Does anyone have a fix for a Windows 9x station that is infected. The
problem I am facing is the virus spawns so much email when it boots, you can
not get control of the station before it locks up. I am also faced with the
same issue on a Windows NT server. It keeps opening various windows that the
server locks up. I can not even get to task manager, will not open that
program at all. Please any advise would be appreciated.
Thank you,
Robert Saylors
Technical Services Manager
The FoxBerry Group
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Szlucha, Chris
Sent: Wednesday, September 19, 2001 10:13 AM
To: NT 2000 Discussions
Subject: New Virus - NIMDA -**IMPORTANT!!!**
Just thought you all should now, it hasn't been disclosed yet but this virus
also has an FTP component that scans for often-used directories (pub,
incoming, etc...) and attempts a MKDIR command to see if it's writeable, and
if it is, it propagates into those ftp directories. This info was provided
by Mark C. here at my site and I appreciate his info. He has posted this
info but it hasn't shown up in any of the official reports yet on the
commercial virus sites.
-----Original Message-----
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:29 AM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
You can DL the pattern files and manually stick them in.
Their tech support page has info on how to do it.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sojka
Sent: Wednesday, September 19, 2001 6:21 AM
To: NT 2000 Discussions
Subject: RE: New Virus - NIMBA
Got it last night around 530 PM EDT
> -----Original Message-----
> From: Lars Norman S�ndergaard [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 12:48 AM
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
>
> Anyone managed to download Trends' pattern 941 for Mail Scan
> / Exchange. My
> MailScan seems to think pattern 939 is the latest.
>
> Lars
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 19. september 2001 00:15
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
>
>
> Some users access external mail servers such as private ISP's
> using other
> email clients. Our users are senior consultants, lawyers
> etc so it's hard
> to control them. We have the company email protected but
> they do things
> that we would prevent if we could. So far I've been seeing the
> readme.exe, desktop.exe, readme.eml, desktop.eml, and I have
> a ton of eml
> files on my servers that are either completely the virus or infected
> existing files - dont know yet. Might have to do a mass restore
> whenever we can protect against this.
>
>
>
>
> Wes Owen
>
> <[EMAIL PROTECTED]> To: "NT 2000
> Discussions"
> Sent by:
> <[EMAIL PROTECTED]>
>
> bounce-nt2000-135231@ls cc:
>
> .swynk.com Subject:
> RE: New
> Virus - NIMBA
>
>
>
>
> 09/18/2001 02:57 PM
>
> Please respond to "NT
>
> 2000 Discussions"
>
>
>
>
>
>
>
> So did you have some users actually got the readme.exe file?
> We have not
> seen a single one of these hit our scanners yet.
>
> BTW, we run Mailsweeper and even though we do not block all
> executables we
> were able to quickly block readme.exe. Even though Sophos
> had an update
> out
> about 10 minutes after we got that done.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 4:35 PM
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
>
>
> I use Opera and this morning an infected web site offerred me
> a download.
> If
> I had accepted the download I would have been a casualty in
> this war. IE
> users can get infected automatically and because all of our
> workstations
> have it, we had some get infected before we could notify
> everyone. We
> think some users got infected from Outlook too.
>
>
>
>
> "Szlucha, Chris"
>
> <[EMAIL PROTECTED]> To: "NT 2000
> Discussions"
> Sent by:
> <[EMAIL PROTECTED]>
>
> bounce-nt2000-135231@ls cc:
>
> .swynk.com Subject:
> RE: New
> Virus - NIMBA
>
>
>
>
> 09/18/2001 02:18 PM
>
> Please respond to "NT
>
> 2000 Discussions"
>
>
>
>
>
>
>
> Incorrect! If your users visit an infected website, they can get it
> directly because it's embedded in the HTML. They can also get it
> through Hotmail and any other web-based email system.
>
>
>
> -----Original Message-----
> From: Ryan Malayter [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 5:11 PM
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
> If you were blocking all executable attachments, you wouldn't
> have to wait
> for your antivirus vendor...
>
> -----Original Message-----
> From: Anthony L. Sollars [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 4:09 PM
> To: NT 2000 Discussions
> Subject: RE: New Virus - NIMBA
>
>
> SYMANTEC...MOVE IT MOVE IT
>
> -----Original Message-----
> From: Marc Callahan [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 2:04 PM
> To: NT 2000 Discussions
> Subject: Re: New Virus - NIMBA
>
>
> c'mon Symantec!
>
> ----- Original Message -----
> From: "Chinnery Paul" <[EMAIL PROTECTED]>
> To: "NT 2000 Discussions" <[EMAIL PROTECTED]>
> Sent: Tuesday, September 18, 2001 4:03 PM
> Subject: RE: New Virus - NIMBA
>
>
> > Trend has just within the last few minutes released it's update. I
> > can't get it yet, though, probably because of site traffic.
> >
> > -----Original Message-----
> > From: Jeffrey Witt [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 5:05 PM
> > To: NT 2000 Discussions
> > Subject: RE: New Virus - NIMBA
> >
> >
> > It already hit us trying to download the detection and fix file now
> > from McAfee its going real slow. Think they are busy?
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Szlucha, Chris
> > Sent: Tuesday, September 18, 2001 3:56 PM
> > To: NT 2000 Discussions
> > Subject: New Virus - NIMBA
> >
> >
> > Just an FYI, folks. There is a new virus spreading rapidly!!! SARC
> > and others are still researching it, but McAfee seems to have a DAT
> > file that will at least recognize it.
> >
> > Seems to be a bit nasty in it's propagation. Check out the web site
> > for more details.
> >
> > http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
> > <http://vil.nai.com/vil/virusSummary.asp?virus_k=99209>
> > http:[EMAIL PROTECTED]
> > <http:[EMAIL PROTECTED]>
> >
> > -Chris Sz
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to
> [EMAIL PROTECTED]
> >
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to
> [EMAIL PROTECTED]
> >
> > ------
> > You are subscribed as [EMAIL PROTECTED]
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe send a blank email to
> [EMAIL PROTECTED]
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
>
>
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
>
> This e-mail and any files transmitted with it are confidential and are
> intended solely for the use of the individual or entity to whom they
> are addressed. If you are NOT the intended recipient or the
> person responsible
> for delivering the e-mail to the intended recipient, be
> advised that you
> have received this e-mail in error and that any use, dissemination,
> forwarding, printing, or copying of this e-mail is strictly
> prohibited.
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
>
>
>
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> ------
> You are subscribed as [EMAIL PROTECTED]
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
