Results 1 to 10 of 10

Thread: Nimda Virus

  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Brantford, Ontario, Canada
    Posts
    2,391
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    <A target="_blank" HREF=http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html>Here's</A> the link to the information about Nimda at Symantec's <A target="_blank" HREF=http://www.sarc.com>http://www.sarc.com</A>.
    Christopher Baldrey

  2. #2
    4 Star Lounger
    Join Date
    Dec 2000
    Location
    London, Ontario, Canada
    Posts
    437
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    Now approaching the 12th. hour trying desparately to eliminate this ?$(@1 from 3 of our systems. McAfee was singularly unhelpful, but about 1 hour ago, I took the time to visit the Central Command who provided "free of charge" a removal program THAT WORKED. One tip for those who need to avail themselves of this service, when the Central Command executable (antinimda.exe) is finished scanning and you're instructed to restart your computer, don't exit antinimda, simply Start>Shutdown>Restart. Works a treat. I'm tired, going home. I certainly hope most of you avoid this pest. BTW, ZoneAlarm firewall on my system has been reporting attemtped intrusions on the average of every 2 minutes from outside infected computers. This is a very, very nasty beast indeed.

  3. #3
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Dallas plus 20 miles or so, Texas, USA
    Posts
    876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    You are entirely right. I have a dial up connection...just ran the program you mentioned and there it is.

    Here is what I noticed on my system:

    1. Was prompted by a never before seen confirmation box for DUN password - twice.
    2. Received an access violation dialog box when attempting to open an Excel workbook, which had not been accessed since September 3.
    3. Clicked "OK" on the access violation dialog and closed it.
    4. Double clicked "My Computer" and noticed that my entire system was shared - C, D (CD Burner), and M (CD Rom). Share names were the drive letter followed by "$".
    5. Said "OH CRAP", and came back to Woody's, clicked on <A target="_blank" HREF=http://www.centralcommand.com>Central Command</A> and ran the virus remover - twice.

    Thanks for the link Brian...I was shocked that it was on my system.

  4. #4
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cairns, Queensland, Australia
    Posts
    885
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    Hi Brian,

    My company and our corporate brothers are using <A target="_blank" HREF=http://www.sophos.co.uk>Sophos</A> which has proven to be highly successful. They issue email bulletins for all updates, which are almost always readily available on the web site by the time we hear about the new viruses.

    You just need someone reliable to keep abreast of these updates and ensure they are rolled out to the users.

    Hope this might prove of some use.
    Granville

  5. #5
    4 Star Lounger
    Join Date
    Dec 2000
    Location
    London, Ontario, Canada
    Posts
    437
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    Thanks Granville, I'll look into Sophos. We definitely need to re-examine McAfee. I've had a great deal of difficulty using it on my own Win'98 system. It's consistently involved in blue screens which I'm led to believe is a video driver related problem, but frankly, I haven't had the time to track it down. It was also extremely difficult to download the relevant data file yesterday (took numerous attempts and 3 and a half hours), once patched it consistently crashed while scanning. Oh well, all better now.
    We thought we had patched the IIS vulnerability on our Win2000 Server, but it would appear that we hadn't. A word to the wise, if you haven't applied the IIS patch, do it now!

  6. #6
    ileacy
    Guest

    Re: Nimda Virus

    Hi Brian:

    FWIW, I stopped using McAfee a long time ago. At this point I am using InoculateIt PE on a variety of Win9x systems. I started doing this while the service was free. Virus updates are frequent and reliable eg. 31 updates released in the last 10 days. Based on the results to date the new commercial product from Computer Associates may be a good offering. The free version of InoculateIt continues to work for previously registered users, but, I expect that virus updates will stop in the near future.

    The other major option I am looking at is Norton Antivirus 2002. Two major reasons: Good track record to date and WinXP certification.

    Hope you got some sleep.

  7. #7
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Nimda Virus

    I'm (as usual) confused. Does Nimda only attack W2000, XP and NT4 machines and IIS servers?
    -John ... I float in liquid gardens
    UTC -7ąDS

  8. #8
    4 Star Lounger
    Join Date
    Dec 2000
    Location
    London, Ontario, Canada
    Posts
    437
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Nimda Virus

    Thanks Ian, after a couple of pints I slept quite well. Appreciate your input regarding AV software. A local net guru that was giving us a little free help sent me the following in an email today:

    To the tune of The Lion Sleeps Tonight

    {chorus}
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day.

    [bloke in background]
    Ooooh-ooooh, oooh-ee-oo-ay a Nimda day ...

    In the networks, the NT networks,
    The virus spreads tonight.
    In the networks, the busy networks,
    The virus leaps tonight.

    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day.

    Near the server, infected server,
    The virus pings tonight.
    Near the server, infected server,
    The virus pings tonight.

    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day.

    TFTP, TFTP,
    What is going on?
    TFTP, TFTP,
    /What/ is going on !?

    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day,
    A Nimda Day, a Nimda Day.

    {repeat ad nauseum}

  9. #9
    ileacy
    Guest

    Re: Nimda Virus

    One interesting point. I have my local network behind a LinkSys Cable/DSL 4 Port Router Switch. I also have Zone Alarm on each system.

    The NAT gateway effectively stopped all probes from getting to the local network (zero alarms on 3 systems and no firewall alerts from Linux system). I of course have no alarm logs to check the frequency of probes but that is no big loss.

    This combination of NAT gateway and router is an inexpensive way to protect your systems. With the switched ethernet it can also give you a performance boost.

  10. #10
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Nimda Virus

    I have the same except I amd using a NetGear RT 314 router. Last night we lost the cable connection but was back up this AM. We had been getting probbed real heavy ear;ier. The modem light had been flashing even with all of the computers turned off. the AT&T servers seem to be blocking it now.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •