Preserved Topic: Virus!? |
|
---|---|
Author | Thread |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-17-2002 22:54
Lately on both my XP machines when browsing through folders in windows explorer I've been getting these popups asking if i want to download the file usually with a name like wkb9.tmp or some shit. I click cancel and I've looked on the net for anything about this but couldn't find anyting. Now i've noticed that in all my folders theres a .eml file (explorer is id'ing it as an outlook email file). shit like saddam.eml and stuff. how the hell do i get rid of this shit!?! I'm going to try regular old antivirus right now..... |
Paranoid (IV) Inmate From: The Astral Plane |
posted 10-17-2002 23:03
Anti-virus would be my best guess. The fact that it's linked to Outlook isn't too heartening though. My guess is it started there with something you opened. Probably from a friend, or you though it was from a friend. You can do an online scan with Norton AV here |
Paranoid (IV) Inmate From: The Astral Plane |
posted 10-17-2002 23:06
Oh... and are your XP machines networked together? The symantec site has some checks and info on how to deal with those viruses that interfere with Norton AV and other virus scan programs on your local machine. Some viruses can replicate off of your server or another machine in the network. |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-18-2002 00:19
thanks |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-18-2002 00:46
looks like it was a "nimda" worm... couldn't repair anything but i have 114 quarantined files now (deleted 26 others)... |
Maniac (V) Mad Scientist From: Belgrade, Serbia |
posted 10-18-2002 08:26 |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-18-2002 09:28
i don't think i was running IIS on that machine Max... Apache though. same difference since its Windows?? |
Maniac (V) Mad Scientist From: Belgrade, Serbia |
posted 10-18-2002 10:59
Nimda was designed to attack IIS web servers using common exploit that was discovered a few months ago. It automatically replicates itself to other computers that are running IIS, so that computer must be running IIS (it doesn't matter if you use it or not, as long as the IIS service is started). Apache is not vulnerable to nimda. I would suggest you to check all running services and see whether IIS is running or not and to visit Windows Update to download patches or to install Windows XP SP1 if you already haven't done so... |
Paranoid (IV) Inmate From: Czech Republic via Bristol UK |
posted 10-18-2002 11:12
OK first up THIS IS NIMDA or one of its CLONES. |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-18-2002 22:28
Norton AV isn't doing shit. its fucking pissing me off.. these .eml folders are popping up everywhere I do not have iis installed and the fucking avg site doesnt work. norton just says you have a virus. no shit! tell me something i don't know or fix the fucking thing. |
Paranoid (IV) Inmate From: Behind the Wheel |
posted 10-18-2002 22:38
phew.... think i mighta got it... on this machine... no more .eml files at least |
Maniac (V) Inmate From: there...no..there..... |
posted 10-18-2002 22:41
Nasty virus you got there. Go here to see about a removal tool. |
Bipolar (III) Inmate From: New York City |
posted 10-19-2002 16:19
entirely off the topic- my rugby nickname was Lurch- I may have already told you about that! |