RE: nimda d??
We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
lmao -Original Message- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 12:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
*sobbing* That was uncalled for! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy David Sent: Monday, October 29, 2001 12:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Once it's up, Martin will have: 1--even more time to waste here, having attained Email Valhalla b--reason to believe that extension blocking is the least of the issues 4--both 1 and 3 Place your bets now -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:49 PM To: Exchange Discussions Subject: RE: nimda d?? Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
FAQ 5.1 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Posted At: Monday, October 29, 2001 02:27 PM Posted To: MSExchange Mailing List Conversation: nimda d?? Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. [snip] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Did I ever tell you about the beautiful Exch server I used to have -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dillon, Jeff Sent: Monday, October 29, 2001 12:58 PM To: Exchange Discussions Subject: RE: nimda d?? Once it's up, Martin will have: 1--even more time to waste here, having attained Email Valhalla b--reason to believe that extension blocking is the least of the issues 4--both 1 and 3 Place your bets now -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:49 PM To: Exchange Discussions Subject: RE: nimda d?? Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda Removal tool
We used the nimda removal tool at my location. It created changed the permissions on all our shares resulting in over 400 users not being able to access shared locations on our servers. Having the correct Norton Antivirus definitions helped us more than the removal tool. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Omilian Sent: Friday, September 21, 2001 12:36 PM To: Exchange Discussions Subject: Nimda Removal tool Will (from this list) had sent me this link - he was helping me out on this issue. He's probably too busy to post this so I thought I would. Symantec has created a removal tool for the Nimda virus. http:[EMAIL PROTECTED] Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda Removal tool
I had the same problem, but that was with the first release of the tool. Now the latest has the option of turning the shares off... -Original Message- From: Steven Conley [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 2:27 PM To: Exchange Discussions Subject: RE: Nimda Removal tool We used the nimda removal tool at my location. It created changed the permissions on all our shares resulting in over 400 users not being able to access shared locations on our servers. Having the correct Norton Antivirus definitions helped us more than the removal tool. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Omilian Sent: Friday, September 21, 2001 12:36 PM To: Exchange Discussions Subject: Nimda Removal tool Will (from this list) had sent me this link - he was helping me out on this issue. He's probably too busy to post this so I thought I would. Symantec has created a removal tool for the Nimda virus. http:[EMAIL PROTECTED] Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Ow! My eyes! My eyes!! -Michèle Immigration site: http://LadySun1969.tripod.com Our new 2001 Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Pinky, are you pondering what I'm pondering? I think so, Brain, but if the plural of mouse is mice, wouldn't the plural of spouse be spice? - -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: RE: Nimda NOT SURE ABOUT THAT HAVENT NOTICED IT BUT I DO KNOW THAT IT ADDS A LINE TO THE SHELL=EXPLORER.EXE LINE WITHIN THE SYSTEM.INI FILE. ALSO ADDS LINES TO A FILE CALLED WINIT.INI AND YOU MUST DELETE ALL OF THOSE LINES AS WELL. AFTER THAT YOU SHOULD DO A SEARCH FOR ALL *.EML FILES AND DELETE THEM. NEXT I WOULD DELETE ALL TEMP FILES AND ALSO TEMORARY INTERNET FILES. SCAN YOU HARD DRIVES IF YOU HAVE A VIRUS SCAN. ALSO ON MY SERVER IT SOME HOW CORRUPTED MY TREND SERVER PROTECT AND DIDNT LET ME START THE SERVICES. ALSO IF A CLIENT IS INFECTED YOU WILL NOTICE ON A BOOT UP THAT OUTLOOK EXPRESS WILL TRY TO START UP AND COMPOSE AN EMAIL (NOT SURE IF IT CAN SEND IT THOUGH BUT I THINK IF YOU ARE SET UP WITH OUTLOOK EXPRESS IT WILL SEND IT. ALSO I NOTICED IT TRIES TO SOMETIME OPEN WINDOWS MEDIA PLAYER AND IM NOT SURE WHAT THIS FILE IS. -Original Message- From: Josefowski, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I assume it also forces a lock of the Caps Lock key? -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto
RE: Nimda
Here Michèle: AOLUser2mime.exe Barry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, September 27, 2001 9:41 AM To: Exchange Discussions Subject: RE: Nimda Ow! My eyes! My eyes!! -Michèle Immigration site: http://LadySun1969.tripod.com Our new 2001 Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Pinky, are you pondering what I'm pondering? I think so, Brain, but if the plural of mouse is mice, wouldn't the plural of spouse be spice? - -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: RE: Nimda NOT SURE ABOUT THAT HAVENT NOTICED IT BUT I DO KNOW THAT IT ADDS A LINE TO THE SHELL=EXPLORER.EXE LINE WITHIN THE SYSTEM.INI FILE. ALSO ADDS LINES TO A FILE CALLED WINIT.INI AND YOU MUST DELETE ALL OF THOSE LINES AS WELL. AFTER THAT YOU SHOULD DO A SEARCH FOR ALL *.EML FILES AND DELETE THEM. NEXT I WOULD DELETE ALL TEMP FILES AND ALSO TEMORARY INTERNET FILES. SCAN YOU HARD DRIVES IF YOU HAVE A VIRUS SCAN. ALSO ON MY SERVER IT SOME HOW CORRUPTED MY TREND SERVER PROTECT AND DIDNT LET ME START THE SERVICES. ALSO IF A CLIENT IS INFECTED YOU WILL NOTICE ON A BOOT UP THAT OUTLOOK EXPRESS WILL TRY TO START UP AND COMPOSE AN EMAIL (NOT SURE IF IT CAN SEND IT THOUGH BUT I THINK IF YOU ARE SET UP WITH OUTLOOK EXPRESS IT WILL SEND IT. ALSO I NOTICED IT TRIES TO SOMETIME OPEN WINDOWS MEDIA PLAYER AND IM NOT SURE WHAT THIS FILE IS. -Original Message- From: Josefowski, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I assume it also forces a lock of the Caps Lock key? -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Oh, yes, and the sparkly letters in Word. Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeremy Newell Sent: Friday, September 21, 2001 7:56 AM To: Exchange Discussions Subject: RE: Nimda Sure I make my living supporting Microsoft's software too but you do have to admit that there are some features in outlook and many other Microsoft products that seemed like a good thing at the time but only make our lives entertaining. Personally I see no need for HTML/scripting/vbs/ActiveX in e-mails. Most of these mass mailers use well known holes/bugs in Outlook/OE to replicate. If Outlook only supplied plain text or only allowed basic HTML without all the fancy scripting then it would be ok. The fact that viewing an e-mail via the preview panel will trigger the virus/worm is dumb. Or how about the new feature found in OE 6.0 what will run, under certain conditions, scripting in a plain text e-mail. The other option I can think of is to enhance Windows Update to always be on and for Microsoft to release all patches via that web site (IIS, Exchange, Server, Workstation, etc). So all Windows users will have the current up to date software. The main problem that I see is that most system aren't patched because the admins or home user is lazy or doesn't know any better. I think it was Russ in NTBugTraq that did a search on Microsoft's site for IIS patches and found 3 different repositories for patches and all 3 of them had different number of patches. So an admin hits one of the pages and downloads all the patches that he/she sees thinking that's all the needed updates. But the system may still be missing a few very important security updates that the page failed to mention. But in the end we can do only two things. One sit back and watch as other non-patched systems infect more non-patched systems or two get management jobs at Microsoft and change some of their features. Oh yes, and as Kevin says you can always use something else (many do). Jeremy Newell Systems Technician INSCRIBER TECHNOLOGY CORPORATION 26 Peppler Street Waterloo, Ontario Canada, N2J 3C4 T.519.570.9111 F.519.570.9140 www.inscriber.com -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: September 20, 2001 2:21 PM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and don't really like crap comments like that. Go shit in some else's back yard. We here don't want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
I like the sounds in PowerPoint. Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeremy Newell Sent: Friday, September 21, 2001 7:56 AM To: Exchange Discussions Subject: RE: Nimda Sure I make my living supporting Microsoft's software too but you do have to admit that there are some features in outlook and many other Microsoft products that seemed like a good thing at the time but only make our lives entertaining. Personally I see no need for HTML/scripting/vbs/ActiveX in e-mails. Most of these mass mailers use well known holes/bugs in Outlook/OE to replicate. If Outlook only supplied plain text or only allowed basic HTML without all the fancy scripting then it would be ok. The fact that viewing an e-mail via the preview panel will trigger the virus/worm is dumb. Or how about the new feature found in OE 6.0 what will run, under certain conditions, scripting in a plain text e-mail. The other option I can think of is to enhance Windows Update to always be on and for Microsoft to release all patches via that web site (IIS, Exchange, Server, Workstation, etc). So all Windows users will have the current up to date software. The main problem that I see is that most system aren't patched because the admins or home user is lazy or doesn't know any better. I think it was Russ in NTBugTraq that did a search on Microsoft's site for IIS patches and found 3 different repositories for patches and all 3 of them had different number of patches. So an admin hits one of the pages and downloads all the patches that he/she sees thinking that's all the needed updates. But the system may still be missing a few very important security updates that the page failed to mention. But in the end we can do only two things. One sit back and watch as other non-patched systems infect more non-patched systems or two get management jobs at Microsoft and change some of their features. Oh yes, and as Kevin says you can always use something else (many do). Jeremy Newell Systems Technician INSCRIBER TECHNOLOGY CORPORATION 26 Peppler Street Waterloo, Ontario Canada, N2J 3C4 T.519.570.9111 F.519.570.9140 www.inscriber.com -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: September 20, 2001 2:21 PM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and don't really like crap comments like that. Go shit in some else's back yard. We here don't want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
But all have that Natural Human Affection to try Bad things.. All good guys are managing Linux boxes in heaven I suppose.. (Feel sorry for them ..) Kuminda Chandimith Sr. Technical Consultant Ducont.com FZ-LLC Tel: + 971-4-3913000 Ext 237 Fax: +971-4-3913001 http://www.ducont.com -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED]] Sent: 21 September 2001 08:45 To: Exchange Discussions Subject: RE: Nimda Exactly. We all KNOW it's bad! (Tongue firmly in cheek) Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Miller Sent: Thursday, September 20, 2001 11:21 AM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and don't really like crap comments like that. Go shit in some else's back yard. We here don't want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch
RE: Nimda
Nimba virus is not yet ready.. only his sequel nimda is out there Kuminda Chandimith Sr. Technical Consultant Ducont.com FZ-LLC Tel: + 971-4-3913000 Ext 237 Fax: +971-4-3913001 http://www.ducont.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: 21 September 2001 19:28 To: Exchange Discussions Subject: RE: Nimda Searched cisco for nimba returned 0 results. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:29 AM To: Exchange Discussions Subject: RE: Nimda You asked and answered your own question. It contains its own smtp host. It uses the local machine's address book and default DNS server. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Posted At: Friday, September 21, 2001 10:17 AM Posted To: MSExchange Mailing List Conversation: Nimda Subject: RE: Nimda While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
To be followed by Kimba the White Lion virus. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kuminda Chandimith Sent: Saturday, September 22, 2001 2:50 AM To: Exchange Discussions Subject: RE: Nimda Nimba virus is not yet ready.. only his sequel nimda is out there Kuminda Chandimith Sr. Technical Consultant Ducont.com FZ-LLC Tel: + 971-4-3913000 Ext 237 Fax: +971-4-3913001 http://www.ducont.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: 21 September 2001 19:28 To: Exchange Discussions Subject: RE: Nimda Searched cisco for nimba returned 0 results. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:29 AM To: Exchange Discussions Subject: RE: Nimda You asked and answered your own question. It contains its own smtp host. It uses the local machine's address book and default DNS server. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Posted At: Friday, September 21, 2001 10:17 AM Posted To: MSExchange Mailing List Conversation: Nimda Subject: RE: Nimda While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda Other Viruses - OT
That's because the Love Bug creators were sloppy. (:= Great Cthulhu Jones CEO, R'lyeh Consulting http://www.zzzptm.com/cthulhu http://www.bad-managers.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Kuhl Sent: Friday, September 21, 2001 12:41 PM To: Exchange Discussions Subject: Nimda Other Viruses - OT I realize there has been a terrible tragedy, and there are more important things to worry about than computer viruses, but no one seems to care about stopping people from creating viruses. After the Love Bug viruses it seems that I never read about finding who created a virus. Is it no longer a crime? Do the computer makers think that maybe people are not buying pc's because it is a gigantic hassle with viruses, all the trashy spam, and all the buggy software and hardware? I feel better now, I vented. Bill Kuhl _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Sure I make my living supporting Microsoft's software too but you do have to admit that there are some features in outlook and many other Microsoft products that seemed like a good thing at the time but only make our lives entertaining. Personally I see no need for HTML/scripting/vbs/ActiveX in e-mails. Most of these mass mailers use well known holes/bugs in Outlook/OE to replicate. If Outlook only supplied plain text or only allowed basic HTML without all the fancy scripting then it would be ok. The fact that viewing an e-mail via the preview panel will trigger the virus/worm is dumb. Or how about the new feature found in OE 6.0 what will run, under certain conditions, scripting in a plain text e-mail. The other option I can think of is to enhance Windows Update to always be on and for Microsoft to release all patches via that web site (IIS, Exchange, Server, Workstation, etc). So all Windows users will have the current up to date software. The main problem that I see is that most system aren't patched because the admins or home user is lazy or doesn't know any better. I think it was Russ in NTBugTraq that did a search on Microsoft's site for IIS patches and found 3 different repositories for patches and all 3 of them had different number of patches. So an admin hits one of the pages and downloads all the patches that he/she sees thinking that's all the needed updates. But the system may still be missing a few very important security updates that the page failed to mention. But in the end we can do only two things. One sit back and watch as other non-patched systems infect more non-patched systems or two get management jobs at Microsoft and change some of their features. Oh yes, and as Kevin says you can always use something else (many do). Jeremy Newell Systems Technician INSCRIBER TECHNOLOGY CORPORATION 26 Peppler Street Waterloo, Ontario Canada, N2J 3C4 T.519.570.9111 F.519.570.9140 www.inscriber.com -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: September 20, 2001 2:21 PM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and don't really like crap comments like that. Go shit in some else's back yard. We here don't want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Thanks guys! Denyse -Original Message- From: Bill Grocott [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 4:07 PM To: Exchange Discussions Subject: RE: Nimda Also www.hotel.com and their new site www.hotelbids.com Bill -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 4:05 PM To: Exchange Discussions Subject: RE: Nimda Yep: MCS.K12.NY.US They are infected, as of Tuesday. They may have cleaned up their act by now, though. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 ...the words that I remember from my childhood still are true, that there are none so blind as those who will not see --The Moody Blues (I know you're out there) -Original Message- From: Huot, Denyse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:08 PM To: Exchange Discussions Subject: RE: Nimda Does anyone know of an infected site? I need it for testing purposes. Thanks, Denyse -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Cisco released a DOC last night with access-lists to keep the nimba out at the router and there was a little snip about smtp. You might want to check that out. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 8:17 AM To: Exchange Discussions Subject: RE: Nimda While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
There's a difference between your post and the one Eric made though. Your post well thought out with both legitimate criticism and possible resolutions. Eric was just whining. * Chris Scharff[EMAIL PROTECTED]www.swinc.com Simpler-Webb, Inc. Austin, TX +1-512-322-0071 * -Original Message- From: Jeremy Newell [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 9:56 AM To: Exchange Discussions Subject: RE: Nimda Sure I make my living supporting Microsoft's software too but you do have to admit that there are some features in outlook and many other Microsoft products that seemed like a good thing at the time but only make our lives entertaining. Personally I see no need for HTML/scripting/vbs/ActiveX in e-mails. Most of these mass mailers use well known holes/bugs in Outlook/OE to replicate. If Outlook only supplied plain text or only allowed basic HTML without all the fancy scripting then it would be ok. The fact that viewing an e-mail via the preview panel will trigger the virus/worm is dumb. Or how about the new feature found in OE 6.0 what will run, under certain conditions, scripting in a plain text e-mail. The other option I can think of is to enhance Windows Update to always be on and for Microsoft to release all patches via that web site (IIS, Exchange, Server, Workstation, etc). So all Windows users will have the current up to date software. The main problem that I see is that most system aren't patched because the admins or home user is lazy or doesn't know any better. I think it was Russ in NTBugTraq that did a search on Microsoft's site for IIS patches and found 3 different repositories for patches and all 3 of them had different number of patches. So an admin hits one of the pages and downloads all the patches that he/she sees thinking that's all the needed updates. But the system may still be missing a few very important security updates that the page failed to mention. But in the end we can do only two things. One sit back and watch as other non-patched systems infect more non-patched systems or two get management jobs at Microsoft and change some of their features. Oh yes, and as Kevin says you can always use something else (many do). Jeremy Newell Systems Technician INSCRIBER TECHNOLOGY CORPORATION 26 Peppler Street Waterloo, Ontario Canada, N2J 3C4 T.519.570.9111 F.519.570.9140 www.inscriber.com -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: September 20, 2001 2:21 PM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and don't really like crap comments like that. Go shit in some else's back yard. We here don't want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Try here: http://www.cisco.com/warp/public/63/nimda.shtml Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: 21 September 2001 16:28 To: Exchange Discussions Subject: RE: Nimda Searched cisco for nimba returned 0 results. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:29 AM To: Exchange Discussions Subject: RE: Nimda You asked and answered your own question. It contains its own smtp host. It uses the local machine's address book and default DNS server. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Posted At: Friday, September 21, 2001 10:17 AM Posted To: MSExchange Mailing List Conversation: Nimda Subject: RE: Nimda While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Ooo thanks -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:36 AM To: Exchange Discussions Subject: RE: Nimda Try here: http://www.cisco.com/warp/public/63/nimda.shtml Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: 21 September 2001 16:28 To: Exchange Discussions Subject: RE: Nimda Searched cisco for nimba returned 0 results. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:29 AM To: Exchange Discussions Subject: RE: Nimda You asked and answered your own question. It contains its own smtp host. It uses the local machine's address book and default DNS server. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Posted At: Friday, September 21, 2001 10:17 AM Posted To: MSExchange Mailing List Conversation: Nimda Subject: RE: Nimda While we are on the subject, does anyone know how nimda finds an SMTP host for it's attempts to propagate itself SMTP? I've read all the reports I can find, all mention it's internal SMTP engine, but none tell how he finds an SMTP host to connect to. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda virus changes on me
A late updated analysis of nimda reports that it infects exe files in memory and on the hard drive of the infected machine. I don't think anyone has a complete breakdown of the damage this worm does as of yet. This thing makes the Morris worm and code red look like kindergarten stuff. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 ...the words that I remember from my childhood still are true, that there are none so blind as those who will not see --The Moody Blues (I know you're out there) -Original Message- From: Ron Jameson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:57 PM To: Exchange Discussions Subject: nimda virus changes on me Well, I just put in a 24 hour shift to patch the ol' web, email, main and terminal servers in one form or another and clean up 30 workstations. Was a little too late in the blocking of all .exe files on the sybari but I think this one entered thru the front web door on a client PC hitting an infected web site. Odd - two of the PC's out of the 30 were REALLY infected so as I could not repair. I need to format these boxes. Has anyone seen this virus change or morph into other executables other that the noted ones (riched20.dll, readme.exe, load.exe, modified system.ini, plus several other windows programs)? Regards, Ron Jameson _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Nimda
I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
I assume it also forces a lock of the Caps Lock key? -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Nimda
I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
NOT SURE ABOUT THAT HAVENT NOTICED IT BUT I DO KNOW THAT IT ADDS A LINE TO THE SHELL=EXPLORER.EXE LINE WITHIN THE SYSTEM.INI FILE. ALSO ADDS LINES TO A FILE CALLED WINIT.INI AND YOU MUST DELETE ALL OF THOSE LINES AS WELL. AFTER THAT YOU SHOULD DO A SEARCH FOR ALL *.EML FILES AND DELETE THEM. NEXT I WOULD DELETE ALL TEMP FILES AND ALSO TEMORARY INTERNET FILES. SCAN YOU HARD DRIVES IF YOU HAVE A VIRUS SCAN. ALSO ON MY SERVER IT SOME HOW CORRUPTED MY TREND SERVER PROTECT AND DIDNT LET ME START THE SERVICES. ALSO IF A CLIENT IS INFECTED YOU WILL NOTICE ON A BOOT UP THAT OUTLOOK EXPRESS WILL TRY TO START UP AND COMPOSE AN EMAIL (NOT SURE IF IT CAN SEND IT THOUGH BUT I THINK IF YOU ARE SET UP WITH OUTLOOK EXPRESS IT WILL SEND IT. ALSO I NOTICED IT TRIES TO SOMETIME OPEN WINDOWS MEDIA PLAYER AND IM NOT SURE WHAT THIS FILE IS. -Original Message- From: Josefowski, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I assume it also forces a lock of the Caps Lock key? -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
HEY RICHARD!!! TURN OFF YOUR CAPS LOCK!!! WE CAN HEAR YOU JUST FINE!!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tener, Richard Sent: Thursday, September 20, 2001 11:06 AM To: Exchange Discussions Subject: RE: Nimda NOT SURE ABOUT THAT HAVENT NOTICED IT BUT I DO KNOW THAT IT ADDS A LINE TO THE SHELL=EXPLORER.EXE LINE WITHIN THE SYSTEM.INI FILE. ALSO ADDS LINES TO A FILE CALLED WINIT.INI AND YOU MUST DELETE ALL OF THOSE LINES AS WELL. AFTER THAT YOU SHOULD DO A SEARCH FOR ALL *.EML FILES AND DELETE THEM. NEXT I WOULD DELETE ALL TEMP FILES AND ALSO TEMORARY INTERNET FILES. SCAN YOU HARD DRIVES IF YOU HAVE A VIRUS SCAN. ALSO ON MY SERVER IT SOME HOW CORRUPTED MY TREND SERVER PROTECT AND DIDNT LET ME START THE SERVICES. ALSO IF A CLIENT IS INFECTED YOU WILL NOTICE ON A BOOT UP THAT OUTLOOK EXPRESS WILL TRY TO START UP AND COMPOSE AN EMAIL (NOT SURE IF IT CAN SEND IT THOUGH BUT I THINK IF YOU ARE SET UP WITH OUTLOOK EXPRESS IT WILL SEND IT. ALSO I NOTICED IT TRIES TO SOMETIME OPEN WINDOWS MEDIA PLAYER AND IM NOT SURE WHAT THIS FILE IS. -Original Message- From: Josefowski, Larry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I assume it also forces a lock of the Caps Lock key? -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:56 PM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
I USED TREND ON MY SERVERS BUT HAD TO REINSTALL THEM AND THEN CLEAN OUT THE SERVER WITH NO ONE CONNECTED TO THE NETWORK. ALSO YOUR NETWORK IS SLOWING DOWN BECAUSE THE VIRUS CAUSES TRAFFIC ON YOUR NETWORK AND ALSO CONNCTED THROUGH NETWORK SHARES. WHEN I HAD THE VIRUS I MADE EVERYONE DISCONNECT FROM THE NETWORK THEN UNSHARED ALL THEIR SHARES AND SCANNED THE SERVER. THIS VIRUS WAS A PAIN IN THE ASS. -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
is their a way to remotely tell what IE version a client machine has? -Original Message- From: Romero, Eric [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Does anyone know of an infected site? I need it for testing purposes. Thanks, Denyse -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Not really. It's very popular and developer friendly. Just because some developers are binladenesque, doesn't mean the software is bad. Period. -Original Message- From: Romero, Eric [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Not to mention a ycilop or two on the llawerif. That saved our ssa. John Allhiser MCSE CCNA Network Engineer Business Men's Assurance -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 12:59 PM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
So is your spelling -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Hope this helps ... I can't even got on long enough to run anything. Depending upon what you're trying to run, you might be able to make use of Task Scheduler (or Schedule if your running NT4) to submit a job to run on your server. How do you find the machine that's affecting the rest of the network? If the .eml files are being dropped onto NTFS partitions, check to see who the Owner of the file is via the security properties. ... Joe -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 12:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and if you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited. If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately. We honour similar requests relating to the privacy of email communications. Cette communication par courrier électronique est une communication privée à l'usage exclusif du destinataire principal ainsi que des personnes dont les noms figurent en copie. Les renseignements contenus dans ce courriel sont confidentiels et si vous n'êtes pas le destinataire prévu, vous êtes avisé, par les présentes que toute reproduction, tout transfert ou toute autre forme de diffusion de cette communication par quelque moyen que ce soit est interdit. Si vous n'êtes pas spécifiquement autorisé à recevoir ce courriel ou si vous croyez l'avoir reçu par erreur, veuillez en aviser l'expéditeur original immédiatement. Nous respectons les demandes similaires qui touchent la confidentialité des communications par courrier électronique. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and dont really like crap comments like that. Go shit in some else's back yard. We here dont want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http
RE: Nimda
Yep: MCS.K12.NY.US They are infected, as of Tuesday. They may have cleaned up their act by now, though. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 ...the words that I remember from my childhood still are true, that there are none so blind as those who will not see --The Moody Blues (I know you're out there) -Original Message- From: Huot, Denyse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:08 PM To: Exchange Discussions Subject: RE: Nimda Does anyone know of an infected site? I need it for testing purposes. Thanks, Denyse -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Also www.hotel.com and their new site www.hotelbids.com Bill -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 4:05 PM To: Exchange Discussions Subject: RE: Nimda Yep: MCS.K12.NY.US They are infected, as of Tuesday. They may have cleaned up their act by now, though. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 ...the words that I remember from my childhood still are true, that there are none so blind as those who will not see --The Moody Blues (I know you're out there) -Original Message- From: Huot, Denyse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:08 PM To: Exchange Discussions Subject: RE: Nimda Does anyone know of an infected site? I need it for testing purposes. Thanks, Denyse -Original Message- From: Mike Omilian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:06 PM To: Exchange Discussions Subject: Re: Nimda I got nailed too. Not from an e-mail - I currently block all exe's. We must have gotten it from an infected web page. I already applied the patch for Code Red last month but my problem is a little bigger: I can't log onto the server without getting a Dr Watson error for explorer.exe. The server runs ok, but after I log on and the desktop comes up it generates the error. I can't even got on long enough to run anything. I did get the patch applied for the Transversal vulnerability, but I'm not sure if that helped. Now our network seems to be slowing down and people are having printing troubles too. Some people can't get their Outlook open - not enough system resources. . . We're all up to date with Virus software for Nimda, but the .eml files are still being created - but not on every machine. Wierd. How do you find the machine that's affecting the rest of the network? What virus software is everyone using for their NT servers (not for Exchange, but NT)? Any help would be GREATLY appreciated. Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Nimda - a-nother day that will live in infamy (SP?). I lost our exchange server and am still trying to fully recover - time to re-think those disaster prep plansand need to find my 5.5 upgrade -ugh! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Martinez Sent: Thursday, September 20, 2001 10:33 AM To: Exchange Discussions Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Step A. Follow in the foot steps a wise guy [1] Mr. William Lefkovics, if you have the time and hardware, restore your mail server at least once a month [2] [1] no pun intended [2] just dont restore onto the production server [3] [3] make sure you run the test in a lab! [4] [4] had to stress that one [5] [5] for no real reason [6][7] [6] Hi Sherry [7] Needed more foot notes Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Done Sent: Thursday, September 20, 2001 3:08 PM To: Exchange Discussions Subject: RE: Nimda Nimda - a-nother day that will live in infamy (SP?). I lost our exchange server and am still trying to fully recover - time to re-think those disaster prep plansand need to find my 5.5 upgrade -ugh! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Martinez Sent: Thursday, September 20, 2001 10:33 AM To: Exchange Discussions Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda fallout
Did you restart the NAVEX service after the reg edit? What does the text file that NAVEX replaces the unauth file say? John -Original Message- From: Orin Rehorst [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:44 PM To: Exchange Discussions Subject: Nimda fallout Altered NT registry on Exchange server to block .exe files. Power user getting internal e-mails blocked which have no attachment. Getting error message from NAV for Exchange: Sender of the infected attachment: Unknown Sender Recipient of the infected attachment: Jim Eldridge\Journal Subject of the message: RE: State Audit (sent) One or more attachments were quarantined. Attachment was Quarantined for the following reasons: Virus UNAUTHORIZED FILE was found. Please advise. Regards, Orin Rehorst Port of Houston Authority (Largest U.S. port in foreign tonnage) e-mail: [EMAIL PROTECTED] Phone: (713)670-2443 Fax: (713)670-2457 TOPAS web site: www.homestead.com/topas/topas.html -Original Message- From: Paul Done [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 5:08 PM To: Exchange Discussions Subject: RE: Nimda Nimda - a-nother day that will live in infamy (SP?). I lost our exchange server and am still trying to fully recover - time to re-think those disaster prep plansand need to find my 5.5 upgrade -ugh! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Martinez Sent: Thursday, September 20, 2001 10:33 AM To: Exchange Discussions Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
I hate it when there's a new virus. This list gets absolutely boring. Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Martinez Sent: Thursday, September 20, 2001 10:33 AM To: Exchange Discussions Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Nimda
Exactly. We all KNOW it's bad! (Tongue firmly in cheek) Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Miller Sent: Thursday, September 20, 2001 11:21 AM To: Exchange Discussions Subject: RE: Nimda Well then why work with it.. Why be on this list? Why even post to it?? We here make our livings based on there software and dont really like crap comments like that. Go shit in some else's back yard. We here dont want to hear your crap. Period. Kevinm WLKMMAS, UCC+WCA ~~~ All spelling and Factual errors are the fault of Bob Barker ~~~ This space has been rented by: Http://www.tiggercam.co.uk For all your tigger needs You 2 can rent this space if you need it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Romero, Eric Sent: Thursday, September 20, 2001 11:12 AM To: Exchange Discussions Subject: RE: Nimda Microsoft softwar is bad! period! --er -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:09 AM To: Exchange Discussions Subject: RE: Nimda Yea, we rolled out IE6 to 80 WKS's in about 30 minutes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lefkovics, William Sent: Thursday, September 20, 2001 10:59 AM To: Exchange Discussions Subject: RE: Nimda Clearly snimda need to apply skcap ecivres to their srevres and snoitatskrow. I've taken the blame at our office because a few workstations were still on IE5.5 with no service pack. Someone visited a website. That's all it took. William -Original Message- From: Tener, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:56 AM To: Exchange Discussions Subject: RE: Nimda I GOT NAILED BY IT I WAS AT WORK FOR 36 HOURS STRAIGHT TRYING TO FIGURE OUT HOW TO FIX IT. FINIALLY I GOT ABOUT 98% OF THE VIRUS OFF ALL MY WORKSTATIONS. AND 100% OFF THE SERVER. MAN THIS VIRUS REALLY CLOGS YOUR SYSTEM AND SCREWS UP ALOT OF PROGRAMS MOSTLY OFFICE 200O -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:50 PM To: Exchange Discussions Subject: RE: Nimda We have not had any come in through email. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Thursday, September 20, 2001 10:50 AM To: Exchange Discussions Subject: Re: Nimda I got none ... guess I don't have any friends ;) -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org -- - Original Message - From: John Martinez [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:32 PM Subject: Nimda Did everyone get nailed by Nimda? This list is dead today! I got eight hits from it last night. Thank god for proper working antivirus apps! John _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: nimda virus changes on me
Maybe it's just me, but, if your servers were infected I would rebuild them as a matter of principle. You are only cleaning up the symptoms and closing the hole after someone has already been in and touched you. The only way that I know of to be assured of having truly cleaned the system is to start fresh with all appropriate patches and then reinstall programs and data. Anyone have any comments? Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax:(360) 759-6001 -Original Message- From: Ron Jameson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:57 AM To: Powell, Ken Subject: nimda virus changes on me Well, I just put in a 24 hour shift to patch the ol' web, email, main and terminal servers in one form or another and clean up 30 workstations. Was a little too late in the blocking of all .exe files on the sybari but I think this one entered thru the front web door on a client PC hitting an infected web site. Odd - two of the PC's out of the 30 were REALLY infected so as I could not repair. I need to format these boxes. Has anyone seen this virus change or morph into other executables other that the noted ones (riched20.dll, readme.exe, load.exe, modified system.ini, plus several other windows programs)? Regards, Ron Jameson _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda virus changes on me
When I scanned one of our servers with NAV, from a boot floppy it was finding a lot of EXE's that it said was infected with NIMDA. The last folder I saw that had several infected EXE's was Program File\Outlook Express It could not clean these, they were different file sizes. I did not want to delete these files... Still looking at it. We were going to replace this server anyway. Also got our proxy server - I already had a replacement for it setup. Just not online yet. Barry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ron Jameson Sent: Wednesday, September 19, 2001 11:57 AM To: Exchange Discussions Subject: nimda virus changes on me Well, I just put in a 24 hour shift to patch the ol' web, email, main and terminal servers in one form or another and clean up 30 workstations. Was a little too late in the blocking of all .exe files on the sybari but I think this one entered thru the front web door on a client PC hitting an infected web site. Odd - two of the PC's out of the 30 were REALLY infected so as I could not repair. I need to format these boxes. Has anyone seen this virus change or morph into other executables other that the noted ones (riched20.dll, readme.exe, load.exe, modified system.ini, plus several other windows programs)? Regards, Ron Jameson _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
