Security Incidents mailing list archives
RE: Nimda repair problems
From: Tom Smit <TSmit () fourthchannel com>
Date: Wed, 19 Sep 2001 12:42:32 -0400
We've found this to work: stop all services possible use a virus scanner that cleans the virus from a remote machine on all volumes do a second scan and you shouldn't get any hits double check the system.ini and wininit.ini for entries noted (we didn't have them) power off instead of shutdown (the memory resident part seems to infect something on the shutdown) I powered up disconnected from the network and logged in locally, everything seems to be fine. Installed anti-virus software and scanned again, everything was clean. double checked that the apps (explorer/iexplore) on the server still worked (they did) Now I'm starting the process of re-applying service packs, hotfixes etc. -----Original Message----- From: Steve Cody [mailto:security () gulbrandsen com] Sent: Wednesday, September 19, 2001 11:05 AM To: incidents () securityfocus com Subject: Nimda repair problems I have a few systems on my network that have become infected via the web, and the spread of files. I have Norton Antivirus Corp. Edition, and it detects the infected files and quarantines them. However, I guess the biggest problem I'm having is with the Riched20.dll file. That file is required to properly run Outlook. Does anyone know if the NAV is capable of repairing the file, or must I find the version of that file that came with each installed version of Office 97/2K/XP with various service packs and replace it manually. Thanks! Steve Cody ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda repair problems Steve Cody (Sep 19)
- <Possible follow-ups>
- RE: Nimda repair problems Tom Smit (Sep 19)