Curious AV behavior wrt Nimda

From: kawaii (trunksat_private)
Date: Tue Sep 18 2001 - 12:30:27 PDT

Next message: William Holmberg: "RE: McAffee and Removal for W32/Nimda@MM?"

Previous message: John Q. Public: "Re: nimda tries to send mail after reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've noticed several odd things about the virus, and the McAfee Dat that
fixes it.

1) The virus seems to start a 'mmc', 'net', and other processes, which
typically result in the crashing of explorer, and the eventual DoS of the
machine.

2) The Dat that fixes the virus seem to be deleting .exe files almost at
random. Is there any way to recover the lost .exe or are a lot of my
programs really fubar'd now?

Ever lovable and always scrappy,
kawaii


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: William Holmberg: "RE: McAffee and Removal for W32/Nimda@MM?"
Previous message: John Q. Public: "Re: nimda tries to send mail after reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 17:39:11 PDT