We have had few infections, mostly desktops and development web servers. The desktops that were hit were pretty severely effected. Nimda infects so many system files that many of them had to be wiped and re-installed. K.D> -----Original Message----- From: J.Michael Cuciti [mailto:mcuciti@private] Sent: Wednesday, September 19, 2001 3:04 PM To: crime@private Subject: Nimda All: I got hit by the Nimda virus yesterday at 7:40 am. However, because of dumb luck, I believe that I have been saved from damage as my IIS server is version 3.0 and the browser on the server is also version 3.0. We never upgraded. This is what I've found on my system: The Admin.DLL was placed in the c:\ root directory. In the SCRIPTS directory there were a number of files called TFTP#.EXE There was no entry in the SYSTEM.INI The RICHED20.DLL file was not replaced or deleted No SAMPLE.EML, DESKTOP.EML, DESKTOP.NWS, or SAMPLE.NWS were created The workstation service was not started and therefore the virus could add a user I get the the following error in the Event Log every 6 minutes: The HTTP server was unable to load ISAPI application: C:\IntPub\Scripts\.%5c\Admin.dll Event ID:19 Anybody know what that means? Thanks... -Mike
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:25:16 PDT