ROFL....Good one!
-----Original Message-----
From: Sullivan, Glenn [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:53 AM
To: NT System Admin Issues
Subject: RE: Is there any way to know for sure? More Nimda stuff.
It looks like a little guys head, with Grey skin, black hair, and a
light blue shirt, but so does everyone else's account...
(sorry, I couldn't resist. And it's Friday...)
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:44 PM
To: NT System Admin Issues
Subject: RE: Is there any way to know for sure? More Nimda stuff.
What does the guest account look like?
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-----Original Message-----
From: Jay Woody [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:40 PM
To: NT System Admin Issues
Subject: Is there any way to know for sure? More Nimda stuff.
Maybe I am being paranoid. I have a server that the eeye scanner says
is not vulnerable, I don't see any .eml files on it and when I scan for
files changed since the 18th, there are no .exes. However, when I look
at the task list, it shows 2 CMD.EXEs open. I have one open but not
two. Am I being weird here? The second CMD.EXE un-nerves me, but I
can't find any other sign of infection. Is there any one, "sure fire"
way to KNOW that the box has been hit? Is there one registry entry or
file or something that the virus ALWAYS does so I can see if the box is
hit?
I am thinking about re-building it, just in case, but if I can leave it
up, I would obviously prefer that. Any ideas?
JayW
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
