RE: Nimda - Thought we were protected

[KRUSE,TIM (Non-HP-Richardson,ex1)]

Another point, the web sharing tab for local drives on IIS system may have a
new share enabled by Nimda.  The web sharing tab does allow for Nimda virus
to reinfect your "clean" system.  

The Microtrend web site has a fix_nimda.exe program that our site is using
to clean the virus on servers and workstations once it is found.  If you
have NAV running, you may have to disable it to allow the fix_nimda.exe to
run and clean the viruses.

Thanks
Tim Kruse




 -----Original Message-----
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent:   Monday, September 24, 2001 11:41 AM
To:     NT System Admin Issues
Subject:        RE: Nimda - Thought we were protected

Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched20.dll and mcc.exe (if you are infected) or everything
starts again.
A virusscanner will NOT clean it totally!

Kind regards,
Pim Vessies
CS&O Backoffice
Philips Medical Systems
IM/CS&O/BO Building QAII-441
Veenpluis 4 - 6, 5684 PC Best
The Netherlands





"Denoy, David" <[EMAIL PROTECTED]> on 09/24/2001 05:42:35 PM

Please respond to "NT System Admin Issues"
<[EMAIL PROTECTED]>

To:     "NT System Admin Issues" <[EMAIL PROTECTED]>
cc:      (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject:  RE: Nimda - Thought we were protected
Classification:



I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being protected with the latest updates. We haven't seen any
effects of the infection yet or further spread.

-----Original Message-----
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected


The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I
thought it might be a new strain. I sent the files to McAfee for analysis
already.


Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201

(803) 898-5522

>>> [EMAIL PROTECTED] 09/24/01 10:54AM >>>
What makes you think it is Nimda in the first place?
Your symptoms sound nothing like it at all.

-----Original Message-----
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:35 AM
To: NT System Admin Issues
Subject: Nimda - Thought we were protected


First alert, Maybe nothing.

We just had our developer machines, running NT2000 Server hit with
Nimda.

The strange thing is, we have Nimda protection in our email scanner, and
all the security fixes MS said should be applied. SP2 is installed.

The machines boot up, a log in screen displays, and they login. The
Novell login script begins to run as normal ( we run mixed network, NT
and Novell), then the login script box clears as normal, a blue screen
appears as normal, and nothing further happens.

Could this be a new strain?





Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201

(803) 898-5522


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm









http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm