Malicious .eml virus?

[BatmanNate]

Hi,

My server is being plagued by desktop.eml and sample.eml files popping up all over the place for no apparent reason. Also, it eats up the virtual memory and slows everything way down. I've tried everything I can think of, even deleting outlook express (all the server does is nat/dhcp anyway, don't matter much what else is on it.) The OS is Win2k AS, anybody have any clue what could be doing this or how to remedy the problem?

 

[Scootin159]

<< Hi,

My server is being plagued by desktop.eml and sample.eml files popping up all over the place for no apparent reason. Also, it eats up the virtual memory and slows everything way down. I've tried everything I can think of, even deleting outlook express (all the server does is nat/dhcp anyway, don't matter much what else is on it.) The OS is Win2k AS, anybody have any clue what could be doing this or how to remedy the problem? >>



Try windows update (probably using some security hole), and then install a virus scanner. If your virus scanner quarintines them you should be fine.

 

[mattyrug]

sounds like you've got a touch of the Nimda Virus my friend.
Get your self a copy of F-Prot and do Multiple scans.
A friend just got that nasty little sucker. took 6 hours and 3 scans w/the bootable CD (DOS Mode), and another 2 scans within Windows!

 

[BatmanNate]

Nimda, huh? Thanks for the info, I'll give her a try. I don't know where it could have come from, since virtually nothing is installed on this machine, and nothing ever runs on it aside from it's basic OS stuff. I guess that's the benefit if the NAT server though, it gets the viruses instead of my machine.

 

[BatmanNate]

BTW, link don't work. Any other decent free virus solutions?

 

[BatmanNate]

Or is Nimda easily remedied by Service pack?

 

[mattyrug]

Sorry, it's Commandcom.com Nope, not by any service pack, dude. It's gotten by opening e-mail attachnments mostly, or downloading files from the internet. You got some serious scanning ahead of you, if it's that far into your system it may take a ferw hours to be rid of it. it's a NASTY Little Sucker too... do a search on Nimda and learn about the nasty little ba#tard! Good Luck. My advice, if you have Mcafee or Norton installed, download the LASTEST DAT files. Like I said, my buddy's machine had the latest DAT files for Norton, and it still didn't see it. You're probally gonna have to re-install a few peices of software again.
here's some general info about Nimda. Do a search on Yahoo for Anti-Nimda, and you'll find plenty of shareware programs that MAY get rid of it. My advice to you, is buy a good Anti-Virus program, and Scan at LEAST once a week. I don't run anything in the background, but I do a Manual Scan every week before I defrag. It helps.

 

[mattyrug]

Link to another free Anti-Nimda tool. Your welcome!

 

[dawks]

nimda also modifies system files, and some WinNT, Win2K, and WinXP services.. which supposedly leave a back door into your system, even through software firewalls. You might consider formatting... if you like security.. Should be a problem through a hardware firewall after you've removed the obvious files with the fixes.

www.antivirus.com should also have a fix.

 

[RGN]

Nimda is it. Try AVG from www.grisoft.com (i think that's it...) Its really a pain to get rid of. Most of the tools will not do it if the virus has run rampant for a week or so. You will be reformatting and reinstalling. The tip would be to do it disconnected from the internet. Last fall I have had a server get Nimda within 40 seconds of internet connectivity.

Infected e-mail is not the only way to get nimda either.

Infected java script on a web page
Drive share

are a few more.

Have fun

 

[BatmanNate]

Actually, that nimda remover from bit defender worked like a charm, and it only took about 10 minutes. (it's a slower machine with a smaller HD) I think the success is in part due to it having next to nothing installed on it. I am sure that no email attachments were opened on this machine, seeing as I delete atttachments if ever I recieve them and this machine isn't even used for email. Or surfing the web. In fact, the only way I use it is through the terminal services, and that's only when I need to tweak with the connections. Thank you all for your help and information, I really appreciate it! I'll have to keep up on these viruses, this could have been a royal pain in the arse.

 

[mattyrug]

Definately get your hands on some good Anti-Virus software, and re-scan again. depending on how far in it gets, it can take more than a few passes to be rid of it completely. Good Luck, and No Problem!