|
You both got hit by the worm that is making rounds. Go
patch your IIS servers, and get Antigen for your Exchange or Notes
servers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
K.Borndale
----- Original Message -----
Sent: Tuesday, September 18, 2001 1:00
PM
Subject: Re: serious network
down...readme.eml??
We have this too!! Nearly all Win 98 desktops are displaying
all kinds of
.eml files plus a riched20.dll file which if opened with
notepad says
something about a Concept China virus.
Just affected
our Application Terminal Server at the moment, no idea where
it's come
from, possibly our IIS server.
Any news gratefully appreciated,
James.
> This message is in MIME format. Since your mail reader does
not understand
> this format, some or all of this message may not be
legible.
>
> ------_=_NextPart_001_01C1405D.DC3854E0
>
Content-Type: text/plain;
> charset="iso-8859-1"
>
> My
network is slammed with some uknown virus of some sort.....Both my NT
4.0
> servers running MS-Exchange 6.5 have about 2300 alien files which
were
> deleted....a "readme.eml" is being executed by all users
somehow
> automtically and its infecting all my NT domain. I
can not Ctrl+Alt+Delete
> to log into any of the servers.....the display
shows "initialization of the
> dynamic link library
C:\WINNT\system32\USER32.dll failed. The process is
> terminating
abnormally" OKaying this results in no effects....all servers
>
have this displayed onscreen. For the ones that have admin already
logged
> in, Services (control panel, settings) can not be
accessed! "access to the
> specified device, path, or file is
denied"....it seems this virus has locked
> onto this element. PDC
is running Exchange (I know, never put'em
> together...but we're still
cleaning up after previous SysAdmins here), and
> this has gone bezerk
as well, with the same message onscreen.
> Norton/Symantec doesn't
recognize "readme.eml"....who out there can shine a
> flashlite in this
dark mess? thanks in advance.
>
> > Terry
>
> ------_=_NextPart_001_01C1405D.DC3854E0
> Content-Type:
text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding:
quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML
3.2//EN">
> <HTML>
> <HEAD>
> <META
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
>
charset=3Diso-8859-1">
> <META NAME=3D"Generator" CONTENT=3D"MS
Exchange Server version =
> 5.5.2653.12">
>
<TITLE>serious network down...readme.eml??</TITLE>
>
</HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2
FACE=3D"Arial">My network is slammed with some uknown =
> virus of
some sort.....Both my NT 4.0 servers running MS-Exchange 6.5 =
> have
about 2300 alien files which were deleted....a =
>
"readme.eml" is being executed by all users somehow
=
> automtically and its infecting all my NT domain.
I can not =
> Ctrl+Alt+Delete to log into any of the servers.....the
display shows =
> "initialization of the dynamic link library
=
> C:\WINNT\system32\USER32.dll failed. The process is terminating
=
> abnormally" OKaying this results in no
effects....all =
> servers have this displayed onscreen. For
the ones that have =
> admin already logged in, Services (control panel,
settings) can not be =
> accessed! "access to the
specified device, path, or file is =
> denied"....it seems this
virus has locked onto this element. =
> PDC is running
Exchange (I know, never put'em together...but we're =
> still cleaning
up after previous SysAdmins here), and this has gone =
> bezerk as well,
with the same message onscreen. Norton/Symantec =
> doesn't
recognize "readme.eml"....who out there can shine a
=
> flashlite in this dark mess? thanks in
advance.</FONT></P>
>
> <P><FONT
FACE=3D"Verdana">Terry </FONT>=20
> </P>
>
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
</BODY>
>
</HTML>
>
------_=_NextPart_001_01C1405D.DC3854E0--
|
