 |
 |
I feel for you. I have some friends in NYC who, in addition to all the nuts things going on there have had to deal with Nimda as well. They're conclusion was that they didn't trust *any* cleaning solution completely, and did a scrub, reinstalling from the original CDs. I'm not sure if this applies in this case, but how do you know your backup isn't tainted? It kind of sounds that way to be, paranoid that I am. (If Nimda didn't come out 'till after 9/8 then this isn't likely). You might want to try another reload from the 9/8 backup, then reapply all the patches again, after verifying the right order (or no order?). If that still fails, I'd reinstall from your original media. You might also want to look at securityfocus.com, and their mailing list archives. Bugtraq has been a great place for Windows problems in the past. I have not kept up with it for a while now, but I can't imagine they aren't still a great place to glean information. --STeve Andre' (Political Science) At 03:11 PM 11/1/01 -0500, Gerard M Hoxsey wrote: >Very frustrating. bard.cal.msu.edu is my box. It was hit by nimda in >september. >It was formatted and reloaded from a sept 8 backup, fully patched according to >microsoft downloads and yet it has been exploited again. I am obviously >missing >something but I don't know what. I had noticed unusual activity and had >the box >off the wire before Gene's email went out. I was probed by 210.178.12.111 and >35.8.195.55 but my log shows 404's so I don't know how the heck they got in. >Any help in buttoning this up would be much appreciated. > > >Michael Hoxsey >Network Admin >Arts and Letters