RE: Nimda - Thought we were protected

Mon, 24 Sep 2001 09:56:42 -0700 

I don't know if Eeye put out a new tool since Friday, but I used a tool they
had put out on my network, and ended up getting false positives from said
tool.  I spent hours checking into 19 workstations to find that all were
safe and sound.  It was scary, so don't count on everything you find out
there.  

Desiree Herrmann
Network Manager
MasterLink Corp.
[EMAIL PROTECTED]





-----Original Message-----
From: Wantland, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected



Here's a tool from eEye.  McAfee has a tool as well.

http://www.eeye.com/html/Research/Tools/nimda.html

-----Original Message-----
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected


The virus checker we ran on the readme.exe file called it Nimda. 
Unless we got hit with multiple virii at the same time. That is why I
thought it might be a new strain. I sent the files to McAfee for analysis
already.


Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201

(803) 898-5522

>>> [EMAIL PROTECTED] 09/24/01 10:54AM >>>
What makes you think it is Nimda in the first place?
Your symptoms sound nothing like it at all.

-----Original Message-----
From: Steve Kelsay [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 24, 2001 7:35 AM
To: NT System Admin Issues
Subject: Nimda - Thought we were protected


First alert, Maybe nothing.

We just had our developer machines, running NT2000 Server hit with
Nimda.

The strange thing is, we have Nimda protection in our email scanner, and
all the security fixes MS said should be applied. SP2 is installed. 

The machines boot up, a log in screen displays, and they login. The
Novell login script begins to run as normal ( we run mixed network, NT
and Novell), then the login script box clears as normal, a blue screen
appears as normal, and nothing further happens. 

Could this be a new strain?





Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201

(803) 898-5522


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to