McAfee/NAI has a removal tool: http://download.nai.com/products/mcafee-avert/nimda2.exe On Tue, 18 Sep 2001, Christian Hampson wrote: > Date: Tue, 18 Sep 2001 11:29:09 -0700 > From: Christian Hampson <champsonat_private> > To: incidentsat_private, focus-virusat_private > Subject: RE: New "concept" virus/worm? > > Please forgive the cross-post. > > I am at a client site. Win2k without SP2 is infected. NT4 without IIS > or an email client installed has not been affected. Fortunately, that > is the server containing payroll. > > If anyone has developed or heard of a removal tool, I would love to hear > about it. > > So far, I have seen McAfee, Sophos, and F-Secure post definitions for > this virus. > > Christian Hampson > champsonat_private > > -----Original Message----- > From: Dave Salovesh [mailto:saloveshat_private] > Sent: Tuesday, September 18, 2001 10:21 > To: 'Brett Glass'; Jay D. Dyson; Incidents List > Cc: Vuln Dev > Subject: RE: New "concept" virus/worm? > > > It infects 98 (I've got it on the one 98 workstation we run) and may > have been involved in infecting two of NT4 servers. > > I also have two UNinfected NT4 servers that are patched to about the > same level as the infected ones - not quite completely patched, but I > think I've selected all the appropriate ones for the role each server > plays. > > My W2K server is patched up to the minute and didn't get infected. So > far... > > LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 15:18:40 PDT