RE: Nimda repair problems

[Tom Smit <TSmit () fourthchannel com>]

We've found this to work:

stop all services possible
use a virus scanner that cleans the virus from a remote machine on all
volumes
do a second scan and you shouldn't get any hits
double check the system.ini and wininit.ini for entries noted (we didn't
have them)
power off instead of shutdown (the memory resident part seems to infect
something on the shutdown)
I powered up disconnected from the network and logged in locally, everything
seems to be fine.
Installed anti-virus software and scanned again, everything was clean.
double checked that the apps (explorer/iexplore) on the server still worked
(they did)


Now I'm starting the process of re-applying service packs, hotfixes etc.

-----Original Message-----
From: Steve Cody [mailto:security () gulbrandsen com] 
Sent: Wednesday, September 19, 2001 11:05 AM
To: incidents () securityfocus com
Subject: Nimda repair problems


I have a few systems on my network that have become infected via the web,
and the spread of files.

I have Norton Antivirus Corp. Edition, and it detects the infected files and
quarantines them.  However, I guess the biggest problem I'm having is with
the Riched20.dll file.  That file is required to properly run Outlook.  Does
anyone know if the NAV is capable of repairing the file, or must I find the
version of that file that came with each installed version of Office
97/2K/XP with various service packs and replace it manually.

Thanks!
Steve Cody


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more
information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com