[42756] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
was Virus fix---Network Associates' fixes/filters, etc

daemon@ATHENA.MIT.EDU (Murphy, Brennan)
Thu Sep 20 14:52:35 2001

Message-ID: <B481990C9658D411BD3C009027D6F54402476F20@SNC-5-87.nai.com>
From: "Murphy, Brennan" <Brennan_Murphy@NAI.com>
To: "'ekgermann@cctec.com'" <ekgermann@cctec.com>,
	Indra PRAMANA <indra@webvisions.com>,
	Andras Bellak <Andras.Bellak@wfinet.com>
Cc: Steve Smith <ssmith@freeliant.com>, nanog@nanog.org
Date: Thu, 20 Sep 2001 13:50:51 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C14205.2B6F7900"
Errors-To: owner-nanog-outgoing@merit.edu


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C14205.2B6F7900
Content-Type: text/plain;
	charset="iso-8859-1"

Network Associates' Mcafee business unit has released a stand alone tool to
remove the nimda virus/worm. See this web page for more information:
 
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
<http://vil.nai.com/vil/virusSummary.asp?virus_k=99209> 
 
Obviously, existing anti-virus software DATs have also been released.
 
Network Associates' Sniffer business unit has released Sniffer filters to
assist
with identifying infected machines. There is even a way to set up an alert
to
send an email once the worm's signature traffic is detected on a network.
See this web page for the filter and more information:
 
http://www.sniffer.com/other/jump/nimda-filter.asp
<http://www.sniffer.com/other/jump/nimda-filter.asp> 
 
I am not authorized/~/able to answer software specific support questions--so
please
do not contact me with those.  :-)  However, if I see a generic question
posted to
this list about the worm that I can answer, I will do so...time permitting. 
 
Thanks,
-BM
 
 -----Original Message-----
From: Eric Germann [mailto:ekgermann@cctec.com]
Sent: Thursday, September 20, 2001 7:53 AM
To: Indra PRAMANA; Andras Bellak
Cc: Steve Smith; nanog@nanog.org
Subject: RE: Trend Micro FIX_NIMDA.EXE - was Re: Virus fix



-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Indra
PRAMANA
Sent: Wednesday, September 19, 2001 11:56 PM
To: Andras Bellak
Cc: Steve Smith; nanog@nanog.org
Subject: RE: Trend Micro FIX_NIMDA.EXE - was Re: Virus fix


Andras,

At 07:46 PM 9/19/01 -0700, Andras Bellak wrote:


Norton released a definition file yesterday that cleaned everything but the
.eml files and made the systems resistant to re-infection. They released an
update today that got the .eml files as well. 


Yes, but this requires us to install the antivirus software as well. Do you
know any tools like FIX_NIMDA.EXE that can fix the problem automatically
without having to use the antivirus software?



I still haven't seen anything that cleans up the htm, html, asp, etc files,
but there are a few utilities that work fine for doing that one.


What are the utilities? Where can I get them?
 
Norton Antivirus will clean most of the htm, html, asp, etc files.
http://www.symantec.com
 
Thank you for your help.

Cheers. 


------_=_NextPart_001_01C14205.2B6F7900
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 5.00.3105.105" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>Network Associates' Mcafee business unit has released a 
stand alone tool to</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>remove 
the nimda virus/worm. See this web page for more 
information:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001><A 
href="http://vil.nai.com/vil/virusSummary.asp?virus_k=99209">http://vil.nai.com/vil/virusSummary.asp?virus_k=99209</A></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>Obviously, existing anti-virus software DATs have also 
been released.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>Network Associates' Sniffer business unit has released 
Sniffer filters to assist</SPAN></FONT></DIV>
<DIV><SPAN class=367363018-20092001></SPAN><FONT face=Tahoma><FONT size=2><SPAN 
class=367363018-20092001><FONT color=#0000ff face=Arial>with identifying 
infected machines.&nbsp;There is even a way to set up an alert 
to</FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=367363018-20092001><FONT 
color=#0000ff face=Arial>send an email once the worm's signature traffic is 
detected on a network.</FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=367363018-20092001><FONT 
color=#0000ff face=Arial>See this web page for the filter and more 
</FONT></SPAN></FONT></FONT><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>information:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001><A 
href="http://www.sniffer.com/other/jump/nimda-filter.asp">http://www.sniffer.com/other/jump/nimda-filter.asp</A></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>I am 
not authorized/~/able  to answer software specific support questions--so 
please</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>do not 
contact me with those.&nbsp; :-)</SPAN></FONT><FONT color=#0000ff face=Arial 
size=2><SPAN class=367363018-20092001>&nbsp; However, if I see a generic 
question posted to</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>this 
list about the worm that I can answer, I will do so...time permitting. 
</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001></SPAN></FONT><FONT color=#0000ff face=Arial 
size=2><SPAN class=367363018-20092001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>Thanks,</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=367363018-20092001>-BM</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN 
class=367363018-20092001></SPAN></FONT></FONT>&nbsp;</DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN 
class=367363018-20092001>&nbsp;</SPAN>-----Original Message-----<BR><B>From:</B> 
Eric Germann [mailto:ekgermann@cctec.com]<BR><B>Sent:</B> Thursday, September 
20, 2001 7:53 AM<BR><B>To:</B> Indra PRAMANA; Andras Bellak<BR><B>Cc:</B> Steve 
Smith; nanog@nanog.org<BR><B>Subject:</B> RE: Trend Micro FIX_NIMDA.EXE - was 
Re: Virus fix<BR><BR></DIV></FONT>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px"></FONT>
  <BLOCKQUOTE 
  style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px">
    <DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma 
    size=2>-----Original Message-----<BR><B>From:</B> owner-nanog@merit.edu 
    [mailto:owner-nanog@merit.edu]<B>On Behalf Of </B>Indra 
    PRAMANA<BR><B>Sent:</B> Wednesday, September 19, 2001 11:56 PM<BR><B>To:</B> 
    Andras Bellak<BR><B>Cc:</B> Steve Smith; nanog@nanog.org<BR><B>Subject:</B> 
    RE: Trend Micro FIX_NIMDA.EXE - was Re: Virus 
    fix<BR><BR></FONT></DIV>Andras,<BR><BR>At 07:46 PM 9/19/01 -0700, Andras 
    Bellak wrote:<BR>
    <BLOCKQUOTE class=cite type="cite" cite><FONT color=#0000ff face=arial 
      size=2>Norton released a definition file yesterday that cleaned everything 
      but the .eml files and made the systems resistant to re-infection. They 
      released an update today that got the .eml files as well. 
    </FONT></BLOCKQUOTE><BR>Yes, but this requires us to install the antivirus 
    software as well. Do you know any tools like FIX_NIMDA.EXE that can fix the 
    problem automatically without having to use the antivirus software?<BR><BR>
    <BLOCKQUOTE class=cite type="cite" cite><FONT color=#0000ff face=arial 
      size=2>I still haven't seen anything that cleans up the htm, html, asp, 
      etc files, but there are a few utilities that work fine for doing that 
      one.</FONT></BLOCKQUOTE>
    <DIV><BR>What are the utilities? Where can I get them?<BR><SPAN 
    class=320075211-20092001><FONT color=#0000ff face=Arial 
    size=2>&nbsp;</FONT></SPAN></DIV>
    <DIV><SPAN class=320075211-20092001><FONT color=#0000ff face=Arial 
    size=2>Norton Antivirus will clean most of the htm, html, asp, etc 
    files.&nbsp; http://www.symantec.com</FONT></SPAN></DIV>
    <DIV><SPAN class=320075211-20092001>&nbsp;</SPAN><BR>Thank you for your 
    help.<BR><BR>Cheers. </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C14205.2B6F7900--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[42756] in North American Network Operators' Group

was Virus fix---Network Associates' fixes/filters, etc

daemon@ATHENA.MIT.EDU (Murphy, Brennan)Thu Sep 20 14:52:35 2001

daemon@ATHENA.MIT.EDU (Murphy, Brennan)
Thu Sep 20 14:52:35 2001
