Nasty new virus... - Team Camaro Tech
Tech 2001 General Tech questions from 2001
Replies ONLY, no new topics.

 
LinkBack Thread Tools Display Modes
post #1 of 7 (permalink) Old Nov 1st, 01, 06:55 PM Thread Starter
DjD
Retired
Dennis
 
DjD's Avatar
 
Join Date: Apr 1999
Location: Fortuna, CA
Posts: 26,547
Garage
Angry

This was discovered on Oct 29th... I just received 2 e-mails with different title and some personal information off the senders PC in the body of the message. Each has an attachment, one is a .pif and the other is an .exe The titles of these files relate to the information in the body of the message!! The ones I got were "finanical.pif" and "bank.exe"

You can see by the file names this one is digging into your privicy big time!!

I think what was sent to me is already a variant of this http://[email protected]
DjD is offline  
Sponsored Links
Advertisement
 
post #2 of 7 (permalink) Old Nov 2nd, 01, 01:55 AM
Moderator
Guess
 
HwyStarJoe's Avatar
 
Join Date: Jan 2001
Location: New Taxes York
Posts: 15,366
Post

You're right, Dennis. That's the wicked little Nimda.

In case anyone's interested, follow this link and get the removal tools that are listed on the lower right column. http://www.symantec.com/avcenter/



------------------
Joe
WCA Member
[email protected]
[email protected]
'69 wallet crusher
'97 Blazer - Bad wheel hop!
HwyStarJoe is offline  
post #3 of 7 (permalink) Old Nov 2nd, 01, 02:42 AM
Senior Tech
Tom
 
Join Date: Jun 2001
Location: Rochester Mn
Posts: 7,777
Angry

In my opinion, people that mke these viruses are creating acts of terror and should be treated as all terrorists will be. These are not things anyone should treat lightly. Tom
TJS69 is offline  
 
post #4 of 7 (permalink) Old Nov 2nd, 01, 06:35 AM
Senior Tech
 
Join Date: Sep 2000
Location: Dixon, IL, USA
Posts: 149
Post

Amen TJS69. It is becomming all too common to get an e-mail virus. It is time to get tough.
Chris Davis is offline  
post #5 of 7 (permalink) Old Nov 2nd, 01, 03:50 PM
Gold Lifetime Member
Scott
 
Join Date: Sep 2000
Location: Weddington, NC, USA
Posts: 1,983
Post

The [email protected] is a recompiled [email protected] virus. This is an extremely nasty virus. Read more here http://securityresponse.symantec.com/

It enables the Guest account on Windows NT servers and gives it administrator privileges!!!

You do not need to open any emails if you have an IIS server that does not have the correct patches the virus gets in by just launching a web sight.

It starts creating files with .EML extensions faster that you can clean them up. It will place admin.dll and explore.exe on the root of C:\ and you cannot delete them. The only way to be sure an infected server is cleaned is rebuilding from scratch. I dont mean just reinstalling the OS, you have to FDISK the hard drive and start over. Nasty nasty virus.
ScottB is offline  
post #6 of 7 (permalink) Old Nov 2nd, 01, 08:04 PM Thread Starter
DjD
Retired
Dennis
 
DjD's Avatar
 
Join Date: Apr 1999
Location: Fortuna, CA
Posts: 26,547
Garage
Post

I know what you do for a living Scott

Scott is right on in his info but left out it has a mind of it's own and may creat the .eml files on one machine and do something different on another. It also can utilize remote drive mounts to spread itself... If you are on a network and access a remote server to save off data you most likely use a remote drive... Bad news bears!!!
DjD is offline  
post #7 of 7 (permalink) Old Nov 3rd, 01, 05:16 AM
Gold Lifetime Member
Scott
 
Join Date: Sep 2000
Location: Weddington, NC, USA
Posts: 1,983
Post

DjD
Too, Too much to list on this virus thats why I included the link to Symantec. Everything you need to know about the virus is there, and how to battle it. Know this, the [email protected] was discovered 9/18/01, by then it was too late for any vulnerable Microsoft IIS web servers. By 9/19/01 it was a mad scramble for thousands of companies to contain it. On 10/29/01 [email protected] a recompiled version of the [email protected] virus was released that was designed to infect servers not infected by the first one. My guess is that this worm will continue to evolve and continue to be a threat for some time.
If detected installing virus detection is not enough, you need a removal tool that can be downloaded at the link in my previous post
ScottB is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Team Camaro Tech forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address.
NOTE we receive a lot of registrations with bad email addresses. IF you do not receive your confirmation email you will not be able to post. contact support and we will try and help.
Be sure you enter a valid email address and check your spam folder as well.



Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome