W32.nimda.enc !!!!! HELP!!! [Archive] - SpeedGuide.net Broadband Community
PDA

View Full Version : W32.nimda.enc !!!!! HELP!!!

Rings890
07-25-02, 05:35 PM
W32.nimda.enc well this little baby is in one of my machines at work. I am scanning the servers as we speek *crosses fingers* I am having trouble finding the downloadable fix for this.
The infected system is running WinXP Pro with Norton 2002 A/V
Rings890
07-25-02, 05:38 PM
Sonofabit<h!!!! It's in my main server:(
CiscoKid
07-25-02, 05:46 PM
Originally posted by Rings890
Sonofabit<h!!!! It's in my main server:(

ouch...
Rings890
07-25-02, 07:55 PM
Well I manages to save the server, still trying to get it out of the accountants comp.
LT-73
07-25-02, 07:56 PM
:eek: Crapola !!
Ken
07-25-02, 07:58 PM
Let's get you over to Security for some assistance.
We did a thread recently there on how to remove it, I believe.
Ken
07-25-02, 08:05 PM
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html

http://antivirus.about.com/library/weekly/aa111201a.htm
RoundEye
07-25-02, 08:22 PM
Unplug every computer from the network and scan one of them at a time. Nimda will jump from one PC to the other through the network.

Apply all the security patches from Microsoft and make sure your definitions are up to date.

Norton's should have caught this.
Croc
07-25-02, 09:51 PM
This from TechTips as well. Hope it helps.

If you have Routers in your network be aware, that this virus may be located in the cache Memory of the routers. That means it is not enough to empty the complete Memory of your computer. You have to empty all memories connected to the Network.

Also if you use Internet Explorer 5.x, make sure it's patched to sp2 which is supposed to protect you from nimda.

Croc.
Rings890
07-26-02, 01:07 AM
Originally posted by RoundEye
Unplug every computer from the network and scan one of them at a time. Nimda will jump from one PC to the other through the network.



Tell me about it, thats how it got to my two servers :( Thanks for all the help folks. After I collected myself from the initial freekout I remembered to unplug the internal network con from the servers and ran the nimda fixes on both machines. It took five cycles of that nimda e to clean out the accountants comp. The thing that has me worried is where did it come from, I am hopeing it was someones email.
The biggest pissoff was the I had just finished building the new server and gotten most of our data migrated onto it when I realized I hadn't put any antivirus on that machine yet.
Live and learn I guess;)