[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: Virus
- To: ukha_d@xxxxxxx
- Subject: Re: Virus
- From: steve@xxxxxxx
- Date: Sun, 23 Sep 2001 09:43:34 -0000
- Delivered-to: mailing list ukha_d@xxxxxxx
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
If you are in win2k just look in taskman and see if anythingunusual
is running.
if there is strange stuff happening, end task it, then find it in you
computer and delete it.
if your on win98/95 and i think ME.
you cant see "all" running processes, so i have a neat little
utility
somewhere i made in VB which alows you to list ALL running processes
and kill any of them, i think if i can find it, i will add, a kill
and delete button aswell, or a kill and move button.
interested?
HTH steve
--- In ukha_d@y..., "John McManus" <john.mcmanus@b...>
wrote:
> I am in a difficult position as my virus scanner (NAV2001) does not
show
> that I am infected, but the Zone Alarm Pro firewall suddenly
(Wednesday)
> started asking if I want to allow TFTP (trivial file transfer
protocol) to
> connect to the internet. I have also run a couple of the 'cleaner'
programs
> for Nimda virus... they too say I am not infected.
>
> Since I am not aware of any apps on the server that need to use
TFTP (and
> the addresses that it is going to are other BT Internet ones), I
guess I
> need to assume that I am infected with something and reformat /
> re-install... a real PITA.
>
> Any thoughts would be appreciated.
> ----- Original Message -----
> From: "Brian G. Reynolds" <brian.g.reynolds@n...>
> To: <ukha_d@y...>
> Sent: Saturday, September 22, 2001 7:42 PM
> Subject: RE: [ukha_d] Virus
>
>
> > Thanks Keith,
> >
> > I am using Norton AntiVirus 2001 recently bought, I used its own
virus
> scan
> > routine, is there a better way?
> >
> > All the infected files were deleted.
> > I do use it's auto update and do it manually as well.
> >
> > Thanks for the info.
> >
> > B.
> > > -----Original Message-----
> > > From: Keith Doxey [mailto:ukha@xxxxxxx...]
> > > Sent: 22 September 2001 19:00
> > > To: ukha_d@y...
> > > Subject: RE: [ukha_d] Virus
> > >
> > >
> > > Thats probably it.
> > >
> > > How did you run yor virus scan?
> > > We ran it Windows "Find Files" containing the text
"whatever
you care to
> > > put" so that it was forced to open everyfile on the
machine, at
which
> time
> > > the AV software should find the infected files.
> > >
> > > Make sure you keep your anti virus software upto date.
> > >
> > > At work we use VirusScan TC from McAfee.
> > > The Dat file was at version 4158 at the beginning of the
week
and by
> > > yesterday had reached 4162.
> > >
> > > At home I use eTrust EZ Antivirus. Its Dat file has gone
from
> > > 1491 on Monday
> > > to 1512 yesterday.
> > >
> > > One of the worst things about Nimda is that YOU dont have to
do
> > > anything to
> > > catch it. I have no doubt that there will be several more
viruses
> > > that mimic
> > > the HTML method employed by Nimda, namely using Javascript
to
Pop-Up a
> > > window at coordinates that wont show on the screen and then
try
to do
> > > malicious things to your machine. Disabling Javascript would
stop that
> but
> > > would also stop many reputable web pages from working and I
> > > believe most, if
> > > not all eCommerce sites would be less than useless if you
didnt
support
> > > Javascript.
> > >
> > > Once again a few idiots spoiling things for the majority :-(
> > >
> > > Keith
> > >
> > > > -----Original Message-----
> > > > From: Brian G. Reynolds [mailto:brian.g.reynolds@xxxxxxx...]
> > > > Sent: 22 September 2001 15:33
> > > > To: ukha_d@y...
> > > > Subject: RE: [ukha_d] Virus
> > > >
> > > >
> > > > Thanks Keith, I should have known that :-(
> > > >
> > > > All .eml deleted.
> > > >
> > > > I have run the virus scan again and it does not find
any mere
> > > > does that mean
> > > > all is ok again?
> > > > Never had a virus before not sure when to trust it
again!
> > > >
> > > > I have already read the threads, I have re-SP2'd and
another
MS patch
> > > > q301625_w2k_sp3_x86_en.exe
> > > > Anything else or can I now breathe again!!
> > > >
> > > > Thanks,
> > > >
> > > > B.
> > > >
> > > > > -----Original Message-----
> > > > > From: Keith Doxey [mailto:ukha@xxxxxxx...]
> > > > > Sent: 22 September 2001 15:07
> > > > > To: ukha_d@y...
> > > > > Subject: RE: [ukha_d] Virus
> > > > >
> > > > >
> > > > > *.eml are email messages but the ones that hyou
have found
> > > will be loads
> > > > > with the same file size and datestamp.
> > > > >
> > > > > THEY ARE INFECTED WITH THE VIRUS ..... DELETE
THEM.
> > > > >
> > > > > It also puts some codew in any HTML or ASP files
it finds
that
> > > > will infect
> > > > > any other PC viewing the pages.
> > > > >
> > > > > Read the previous threads from when Graham was
battling to
> > > remove Nimda.
> > > > >
> > > > > Keith
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Brian G. Reynolds [mailto:brian.g.reynolds@xxxxxxx...]
> > > > > > Sent: 22 September 2001 14:04
> > > > > > To: UKHA Group
> > > > > > Subject: [ukha_d] Virus
> > > > > >
> > > > > >
> > > > > > What are .eml files?
> > > > > > I assume something to do with the
web/html/IE?
> > > > > > It seems that these were the most attacked, I
have
> > > > > "quarantined" them but
> > > > > > not sure if I can delete them?
> > > > > >
> > > > > > Another PC has also been infected but this
time is seems
mostly
> > > > > > Psion files
> > > > > > so I have deleted them! subtle.
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > B.
> > > > > >
> > > > > >
> > > > > >
> > > > > > For more information: http://www.automatedhome.co.uk
> > > > > > Post message: ukha_d@y...
> > > > > > Subscribe: ukha_d-subscribe@y...
> > > > > > Unsubscribe: ukha_d-unsubscribe@y...
> > > > > > List owner: ukha_d-owner@y...
> > > > > >
> > > > > > Your use of Yahoo! Groups is subject to
> > > > http://docs.yahoo.com/info/terms/
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > For more information: http://www.automatedhome.co.uk
> > > > Post message: ukha_d@y...
> > > > Subscribe: ukha_d-subscribe@y...
> > > > Unsubscribe: ukha_d-unsubscribe@y...
> > > > List owner: ukha_d-owner@y...
> > > >
> > > > Your use of Yahoo! Groups is subject to
> > http://docs.yahoo.com/info/terms/
> > >
> > >
> > >
> > >
> > >
> > > For more information: http://www.automatedhome.co.uk
> > > Post message: ukha_d@y...
> > > Subscribe: ukha_d-subscribe@y...
> > > Unsubscribe: ukha_d-unsubscribe@y...
> > > List owner: ukha_d-owner@y...
> > >
> > > Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
> > >
> > >
> > >
> >
> >
> >
> > For more information: http://www.automatedhome.co.uk
> > Post message: ukha_d@y...
> > Subscribe: ukha_d-subscribe@y...
> > Unsubscribe: ukha_d-unsubscribe@y...
> > List owner: ukha_d-owner@y...
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
> >
> >
> >
> >
> > For more information: http://www.automatedhome.co.uk
> > Post message: ukha_d@y...
> > Subscribe: ukha_d-subscribe@y...
> > Unsubscribe: ukha_d-unsubscribe@y...
> > List owner: ukha_d-owner@y...
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
> >
Home |
Main Index |
Thread Index
|