[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: Virus
I am pretty certain there is another variant in the wings..
We use Norton AV, and with the latest definition files, we show clean,
however, a root.exe file appeared in the \Program Files\Common
Files\Shared\msadc folder of my (patched) IIS Server. (another sign of
infection)
more to the point, my server is mkaing a lot of DNS requests that don't
seem
to be relaed to anything I am doing...
I suspect newer defs over the next few days will show something up... :(
Ian.
----- Original Message -----
From: "Brian G. Reynolds" <brian.g.reynolds@xxxxxxx>
To: <ukha_d@xxxxxxx>
Sent: Saturday, September 22, 2001 3:32 PM
Subject: RE: [ukha_d] Virus
> Thanks Keith, I should have known that :-(
>
> All .eml deleted.
>
> I have run the virus scan again and it does not find any mere does
that
mean
> all is ok again?
> Never had a virus before not sure when to trust it again!
>
> I have already read the threads, I have re-SP2'd and another MS patch
> q301625_w2k_sp3_x86_en.exe
> Anything else or can I now breathe again!!
>
> Thanks,
>
> B.
>
> > -----Original Message-----
> > From: Keith Doxey [mailto:ukha@xxxxxxx]
> > Sent: 22 September 2001 15:07
> > To: ukha_d@xxxxxxx
> > Subject: RE: [ukha_d] Virus
> >
> >
> > *.eml are email messages but the ones that hyou have found will
be loads
> > with the same file size and datestamp.
> >
> > THEY ARE INFECTED WITH THE VIRUS ..... DELETE THEM.
> >
> > It also puts some codew in any HTML or ASP files it finds that
will
infect
> > any other PC viewing the pages.
> >
> > Read the previous threads from when Graham was battling to remove
Nimda.
> >
> > Keith
> >
> > > -----Original Message-----
> > > From: Brian G. Reynolds [mailto:brian.g.reynolds@xxxxxxx]
> > > Sent: 22 September 2001 14:04
> > > To: UKHA Group
> > > Subject: [ukha_d] Virus
> > >
> > >
> > > What are .eml files?
> > > I assume something to do with the web/html/IE?
> > > It seems that these were the most attacked, I have
> > "quarantined" them but
> > > not sure if I can delete them?
> > >
> > > Another PC has also been infected but this time is seems
mostly
> > > Psion files
> > > so I have deleted them! subtle.
> > >
> > > Thanks,
> > >
> > > B.
> > >
> > >
> > >
> > > For more information: http://www.automatedhome.co.uk
> > > Post message: ukha_d@xxxxxxx
> > > Subscribe: ukha_d-subscribe@xxxxxxx
> > > Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> > > List owner: ukha_d-owner@xxxxxxx
> > >
> > > Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
> >
> >
> >
>
>
>
> For more information: http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe: ukha_d-subscribe@xxxxxxx
> Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> List owner: ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>
>
> For more information: http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe: ukha_d-subscribe@xxxxxxx
> Unsubscribe: ukha_d-unsubscribe@xxxxxxx
> List owner: ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
- Follow-Ups:
- Re: Virus
- From: "John McManus"
<john.mcmanus@xxxxxxx>
- References:
- RE: Virus
- From: "Brian G. Reynolds"
<brian.g.reynolds@xxxxxxx>
Home |
Main Index |
Thread Index
|