I got infected at work along with alot of other people. I didn't open any strange EXE's, in fact I didn't get any emails at all today, however my local copy of IIS didn't have all the latest hotfixes (I have a local copy of IIS I use to test my code with) so I got infected. My Innoculate Antivirus DAT dated 7/01 didn't pick up the virus. I got infected by another machine on the corporate LAN that was already infected. Like others have said, it's a particularly devious virus. It tricks Outlook into thinking the email message contains a .wav file which Outlook assumes is safe and automatically opens. In reality it's a .exe. It also appends some Javascript code to HTML pages on your infected system to open that email message, so you infect yourself again.
Guys, this is NOT funny. I just spent the better part of 7 hours fixing this damned thing on our network.
1) It launches automatically (from either a web-page or hidden email attachment)
2) It writes itself over the load.exe and rich-something.dll files in the Windows/System/ directory
3) It edits the system.ini file to launch itself on a re-boot
4) It creates *.eml and *.nws files in nearly every directory on the computer (taking hundreds of megs of space).
5) It opens sharing privlidges on your drives and makes its way across the network
6) It's a pain in the @ss to kill
So, I wouldn't exactly say it does NOTHING. McAffee will kill it, but you have to run a full sweep with the latest definitions on EVERY file, not just the default ones (I found that didn't work).
Anyway, best of luck, this sucker already cost me a day of getting absolutely NOTHING done.
- V
1) It launches automatically (from either a web-page or hidden email attachment)
2) It writes itself over the load.exe and rich-something.dll files in the Windows/System/ directory
3) It edits the system.ini file to launch itself on a re-boot
4) It creates *.eml and *.nws files in nearly every directory on the computer (taking hundreds of megs of space).
5) It opens sharing privlidges on your drives and makes its way across the network
6) It's a pain in the @ss to kill
So, I wouldn't exactly say it does NOTHING. McAffee will kill it, but you have to run a full sweep with the latest definitions on EVERY file, not just the default ones (I found that didn't work).
Anyway, best of luck, this sucker already cost me a day of getting absolutely NOTHING done.
- V
heh keep your servers patched, and dont feel the pain. I've not seen any of our servers or co-lo's affected by this, but then again i scan my boxens for holes on a regular basis...
this virus infected our NT server today, all networked comps had to be shutdown, and most staff were sent home by noon since most of our work are done on our desktops...
This is the kinda thing that warrants a STICKY thread in the forum, provided the title is changed from something pseudo-funny to something informative.
i'm surprised someone hasnt made a virus to capitalize on all this email going around about last week.
i'm sure if someone had an attachment that said something like "If you love America, click this!"
or "See what you can do to Osama here!" tons of people would be clicking away.
i'm sure if someone had an attachment that said something like "If you love America, click this!"
or "See what you can do to Osama here!" tons of people would be clicking away.
"DON'T OPEN UP ATTACHMENTS YOU IDIOT!"
This sort of thing works on rats.........why not on stupid people?
A better method would be to email your users attachments which, when opened, would warn them that you could have deleted their drive, then deride them for opening it, and finally give them a mild electric shock.
No wonder my Outlook/IE is locked down like there's no tomorrow. And no wonder I read all of my POP mail on my Mac.
Also I find it interesting that you said "stupid people" but not "stupid rats."
I know I'm going to show up to work tomorrow and have all of our "stupid" clients nailed by this. Why can't they, just for once, say "I know you told me five million times, but I'm an idiot and my curiousity overwhelmed my limited intellect."
This sort of thing works on rats.........why not on stupid people?
A better method would be to email your users attachments which, when opened, would warn them that you could have deleted their drive, then deride them for opening it, and finally give them a mild electric shock.
No wonder my Outlook/IE is locked down like there's no tomorrow. And no wonder I read all of my POP mail on my Mac.
Also I find it interesting that you said "stupid people" but not "stupid rats."
I know I'm going to show up to work tomorrow and have all of our "stupid" clients nailed by this. Why can't they, just for once, say "I know you told me five million times, but I'm an idiot and my curiousity overwhelmed my limited intellect."
you don't need to open anything for this thing to get you!!! I just clicked on a camera link from mysimon and Norton Antivirus caught the nimda... virus trying to open up by itself! I just updated my virus profiles today, so I guess i was lucky.
i use outlook 2k and was sent an email with the readme.exe attachment and when i highlighted the email to delete it it prompted a save file or open window, but it did say files from unknown sources could be dangerous and all the yadda that it usually states anytime you try and download something from the net.
It is too malicious. It will bloat your system until you run out of space. It will also infect your exe files.
this thing is pretty nasty, i worked on an user's pc, she got over 500 eml files, and then plus the nws files.
make sure you check the system.ini file, virus adds "load.exe -dontrunold" to "Shell=explorer.exe". also replace the riched20.dll file in the C:\windows\system (or wherever your system folder is) with a uncorrupted one, ms apps like word uses riched20.dll file.
add: also it enables file and printer sharing. From what I heard, it also creates a guest account with admin rights.
make sure you check the system.ini file, virus adds "load.exe -dontrunold" to "Shell=explorer.exe". also replace the riched20.dll file in the C:\windows\system (or wherever your system folder is) with a uncorrupted one, ms apps like word uses riched20.dll file.
add: also it enables file and printer sharing. From what I heard, it also creates a guest account with admin rights.
- Jan 3, 2001
- 41,920
- 2,161
- 126
<< I wouldn't say it doesn't do anything, it seems to have pretty well thrashed a couple of our NT4 machines. >>
It also infects web sites to automatically download itself to anyone visting, it tries to share your C: Drive, and it makes an NT Guest account with full administrator rights. VERY nasty!
- Jan 3, 2001
- 41,920
- 2,161
- 126
<< Guys, this is NOT funny. I just spent the better part of 7 hours fixing this damned thing on our network.
1) It launches automatically (from either a web-page or hidden email attachment)
2) It writes itself over the load.exe and rich-something.dll files in the Windows/System/ directory
3) It edits the system.ini file to launch itself on a re-boot
4) It creates *.eml and *.nws files in nearly every directory on the computer (taking hundreds of megs of space).
5) It opens sharing privlidges on your drives and makes its way across the network
6) It's a pain in the @ss to kill
So, I wouldn't exactly say it does NOTHING. McAffee will kill it, but you have to run a full sweep with the latest definitions on EVERY file, not just the default ones (I found that didn't work).
Anyway, best of luck, this sucker already cost me a day of getting absolutely NOTHING done.
- V >>
Same deal here. Sucks bigtime. We have it quarantined to a single server now. The big thing is to disable file and print sharing on the client PCs. Makes it a lot easier to contain!
Crapafee did NOT clean mmc.exe of nimda it just doesnt always find it what should i do?
Thanks
guy that should not be the admin of a webserver
Thanks
guy that should not be the admin of a webserver
About this thing embedding itself in a website for distribution as a '.eml' file... well, Outlook is totally screwed up on this computer so that it won't even launch without giving pop-up error messages. I've rigged my computer to open .eml files in Notepad, so I can read emails I archived before Outlook went screwy. If I go to a website infected with the .eml version of the virus, would my system be weak against it as I can't actually 'launch' the email file?
What does everybody think of Trend office scan a local college switched to it from crapafee and they love it so far.
No big deal, right....? Well we have 60,000 user Intranet that has come to a halt for over 24 hours. Screwed my life up REAL bad. Cost ME money for sure losing business.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter