Clean clients with what?!! We unfortunately use InoculateIT and CA are not
generally first on the block with virus updates.
Also any idea which patch I should apply to our IIS server? I had a check
only yesterday on the MS site and used the tool to check for patches,
thought we were shored up.
Thanks, James.
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0044_01C14042.84588EE0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> serious network down...readme.eml??1 Unplug servers form network.
> 2 use ERD to recover.
> 3 send users home.
> 4 clean clients.
> -----Original Message-----
> From: Terry Manolakos [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 12:21 PM
> To: NT System Admin Issues
> Subject: serious network down...readme.eml??
>
>
> My network is slammed with some uknown virus of some sort.....Both my NT
> 4.0 servers running MS-Exchange 6.5 have about 2300 alien files which were
> deleted....a "readme.eml" is being executed by all users somehow
> automtically and its infecting all my NT domain. I can not Ctrl+Alt+Delete
> to log into any of the servers.....the display shows "initialization of the
> dynamic link library C:\WINNT\system32\USER32.dll failed. The process is
> terminating abnormally" OKaying this results in no effects....all servers
> have this displayed onscreen. For the ones that have admin already logged
> in, Services (control panel, settings) can not be accessed! "access to the
> specified device, path, or file is denied"....it seems this virus has locked
> onto this element. PDC is running Exchange (I know, never put'em
> together...but we're still cleaning up after previous SysAdmins here), and
> this has gone bezerk as well, with the same message onscreen.
> Norton/Symantec doesn't recognize "readme.eml"....who out there can shine a
> flashlite in this dark mess? thanks in advance.
>
> Terry
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
> ------=_NextPart_000_0044_01C14042.84588EE0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD><TITLE>serious network down...readme.eml??</TITLE>
> <META content=3D"text/html; charset=3Diso-8859-1" =
> http-equiv=3DContent-Type>
> <META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR></HEAD>
> <BODY>
> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
> class=3D173090417-18092001>1 Unplug servers form=20
> network.</SPAN></FONT></DIV>
> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
> class=3D173090417-18092001>2 use ERD to=20
> recover.</SPAN></FONT></DIV>
> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
> class=3D173090417-18092001>3 send users=20
> home.</SPAN></FONT></DIV>
> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
> class=3D173090417-18092001>4 clean =
> clients.</SPAN></FONT></DIV>
> <BLOCKQUOTE>
> <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
> face=3DTahoma=20
> size=3D2>-----Original Message-----<BR><B>From:</B> Terry Manolakos=20
> [mailto:[EMAIL PROTECTED]]<BR><B>Sent:</B> Tuesday, =
> September=20
> 18, 2001 12:21 PM<BR><B>To:</B> NT System Admin =
> Issues<BR><B>Subject:</B>=20
> serious network down...readme.eml??<BR><BR></DIV></FONT>
> <P><FONT face=3DArial size=3D2>My network is slammed with some uknown =
> virus of=20
> some sort.....Both my NT 4.0 servers running MS-Exchange 6.5 have =
> about 2300=20
> alien files which were deleted....a "readme.eml" is being executed by =
> all=20
> users somehow automtically and its infecting all my NT =
> domain. I=20
> can not Ctrl+Alt+Delete to log into any of the servers.....the display =
> shows=20
> "initialization of the dynamic link library =
> C:\WINNT\system32\USER32.dll=20
> failed. The process is terminating abnormally" OKaying this =
> results in=20
> no effects....all servers have this displayed onscreen. For the =
> ones=20
> that have admin already logged in, Services (control panel, settings) =
> can not=20
> be accessed! "access to the specified device, path, or file is=20
> denied"....it seems this virus has locked onto this element. PDC =
> is=20
> running Exchange (I know, never put'em together...but we're still =
> cleaning up=20
> after previous SysAdmins here), and this has gone bezerk as well, with =
> the=20
> same message onscreen. Norton/Symantec doesn't recognize=20
> "readme.eml"....who out there can shine a flashlite in this dark =
> mess? =20
> thanks in advance.</FONT></P>
> <P><FONT face=3DVerdana>Terry </FONT>=20
> =
> </P>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR></BLOC=
> KQUOTE>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
</BODY></HTML>
>
> ------=_NextPart_000_0044_01C14042.84588EE0--
