RE: Virus

["Brian G. Reynolds" <brian.g.reynolds@xxxxxxx>]

Oh bugger, here we go again!

Whilst we are dealing with terrorists can we not deal with these people as
well!

B.

> -----Original Message-----
> From: Ian Lowe [mailto:ian@xxxxxxx]
> Sent: 22 September 2001 18:26
> To: ukha_d@xxxxxxx
> Subject: Re: [ukha_d] Virus
>
>
> I am pretty certain there is another variant in the wings..
> We use Norton AV, and with the latest definition files, we show clean,
> however, a root.exe file appeared in the \Program Files\Common
> Files\Shared\msadc folder of my (patched) IIS Server. (another sign of
> infection)
>
> more to the point, my server is mkaing a lot of DNS requests that
> don't seem
> to be relaed to anything I am doing...
>
> I suspect newer defs over the next few days will show something up...
:(
>
> Ian.
>
>
> ----- Original Message -----
> From: "Brian G. Reynolds" <brian.g.reynolds@xxxxxxx>
> To: <ukha_d@xxxxxxx>
> Sent: Saturday, September 22, 2001 3:32 PM
> Subject: RE: [ukha_d] Virus
>
>
> > Thanks Keith, I should have known that :-(
> >
> > All .eml deleted.
> >
> > I have run the virus scan again and it does not find any mere
does that
> mean
> > all is ok again?
> > Never had a virus before not sure when to trust it again!
> >
> > I have already read the threads, I have re-SP2'd and another MS
patch
> > q301625_w2k_sp3_x86_en.exe
> > Anything else or can I now breathe again!!
> >
> > Thanks,
> >
> > B.
> >
> > > -----Original Message-----
> > > From: Keith Doxey [mailto:ukha@xxxxxxx]
> > > Sent: 22 September 2001 15:07
> > > To: ukha_d@xxxxxxx
> > > Subject: RE: [ukha_d] Virus
> > >
> > >
> > > *.eml are email messages but the ones that hyou have found
> will be loads
> > > with the same file size and datestamp.
> > >
> > > THEY ARE INFECTED WITH THE VIRUS ..... DELETE THEM.
> > >
> > > It also puts some codew in any HTML or ASP files it finds
that will
> infect
> > > any other PC viewing the pages.
> > >
> > > Read the previous threads from when Graham was battling to
> remove Nimda.
> > >
> > > Keith
> > >
> > > > -----Original Message-----
> > > > From: Brian G. Reynolds [mailto:brian.g.reynolds@xxxxxxx]
> > > > Sent: 22 September 2001 14:04
> > > > To: UKHA Group
> > > > Subject: [ukha_d] Virus
> > > >
> > > >
> > > > What are .eml files?
> > > > I assume something to do with the web/html/IE?
> > > > It seems that these were the most attacked, I have
> > > "quarantined" them but
> > > > not sure if I can delete them?
> > > >
> > > > Another PC has also been infected but this time is
seems mostly
> > > > Psion files
> > > > so I have deleted them! subtle.
> > > >
> > > > Thanks,
> > > >
> > > > B.
> > > >
> > > >
> > > >
> > > > For more information: http://www.automatedhome.co.uk
> > > > Post message: ukha_d@xxxxxxx
> > > > Subscribe:  ukha_d-subscribe@xxxxxxx
> > > > Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
> > > > List owner:  ukha_d-owner@xxxxxxx
> > > >
> > > > Your use of Yahoo! Groups is subject to
> > http://docs.yahoo.com/info/terms/
> > >
> > >
> > >
> >
> >
> >
> > For more information: http://www.automatedhome.co.uk
> > Post message: ukha_d@xxxxxxx
> > Subscribe:  ukha_d-subscribe@xxxxxxx
> > Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
> > List owner:  ukha_d-owner@xxxxxxx
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
>
>
>
>
>
> For more information: http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe:  ukha_d-subscribe@xxxxxxx
> Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
> List owner:  ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>



For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/