RE: How to remove Nimda from NT Server without a reload

2001-09-20 Thread Miley, Dan
: How to remove Nimda from NT Server without a reload I've had one server infected. Other than the description below, I used NAI's removal-tool with no problems. It can be found at http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 (may be wrapped) under the heading "Stand-alone rem

RE: How to remove Nimda from NT Server without a reload

2001-09-20 Thread Andrew S. Baker
>>but when i try to kill it with task manager >>it says access denied... Embrace the command line. Killing processes is MUCH easier, from the command line. http://www.ultratech-llc.com/KB/?File=Processes.TXT PSTOOLS are among the best utilities for this... Also, see the AV vendors for free

RE: How to remove Nimda from NT Server without a reload

2001-09-20 Thread Søren Albeck
I've had one server infected. Other than the description below, I used NAI's removal-tool with no problems. It can be found at http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 (may be wrapped) under the heading "Stand-alone removal tool". The server was booted in between each step, the whole

RE: How to remove Nimda from NT Server without a reload

2001-09-20 Thread Michael L. Callahan
I'm in the middle of an all-nighter killing this thing, I'll tell you what is working for me (you need to be at the console): Delete Admin.dll and all TFTP* files from %driveletter%\Inetpub\scripts Stop and disable the server service Reboot Apply IIS cumulative patch Reboot Apply hotfixes for eith

RE: How to remove Nimda from NT Server without a reload

2001-09-19 Thread Christopher Monahan
When you can't stop a process from the task manager try the reskit tool kill.exe. Can also try the -f option to force a kill. You can kill by process ID, process name, or wildcard. My cleaning batch file does a 'kill mmc.exe' and 'kill mep'. Another worm executable will be call 'mep???.txt.exe

RE: How to remove Nimda from NT Server without a reload

2001-09-19 Thread Benjamin Zachary
September 2001 11:29 AM To: NT System Admin Issues Subject: RE: How to remove Nimda from NT Server without a reload I heard from another list the Trend Micro has a new tool that removes and corrects. CERT indicates there is no receovery. Which way to go? Steve Clark Clark Systems Support, LLC

RE: How to remove Nimda from NT Server without a reload

2001-09-19 Thread Clark, Steve
ember www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:35 PM To: NT System Admin Issues Subject: RE: How to remove Nimda from NT Server without a reload i'

RE: How to remove Nimda from NT Server without a reload

2001-09-19 Thread Matthew Western
001 11:29 AM To: NT System Admin Issues Subject: RE: How to remove Nimda from NT Server without a reload I heard from another list the Trend Micro has a new tool that removes and corrects. CERT indicates there is no receovery. Which way to go? Steve Clark Clark Systems Support, LLC AVIEN

RE: How to remove Nimda from NT Server without a reload

2001-09-19 Thread Clark, Steve
I heard from another list the Trend Micro has a new tool that removes and corrects. CERT indicates there is no receovery. Which way to go? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message-