Update on W32.Nimda.A@mm/TROJ_NIMDA.A

• Previous message: Simon Clausen: "Re: Alert: Some sort of IIS worm seems to be propagating"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID:  <1EEFCD1DA207D4119EE600D0B7445119013AD5E0@mailhost.acuent.com>
Date:         Tue, 18 Sep 2001 19:41:50 -0400
From: Anthony Paulina <APaulina@ACUENT.COM>
Subject:      Update on W32.Nimda.A@mm/TROJ_NIMDA.A
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Well I just installed McAfee's latest virus definitions for Netshield,
Superdat 4159, set my scanning software to clean the infected files
automatically, and watched McAfee tell me that they couldn't be cleaned, and
that McAfee deleted all the infected files. This of course, guarantees that
my infected server is now completely useless. Each of the files that McAfee
found to be infected, had an *.eml copy created for it... Note, I also
noticed that the guest account was enabled, and then added into the local
administrators group. This occurred around 4:15am, the *.eml files started
cropping up around 9:30am...

Anthony Paulina
Acuent Inc.
199 Cherry Hill Road
Parsippany, NJ 07054
email: apaulina@acuent.com
Phone: (973)541-4285
Fax: (973)541-2540

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE

If you are worried about email viruses, you need Trend Micro ScanMail for
Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
ensures 100% inbound and outbound email virus scanning and provides remote
software management. Download a FREE 30-day trial copy of ScanMail and find
out why it is the best:
http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
============================================================================

• Previous message: Simon Clausen: "Re: Alert: Some sort of IIS worm seems to be propagating"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: user accounts ... update the virus definitions. ... to look for the infected files on the right pane, but only 1 infected files was found, that is, svchost.exe. ... (microsoft.public.windowsxp.newusers) Re: delete virus files ... What antivirus software are you ... Do you have the latest virus definitions and have you run a full ... greg wrote: ... > I have 2 infected files that I need to delete. ... (microsoft.public.win2000.security) RE: user accounts ... update the virus definitions. ... I have quarantined the viruses. ... to look for the infected files on the right pane, but only 1 infected files was found, that is, svchost.exe. ... (microsoft.public.windowsxp.newusers)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint