .swynk.com Subject: > RE: New > Virus - NIMBA > > > > > 09/18/2001 02:18 PM > > Please respond to "NT > > 2000 Discussions" > > > > > > > > Incorrect! If your users visit an infected website, they can get it > directly because it's embedded in the HTML. They can also > get it through > Hotmail and any other web-based email system. > > > > -----Original Message----- > From: Ryan Malayter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 5:11 PM > To: NT 2000 Discussions > Subject: RE: New Virus - NIMBA > > If you were blocking all executable attachments, you wouldn't > have to wait > for your antivirus vendor... > > -----Original Message----- > From: Anthony L. Sollars [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 4:09 PM > To: NT 2000 Discussions > Subject: RE: New Virus - NIMBA > > > SYMANTEC...MOVE IT MOVE IT > > -----Original Message----- > From: Marc Callahan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 2:04 PM > To: NT 2000 Discussions > Subject: Re: New Virus - NIMBA > > > c'mon Symantec! > > ----- Original Message ----- > From: "Chinnery Paul" <[EMAIL PROTECTED]> > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Sent: Tuesday, September 18, 2001 4:03 PM > Subject: RE: New Virus - NIMBA > > > > Trend has just within the last few minutes released it's update. I > > can't get it yet, though, probably because of site traffic. > > > > -----Original Message----- > > From: Jeffrey Witt [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 18, 2001 5:05 PM > > To: NT 2000 Discussions > > Subject: RE: New Virus - NIMBA > > > > > > It already hit us trying to download the detection and fix file now > > from McAfee its going real slow. Think they are busy? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Szlucha, Chris > > Sent: Tuesday, September 18, 2001 3:56 PM > > To: NT 2000 Discussions > > Subject: New Virus - NIMBA > > > > > > Just an FYI, folks. There is a new virus spreading rapidly!!! SARC > > and others are still researching it, but McAfee seems to have a DAT > > file that will at least recognize it. > > > > Seems to be a bit nasty in it's propagation. Check out the web site > > for more details. > > > > http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 > > <http://vil.nai.com/vil/virusSummary.asp?virus_k=99209> > > http:[EMAIL PROTECTED] > > <http:[EMAIL PROTECTED]> > > > > -Chris Sz > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to > whom they are > addressed. If you are NOT the intended recipient or the > person responsible > for delivering the e-mail to the intended recipient, be > advised that you > have received this e-mail in error and that any use, dissemination, > forwarding, printing, or copying of this e-mail is strictly > prohibited. > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
