Upgrading IE detects Nimda ?

From: Sean Kelly (lists@shortestpath.org)
Date: 09/19/01


Date: Tue, 18 Sep 2001 23:35:12 +0100 (BST)
From: Sean Kelly <lists@shortestpath.org>
To: incidents@securityfocus.com
Subject: Upgrading IE detects Nimda ?
Message-ID: <Pine.LNX.4.21.0109182330530.2650-100000@random.ncl.ac.uk>

Hi there,

        I've just finished cleaning up some Windows 98 (and 98 SE)
workstations from infection by Nimda. On a couple of the machines I found
I could not upgrade Internet Explorer - the install fell over with a
message about a previous installation not completing, and that I would
need to restart the machine. No matter how many times the machines were
rebooted I could not get IE5.5+SP2 to install.

        However, realising some stupidity on my part (it's been a long day
:) I spotted these machine were still infected by Nimda. After removing
the relevant files and config changes I found IE5.5+SP2 installed ok.

        Regards,

--
Sean Kelly

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Probes on Port 135 and 445 continue
    ... The house has a slow DSL connection, ... We removed more than 3000 viruses from their machines when they arrived ... about it, and you have to believe you need it, to install it. ... virus spammer infection - sending about 250 email's out from 6 infected ...
    (comp.security.misc)
  • Re: Probes on Port 135 and 445 continue
    ... The house has a slow DSL connection, ... We removed more than 3000 viruses from their machines when they arrived ... about it, and you have to believe you need it, to install it. ... virus spammer infection - sending about 250 email's out from 6 infected ...
    (comp.security.unix)
  • Re: ? WINS*.EXE installed as part of Windows
    ... If these files are under the path you quote, they are products of infection. ... If you connect an unpatched XP machine to the Internet without enabling the ... infected machines on the local network--even one will accomplish this. ... > each and every reboot during the install and after the second one, ...
    (microsoft.public.security.virus)
  • Re: ? WINS*.EXE installed as part of Windows
    ... So you're saying that Windows becomes infected DURING the INSTALL, ... > If these files are under the path you quote, they are products of infection. ... > Apparently, you either have no firewall to the Internet, or have a raft of> infected machines on the local network--even one will accomplish this. ...
    (microsoft.public.security.virus)
  • Re: Vast Spy System Loots Computers in 103 Countries
    ... A Plan to Catch the Conficker Worm ... infected millions of machines worldwide, ... signs of infection. ... it presents itself to the wider network. ...
    (sci.military.naval)