We've found this to work: stop all services possible use a virus scanner that cleans the virus from a remote machine on all volumes do a second scan and you shouldn't get any hits double check the system.ini and wininit.ini for entries noted (we didn't have them) power off instead of shutdown (the memory resident part seems to infect something on the shutdown) I powered up disconnected from the network and logged in locally, everything seems to be fine. Installed anti-virus software and scanned again, everything was clean. double checked that the apps (explorer/iexplore) on the server still worked (they did) Now I'm starting the process of re-applying service packs, hotfixes etc. -----Original Message----- From: Steve Cody [mailto:securityat_private] Sent: Wednesday, September 19, 2001 11:05 AM To: incidentsat_private Subject: Nimda repair problems I have a few systems on my network that have become infected via the web, and the spread of files. I have Norton Antivirus Corp. Edition, and it detects the infected files and quarantines them. However, I guess the biggest problem I'm having is with the Riched20.dll file. That file is required to properly run Outlook. Does anyone know if the NAV is capable of repairing the file, or must I find the version of that file that came with each installed version of Office 97/2K/XP with various service packs and replace it manually. Thanks! Steve Cody ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:03:48 PDT