|
Hi guys. I’m new to this list. Was wondering if anyone had a problem
getting rid of the Nimda virus? I use InoculateIT
from Computer Associates as my virus scanner, with newest virus update. I think I have a pretty secure machine,
but that’s only an opinion. I
speculate I was infected thru IIS, as I did not have any email with the
readme.exe file, and I have already patched the MIME header problem. Anyways, I noticed through my firewall
that TFTP.EXE (Trivial FTP) was trying to gain access to the internet, about 32
times in the middle of the night in fact.
I did not give it explicit access, so it’s basically in my machine
and can’t get out, if it’s even still on here. I noticed, however, from my firewall
logs, that TFTP.EXE was trying to connect to local DSL routers, and all IP’s
that it was trying to connect to had the same first
two octets, and always tried to connect from port 69. I speculate this is the Nimda virus, from the way it is randomly scanning for more
computers to infect. TFTP.EXE is a
listening app, I believe, that waits for a signal from RIS from a remote
machine to re-install windows. Has
anyone had this similar problem?
Maybe I am not clear enough, do I need to
specify something? Maybe I am just
a monkey and you guys don’t want to hear about my problems? Well, I appreciate any attention in
advance, and if this isn’t appropriate for this list, do not hesitate to
let me know. Thanks. |
- RE: Nimda issue James Costa
- RE: Nimda issue Sankaranarayanan_Ganapathy
- RE: Nimda issue Matthew Healy
- RE: Nimda issue Ade_Aiyenigba
- Re: Nimda issue nt_server
