[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: Virus
I had the same thing... there is a 'coderedcleanup.exe' on the MS site that
fixes these bits (I noticed it because an inbound HTTP request tried to
initiate a TFTP outbound connection.
----- Original Message -----
From: "Ian Lowe" <ian@xxxxxxx>
To: <ukha_d@xxxxxxx>
Sent: Saturday, September 22, 2001 6:25 PM
Subject: Re: [ukha_d] Virus
> I am pretty certain there is another variant in the wings..
> We use Norton AV, and with the latest definition files, we show clean,
> however, a root.exe file appeared in the \Program Files\Common
> Files\Shared\msadc folder of my (patched) IIS Server. (another sign of
> infection)
>
> more to the point, my server is mkaing a lot of DNS requests that
don't
seem
> to be relaed to anything I am doing...
>
> I suspect newer defs over the next few days will show something up...
:(
>
> Ian.
>
>
> ----- Original Message -----
> From: "Brian G. Reynolds" <brian.g.reynolds@xxxxxxx>
> To: <ukha_d@xxxxxxx>
> Sent: Saturday, September 22, 2001 3:32 PM
> Subject: RE: [ukha_d] Virus
>
>
> > Thanks Keith, I should have known that :-(
> >
> > All .eml deleted.
> >
> > I have run the virus scan again and it does not find any mere
does that
> mean
> > all is ok again?
> > Never had a virus before not sure when to trust it again!
> >
> > I have already read the threads, I have re-SP2'd and another MS
patch
> > q301625_w2k_sp3_x86_en.exe
> > Anything else or can I now breathe again!!
> >
> > Thanks,
> >
> > B.
> >
> > > -----Original Message-----
> > > From: Keith Doxey [mailto:ukha@xxxxxxx]
> > > Sent: 22 September 2001 15:07
> > > To: ukha_d@xxxxxxx
> > > Subject: RE: [ukha_d] Virus
> > >
> > >
> > > *.eml are email messages but the ones that hyou have found
will be
loads
> > > with the same file size and datestamp.
> > >
> > > THEY ARE INFECTED WITH THE VIRUS ..... DELETE THEM.
> > >
> > > It also puts some codew in any HTML or ASP files it finds
that will
> infect
> > > any other PC viewing the pages.
> > >
> > > Read the previous threads from when Graham was battling to
remove
Nimda.
> > >
> > > Keith
> > >
> > > > -----Original Message-----
> > > > From: Brian G. Reynolds [mailto:brian.g.reynolds@xxxxxxx]
> > > > Sent: 22 September 2001 14:04
> > > > To: UKHA Group
> > > > Subject: [ukha_d] Virus
> > > >
> > > >
> > > > What are .eml files?
> > > > I assume something to do with the web/html/IE?
> > > > It seems that these were the most attacked, I have
> > > "quarantined" them but
> > > > not sure if I can delete them?
> > > >
> > > > Another PC has also been infected but this time is
seems mostly
> > > > Psion files
> > > > so I have deleted them! subtle.
> > > >
> > > > Thanks,
> > > >
> > > > B.
> > > >
> > > >
> > > >
> > > > For more information: http://www.automatedhome.co.uk
> > > > Post message: ukha_d@xxxxxxx
> > > > Subscribe: ukha_d-subscribe@xxxxxxx
> > > > Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> > > > List owner: ukha_d-owner@xxxxxxx
> > > >
> > > > Your use of Yahoo! Groups is subject to
> > http://docs.yahoo.com/info/terms/
> > >
> > >
> > >
> >
> >
> >
> > For more information: http://www.automatedhome.co.uk
> > Post message: ukha_d@xxxxxxx
> > Subscribe: ukha_d-subscribe@xxxxxxx
> > Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> > List owner: ukha_d-owner@xxxxxxx
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
> >
> >
> >
> >
> > For more information: http://www.automatedhome.co.uk
> > Post message: ukha_d@xxxxxxx
> > Subscribe: ukha_d-subscribe@xxxxxxx
> > Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> > List owner: ukha_d-owner@xxxxxxx
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
> >
>
>
>
> For more information: http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe: ukha_d-subscribe@xxxxxxx
> Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> List owner: ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
- References:
- RE: Virus
- From: "Brian G. Reynolds"
<brian.g.reynolds@xxxxxxx>
- Re: Virus
- From: "Ian Lowe"
<ian@xxxxxxx>
Home |
Main Index |
Thread Index
|