Message Board -  Archive

[ Login ] [ Create Account ]
[ Board List ] [ View Board ] [ Post Reply ]
  Author  Subject: Nimda Virus Sent From My Machine to the SyrLUG Mailing List...
Archive  

Posted on 12-23-2001 12:40 a.m. ET  reply

Original Poster: "vasudeva" <vasudeva@downcity.net>

Hey, looks like I've had my box infected with three different variants of
Nimda. Although I assume you are all more than savvy enough to know what to
do when a virus hits, and probably aren't running Windows anyway, I'm
including instructions out of contrition. ;)

If you also got this sample.exe file from me -- or any other attachment --
don't run it. Delete the hell out of it.

If you *did* run it, don't panic. All it does is replicate itself across
the planet. Your machine may run a little slower until you clean it.

First, kill your mail client. If you can, disconnect the machine in
question from the Internet at large and use a second, uninfected machine to
get virus updates and the tools mentioned below.

If you only have the one machine and have no virus scanner, you might as
well get a free scan of your computer here:

http://security2.norton.com/us/home.asp?venid=sym&langid=us

If you have a scanner, update it and run it. You'll want to do a full scan
of every file on your system. I my own personal self had around 1100 files
infected. O, joy. Luckily, the scanner repairs the files without data
loss.

The three strains I was infected with are W32.Nimda.A@mm, W32.Nimda.E@mm,
and W32.Nimda.enc. The first two have their own fixes here:

NimdaA
http://securityresponse.symantec.com/avcenter/Fixnimda.com

NimdaE
http://securityresponse.symantec.com/avcenter/FxNimdaE.com

If you pop positive for either one on the scan, you'll want to follow the
link to the appropriate fix and run it. (The .enc one apparently doesn't
have its own fix -- traditional scanner tools should suffice.)

How did we get here? I was installing FreeBSD on a fresh disk, and, in my
infinite wisdom, included a Windows 2000 installation with IIS. I booted
into Win2k and forgot to patch IIS before leaving the house. After coming
back from a party, I found 3 or 4 messages in my inbox telling me I had sent
various and sundry persons suspicious attachments. Yay for insecure
software (and forgetfulness).

If all this wasn't as clear as it could have been, email me or instant
message clokhed on AOL Instant Messenger and I'll help out however I can.

Sorry for the stupidity.

/></

< Previous 1 Next >

Site Contents