erk, do i have a virus?!?!? <update>was NIMDA!!!</update>

[manwithplan]

hey everyone

I fear I may have contracted a virus today

For whatever reason windows explorer is trying to access the internet and the local internet and is seemingly pinging any system, even if the ip address doesnt exist on this lan!! (there only is 2 systems on it). explorer.exe ends up using aroun 40meg of ram and the entire system slows right down to an unuseable state, very annoying.

I have run McAfee visrus scan on the system but it didnt pick up anything at all. Ive also gone through the system file checker in win2k cos it was complaining about unrecognised protected files (or whatever error that it picks up on) I also had to restart the machine by booting from my copy of 2k and doing a rep[air on the system just to get it to start up!

I know this sounds like its a format and reinstall windows offence but are there any temporary measures to get a stable(ish) system up and running quickly because I have a pretty big piece of work than im in the middle of just now and dont have the time for a full reinstall

sorry bout the long post!

cheers
C.

 

[FUBAR]

Sounds like a Nimda. Do you have IIS installed? Are you sure you don't have IIS installed?

If you don't need the internet to do your project take out TCP/IP, you might get some wierd errors then but you'd know where to start looking.

You may also be able to just reinstall over the top... Can someone verify the outome of doing that? I've heard it's a valid maneuver but never tried (knock on particleboard)

 

[manwithplan]

ta for the advice!

After an hour and a half of running Norton AV it found around 500 or so Nimda infected files

Ive now completely hosed down the system and hopefully its now all gone! The weird thing is Ive never had IIS installed on this system... Ive had the Tomcat webserver (its an apache prog) running on it cos the project i was working on was a website.

Im just gonna gert the project done and then do a complete reinstall of windows.

cheers again
c.

 

[n0cmonkey]

Make sure you have IE 5.5sp2 atleast. That is another way to catch it I believe.

 

[gwlam12]

good job, not get rid of mcafee.

 

[exorr]

McAfee's stinks. Norton rules.

 

[bsobel]

> McAfee's stinks. Norton rules.

Thanks

Nimda also spread via file sharing and email, not just IIS. Any chance you have another machine networked that may have given you the infection? (It may not be obvious that your getting this via the network if you don't have another machine in the house, but I saw lots of people on cable/dsl lines who could 'see' their neighbors drives and where spreading it around neighborhoods via open file shares).

 

[manwithplan]

im still on a dial up connection () so it wasnt through sharing that way. I had been playing around with a friends FTP server tho recently...

I doubt i caught the virus though my dads pc either cos his is clean, i checked his just in case after mine was rife with infected files!

Im runnin ie5.5 sp2 and not running IIS so I mustve got it through an email or a file I had downloaded somewhere.

Anyways all is better now so Im once again a happy, if tired, chappie!

c.