OK. Trends analysis response came back. Send us your serial number or we won't look at
it.
Not smart. I KNOW it's Nimda. I though they would want to see it and see if it was in
fact a new strain. I only sent it to them because once before they asked me here in
this forum to do so whenever
The eml files were returning even AFTER running all the Nimda scanners/ cleaners. (We
used two of them)
Finally just gave up and wiped the drives.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
[EMAIL
:58PM
Your sysmptoms read more like a Netware or other script not running to
completion.
ralph
Reply Separator
Subject:RE: Nimda - Thought we were protected
Author: NT System Admin Issues [EMAIL PROTECTED]
Date: 09/24/2001 7:54 AM
What makes you
: Nimda - Thought we were protected
The eml files were returning even AFTER running all the Nimda scanners/
cleaners. (We used two of them)
Finally just gave up and wiped the drives.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC
) 693-6929 (voice)
(858) 693-6916 (fax)
(310) 283-0806 (cell)
Please visit us online @ http://www.911RRT.com
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were
Did you have the IE patch applied? If the browsed to a infected site they
can get the virus that way as well.
Robert Muncy
Sherman Financial Group
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:35 AM
To: NT System Admin Issues
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I thought it might
be a new strain. I sent the files to McAfee for analysis already.
Steve Kelsay
Network Administration Group
South Carolina Department of
Could it be an issue with Novell instead of Microsoft? Just a thought.
Frank Ouimette
Chief Information Officer
FreeYankee, Inc.
Phone - 801.553.9381
Fax - 801.553.9338
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:35 AM
To: NT
24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
The virus checker we ran on the readme.exe file called it Nimda.
Unless we got hit with multiple virii at the same time. That is why I
thought it might be a new strain. I sent the files to McAfee
- Thought we were protected
Yes, I had installed all the patches we discussed here on the site.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
[EMAIL PROTECTED] 09/24/01 10:59AM
Did you have the IE patch
Sounds more like the machine itself is having problems rather than Nimda
causing anything. OSme of our NT workstations have that problem but hit the
restart button and all works well on next reboot.
Regards
Davidt
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent:
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:13 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could it be an issue with Novell instead of Microsoft? Just
** [EMAIL PROTECTED]
To: NT System Admin Issues [EMAIL PROTECTED]
Sent: Monday, September 24, 2001 10:44 AM
Subject: RE: Nimda - Thought we were protected
I had exactly the same experience. All of the profiles all of the desktop
files were deleted. And Task Manager will not launch.
Rick
with the
latest DAT files and early engines - pre 4.1.40 I believe - Just a thought..
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2001 15:54
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
What makes you think it is Nimda
there.
Desiree Herrmann
Network Manager
MasterLink Corp.
[EMAIL PROTECTED]
-Original Message-
From: Wantland, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Here's a tool
Veenpluis 4 - 6, 5684 PC Best
The Netherlands
Steve Kelsay [EMAIL PROTECTED] on 09/24/2001 05:11:25 PM
Please respond to NT System Admin Issues [EMAIL PROTECTED]
To: NT System Admin Issues [EMAIL PROTECTED]
cc: (bcc: Pim Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were
, John # PHX [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:41 AM
To: NT System Admin Issues
Subject:RE: Nimda - Thought we were protected
Here's a tool from eEye. McAfee has a tool as well.
http://www.eeye.com/html/Research/Tools/nimda.html
-Original Message
Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you patch you browsers??
xylog
-Original Message-
From: Frank Ouimette [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:11 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could
You also might try this free download from Symantec,
http:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 12:41 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Guys, please
System Admin Issues
Subject:RE: Nimda - Thought we were protected
Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched20.dll and mcc.exe (if you are infected
Would you set the scan to continue scanning, delete or clean infected
files??
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
SCAN ALL FILES (asp,js
, NT Systems Administrator
[EMAIL PROTECTED]
(404) 573-6630 Voice
6701 Roswell Road
Atlanta, GA 30328
-Original Message-
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:59 AM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Did you
Title: RE: Nimda - Thought we were protected
Exchange 5.5 doesn't have attachment filtering/blocking capabilities.
You'll need some 3rd party software like Antigen - www.sybari.com
Regards,
Sean Martin,
MCSENetwork AdministratorRibelin Lowell
CompanyInsurance Brokers, Inc.3111 C Street
PROTECTED]] Sent: September 24, 2001 14:07
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Where in Exchange 5.5 can you block certain attachments?
Ideally, I would like to block all *.exe and all *.vbs from most users.
I know how to block domains and email
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched, and
has no signs of infection
Paul Rudolph, MCSE; MCP+Internet; CCA
perotsystems
GIS
Title: RE: Nimda - Thought we were protected
I've been continuously scanning all the drives (including the networked). There is a tool out on Symantec site. Please check this site. http:[EMAIL PROTECTED]
-Original Message-
From: Negrete, Arthur [mailto:[EMAIL PROTECTED]]
Sent
, 2001 11:41 AM
To: NT System Admin Issues
Subject:RE: Nimda - Thought we were protected
Guys, please check ALL FILES to scan your drives , because also
ASP,JS,HTM,HTML,SHTML,SHTM are ALL infected on not listed if you select
to scan program files only!!
also replace riched20.dll
-
From: Rudolph, Paul [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 1:05 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Ran this tool any thoughts on what the open guest access means on a 98
machine? Scan says it is infected. Machine is completely patched
ngage in it."
-Original Message-From: Ian Kelly
[mailto:[EMAIL PROTECTED]] Sent: September 24, 2001 14:34
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL
Title: RE: Nimda - Thought we were protected
You
can't block attachments natively. You need 3rd party antivirus software.
-Original Message-From: Kelly Gosh
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24, 2001
11:07 AMTo: NT System Admin IssuesSubject: RE: Nimda
: RE: Nimda - Thought we
were protected
Third
party tools!
Ian
-
[EMAIL PROTECTED]
-
Love may not make the world go round, but I must admit that it makes the ride
worthwhile. - Sean Connery
-Original Message-
From
Vessies/BST/MS/PHILIPS)
Subject: RE: Nimda - Thought we were protected
Classification:
I've seen this same NIMDA-infected executable on a Windows 2000 Professional
machine after being protected with the latest updates. We haven't seen any
effects of the infection yet or further spread
Title: RE: Nimda - Thought we were protected
Be careful using this tool. . . The fixnimda.com will delete all your shares. . so if you run this utility on a server you could be in for a long night of rebuilding your structure, esp if you use share based permissions.
Bobby A. Jones
Systems
Title: RE: Nimda - Thought we were protected
Thanks
to both of you who replied. I was going crazy trying to find something
that doesn't exist.
Kelly Gosh
Information Systems Manager
Brilliance Audio, Inc.
Phone: 616.846.5256 ext. 704
Fax: 616.846.0630
http://www.brillianceaudio.com
Title: Message
Peter,
you got a doc on that from symantec?
-Original Message-From: Kim, Peter J.
[mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:26
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec
) 827-0924
-Original Message-
From: Lenny Bensman [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:00 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Could you please send the link to it? Does this tool clean all the areas?
(shares, registry
: Monday, September 24, 2001 11:34
AMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Third party tools!
Ian-[EMAIL PROTECTED]-Love
may not make the world go round, but I must admit that it makes
OK, The infected file to McAfee was returned as undeliverable. Any new addresses? This
one came from their site so should have been valid.
Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201
(803) 898-5522
[EMAIL PROTECTED]
Title: RE: Nimda - Thought we were protected
trend
scanmail.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Sent: Monday, September 24,
2001 2:33 PMTo: NT System Admin IssuesSubject: RE: Nimda
- Thought we were protected
You
can't block attachments
PMTo: NT System Admin IssuesSubject: RE: Nimda - Thought
we were protected
Or
if you have Symantec NAV for exchange, you make minor adjustments to the
Registry and it blocks all wanted attachments.
-Original
Message-From: Ian Kelly
[mailto:[EMAIL PROTECTED
About every fifteen minutes or so, the .EML files are all back again.
I've heard about this- in fact, just this afternoon. In this case, I
recommended to my customer to quarantine the machine (read: remove the
network cable!) and run the NIMDA scanner/fix from the machine locally (you
won't
Title: RE: Nimda - Thought we were protected
We're
using MailMarshal - it lets you block any attachments you like and is
intelligent enough to inspect headers to determine the file type to get around
cunning users changing file extensions...
-Original Message-From: Miley, Dan
Title: Message
Don't
forget to block WTC.exe (W32/Vote) while you're at it.
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24, 2001 4:09 PMTo: NT System Admin IssuesSubject: RE:
Nimda - Thought we were protected
Peter, you got a doc
mpeg""AttachmentNames9"="*.avi""AttachmentNames10"="*.mpg""AttachmentNames11"="*.exe"
DisAllow.cmd
nav12.regnaveupdate.exe
-Original Message-From: David James
[mailto:[EMAIL PROTECTED]]Sent: Monday, September
24, 2001
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 13:59
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Your sysmptoms read more like a Netware or other script not running to
completion
-Original Message-
From: Marc Miller [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 3:22 PM
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
About every fifteen minutes or so, the .EML files are all back again.
I've heard about this- in fact, just
Don't u mean Sophos ?
-Original Message-
From: Gisler, Johnny [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 20:05
To: NT System Admin Issues
Subject: RE: Nimda - Thought we were protected
Grab the soho tool
-Original Message-
From: [EMAIL PROTECTED] [mailto
48 matches
Mail list logo