We are all blocking .EXE files like we are supposed tooright?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes,
Reebdnes
Sent: Monday, October 29, 2001 10:34 AM
To: Exchange Discussions
Subject: nimda d??
Symantec Security Response -
Discussions
Subject: RE: nimda d??
We are all blocking .EXE files like we are supposed tooright?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes,
Reebdnes
Sent: Monday, October 29, 2001 10:34 AM
To: Exchange Discussions
Subject: nimda d
: RE: nimda d??
Uh huh, yep. And many others from the list you provided. Thanks again
for that.
Bill Lambert, Mcp, Mcse
Endoxy Healthcare
847-941-9206
[EMAIL PROTECTED]
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 29, 2001 1:43 PM
I think one of the requirements for getting your name in the FAQ is that you
actually *have* an Exchange Server...
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 29, 2001 3:27 PM
To: Exchange Discussions
Subject: RE: nimda d??
Yea. I want
lmao
-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 29, 2001 12:44 PM
To: Exchange Discussions
Subject: RE: nimda d??
I think one of the requirements for getting your name in the FAQ is that you
actually *have* an Exchange Server
*sobbing*
That was uncalled for!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Andy David
Sent: Monday, October 29, 2001 12:44 PM
To: Exchange Discussions
Subject: RE: nimda d??
I think one of the requirements for getting your name in the FAQ
Yes I am!
I keep my sKiLLs sharpened here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson
Sent: Monday, October 29, 2001 12:48 PM
To: Exchange Discussions
Subject: RE: nimda d??
LOL
I think he's working on it - right Martin
: Monday, October 29, 2001 3:49 PM
To: Exchange Discussions
Subject: RE: nimda d??
Yes I am!
I keep my sKiLLs sharpened here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson
Sent: Monday, October 29, 2001 12:48 PM
To: Exchange Discussions
FAQ 5.1
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Posted At: Monday, October 29, 2001 02:27 PM
Posted To: MSExchange Mailing List
Conversation: nimda d??
Subject: RE: nimda d??
Yea. I want that in the FAQ.
Next to the Ed Crowley Server Move, I want
Did I ever tell you about the beautiful Exch server I used to have
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Dillon, Jeff
Sent: Monday, October 29, 2001 12:58 PM
To: Exchange Discussions
Subject: RE: nimda d??
Once it's up, Martin will have
We used the nimda removal tool at my location. It created changed the
permissions on all our shares resulting in over 400 users not being able
to access shared locations on our servers. Having the correct Norton
Antivirus definitions helped us more than the removal tool.
-Original
I had the same problem, but that was with the first release of the tool. Now
the latest has the option of turning the shares off...
-Original Message-
From: Steven Conley [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 28, 2001 2:27 PM
To: Exchange Discussions
Subject: RE: Nimda
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:56 PM
To: Exchange Discussions
Subject: RE: Nimda
I assume it also forces a lock of the Caps Lock key?
-Original Message-
From: Tener, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:56 PM
To: Exchange
Here Michèle:
AOLUser2mime.exe
Barry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, September 27, 2001 9:41 AM
To: Exchange Discussions
Subject: RE: Nimda
Ow! My eyes! My eyes!!
-Michèle
Immigration site: http
, 2001 7:56 AM
To: Exchange Discussions
Subject: RE: Nimda
Sure I make my living supporting Microsoft's software too but you do have to
admit that there are some features in outlook and many other Microsoft
products that seemed like a good thing at the time but only make our lives
entertaining
:56 AM
To: Exchange Discussions
Subject: RE: Nimda
Sure I make my living supporting Microsoft's software too but you do have to
admit that there are some features in outlook and many other Microsoft
products that seemed like a good thing at the time but only make our lives
entertaining. Personally
-Original Message-
From: Ed Crowley [mailto:[EMAIL PROTECTED]]
Sent: 21 September 2001 08:45
To: Exchange Discussions
Subject: RE: Nimda
Exactly. We all KNOW it's bad! (Tongue firmly in cheek)
Ed Crowley MCSE+Internet MVP
Tech Consultant
Compaq Computer Corporation (soon to be HP)
All your base
September 2001 19:28
To: Exchange Discussions
Subject: RE: Nimda
Searched cisco for nimba returned 0 results.
-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:29 AM
To: Exchange Discussions
Subject: RE: Nimda
You asked and answered your own
To be followed by Kimba the White Lion virus.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Kuminda
Chandimith
Sent: Saturday, September 22, 2001 2:50 AM
To: Exchange Discussions
Subject: RE: Nimda
Nimba virus is not yet ready.. only his sequel
That's because the Love Bug creators were sloppy.
(:=
Great Cthulhu Jones
CEO, R'lyeh Consulting
http://www.zzzptm.com/cthulhu
http://www.bad-managers.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bill Kuhl
Sent: Friday, September 21, 2001 12:41
Subject: RE: Nimda
Well then why work with it.. Why be on this list? Why even
post to it??
We here make our livings based on there software and don't really like
crap comments like that. Go shit in some else's back yard. We
here don't
want to hear your crap.
Period.
Kevinm
While we are on the subject, does anyone know how nimda finds an SMTP host
for it's attempts to propagate itself SMTP? I've read all the reports I can
find, all mention it's internal SMTP engine, but none tell how he finds an
SMTP host to connect to.
Thanks guys!
Denyse
-Original Message-
From: Bill Grocott [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:07 PM
To: Exchange Discussions
Subject: RE: Nimda
Also www.hotel.com and their new site www.hotelbids.com
Bill
-Original Message-
From: John Matteson
Discussions
Subject: RE: Nimda
While we are on the subject, does anyone know how nimda finds an SMTP host
for it's attempts to propagate itself SMTP? I've read all the reports I can
find, all mention it's internal SMTP engine, but none tell how he finds an
SMTP host to connect
Simpler-Webb, Inc. Austin, TX +1-512-322-0071
*
-Original Message-
From: Jeremy Newell [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 9:56 AM
To: Exchange Discussions
Subject: RE: Nimda
Sure I
To: Exchange Discussions
Subject: RE: Nimda
Searched cisco for nimba returned 0 results.
-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:29 AM
To: Exchange Discussions
Subject: RE: Nimda
You asked and answered your own question
Ooo thanks
-Original Message-
From: Randal, Phil [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:36 AM
To: Exchange Discussions
Subject: RE: Nimda
Try here:
http://www.cisco.com/warp/public/63/nimda.shtml
Phil
-
Phil Randal
A late updated analysis of nimda reports that it infects exe files in memory
and on the hard drive of the infected machine. I don't think anyone has a
complete breakdown of the damage this worm does as of yet.
This thing makes the Morris worm and code red look like kindergarten stuff.
John
I got none ... guess I don't have any friends ;)
--
Martin Tuip
MVP Exchange
Exchange2000 List owner
www.exchange-mail.org
--
- Original Message -
From: John Martinez [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent:
We have not had any come in through email.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
Sent: Thursday, September 20, 2001 10:50 AM
To: Exchange Discussions
Subject: Re: Nimda
I got none ... guess I don't have any friends
-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:50 PM
To: Exchange Discussions
Subject: RE: Nimda
We have not had any come in through email.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
Sent
I assume it also forces a lock of the Caps Lock key?
-Original Message-
From: Tener, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:56 PM
To: Exchange Discussions
Subject: RE: Nimda
I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT
HOW
I got nailed too. Not from an e-mail - I currently block all exe's. We
must have gotten it from an infected web page. I already applied the
patch for Code Red last month but my problem is a little bigger:
I can't log onto the server without getting a Dr Watson error for
explorer.exe. The
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:56 PM
To: Exchange Discussions
Subject: RE: Nimda
I assume it also forces a lock of the Caps Lock key?
-Original Message-
From: Tener, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:56 PM
To: Exchange
HEY RICHARD!!! TURN OFF YOUR CAPS LOCK!!! WE CAN HEAR YOU JUST
FINE!!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Tener, Richard
Sent: Thursday, September 20, 2001 11:06 AM
To: Exchange Discussions
Subject: RE: Nimda
NOT SURE ABOUT
FROM THE NETWORK THEN UNSHARED ALL THEIR SHARES AND SCANNED THE SERVER.
THIS VIRUS WAS A PAIN IN THE ASS.
-Original Message-
From: Mike Omilian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:06 PM
To: Exchange Discussions
Subject: Re: Nimda
I got nailed too. Not from an e
Yea, we rolled out IE6 to 80 WKS's in about 30 minutes.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics,
William
Sent: Thursday, September 20, 2001 10:59 AM
To: Exchange Discussions
Subject: RE: Nimda
Clearly snimda need to apply skcap
Microsoft softwar is bad!
period!
--er
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 11:09 AM
To: Exchange Discussions
Subject: RE: Nimda
Yea, we rolled out IE6 to 80 WKS's in about 30 minutes.
-Original Message-
From
is their a way to remotely tell what IE version a client machine has?
-Original Message-
From: Romero, Eric [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 11:12 AM
To: Exchange Discussions
Subject: RE: Nimda
Microsoft softwar is bad!
period!
--er
-Original Message
Does anyone know of an infected site? I need it for testing purposes.
Thanks,
Denyse
-Original Message-
From: Mike Omilian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:06 PM
To: Exchange Discussions
Subject: Re: Nimda
I got nailed too. Not from an e-mail - I
: RE: Nimda
Microsoft softwar is bad!
period!
--er
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 11:09 AM
To: Exchange Discussions
Subject: RE: Nimda
Yea, we rolled out IE6 to 80 WKS's in about 30 minutes.
-Original Message
: RE: Nimda
Clearly snimda need to apply skcap ecivres to their srevres and
snoitatskrow.
I've taken the blame at our office because a few workstations were still on
IE5.5 with no service pack. Someone visited a website. That's all it took.
William
-Original Message-
From: Tener
So is your spelling
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric
Sent: Thursday, September 20, 2001 11:12 AM
To: Exchange Discussions
Subject: RE: Nimda
Microsoft softwar is bad!
period!
--er
-Original Message-
From: Martin
: Re: Nimda
I got nailed too. Not from an e-mail - I currently block all exe's. We
must have gotten it from an infected web page. I already applied the
patch for Code Red last month but my problem is a little bigger:
I can't log onto the server without getting a Dr Watson error for
explorer.exe
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric
Sent: Thursday, September 20, 2001 11:12 AM
To: Exchange Discussions
Subject: RE: Nimda
Microsoft softwar is bad!
period!
--er
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday
, that there
are none so blind as those who will not see
--The Moody Blues (I know you're out there)
-Original Message-
From: Huot, Denyse [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:08 PM
To: Exchange Discussions
Subject: RE: Nimda
Does anyone know of an infected site? I need
Also www.hotel.com and their new site www.hotelbids.com
Bill
-Original Message-
From: John Matteson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:05 PM
To: Exchange Discussions
Subject: RE: Nimda
Yep:
MCS.K12.NY.US
They are infected, as of Tuesday. They may
Nimda - a-nother day that will live in infamy (SP?). I lost our exchange
server and am still trying to fully recover - time to re-think those
disaster prep plansand need to find my 5.5 upgrade -ugh!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
by:
Http://www.tiggercam.co.uk For all your tigger needs
You 2 can rent this space if you need it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Paul Done
Sent: Thursday, September 20, 2001 3:08 PM
To: Exchange Discussions
Subject: RE: Nimda
Nimda
]
Phone: (713)670-2443
Fax: (713)670-2457
TOPAS web site: www.homestead.com/topas/topas.html
-Original Message-
From: Paul Done [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 5:08 PM
To: Exchange Discussions
Subject: RE: Nimda
Nimda - a-nother day that will live
I hate it when there's a new virus. This list gets absolutely boring.
Ed Crowley MCSE+Internet MVP
Tech Consultant
Compaq Computer Corporation (soon to be HP)
All your base are belong to us.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John
: Thursday, September 20, 2001 11:21 AM
To: Exchange Discussions
Subject: RE: Nimda
Well then why work with it.. Why be on this list? Why even post to it??
We here make our livings based on there software and dont really like
crap comments like that. Go shit in some else's back yard. We here dont
want
Maybe it's just me, but, if your servers were infected I would rebuild them
as a matter of principle. You are only cleaning up the symptoms and closing
the hole after someone has already been in and touched you. The only way
that I know of to be assured of having truly cleaned the system is to
When I scanned one of our servers with NAV, from a boot floppy it was
finding a lot of EXE's that it said was infected with NIMDA. The last folder
I saw that had several infected EXE's was Program File\Outlook Express
It could not clean these, they were different file sizes.
I did not want to
54 matches
Mail list logo
