I know. I spent last night and this morning cleaning out over 2500 desktop.eml files on all kinds of shares. The person just visited a compromised web site. They knew better than opening an attachment (besides, we block all .exe, .vbs, etc at the firewall). Thanks, James Spinti jspinti at dartdist.com 952-368-3278 x396 fax 952-368-3255 |-----Original Message----- |From: tclug-list-admin at mn-linux.org |[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Shawn Fertch |Sent: Wednesday, September 19, 2001 2:47 PM |To: tclug-list at mn-linux.org |Subject: [TCLUG] New virus info I think | | | |Just found this today on one of my systems with samba running... | |If someone is mapped to a samba share and they are infected with the "code |blue" or nimba virus I think it's called, it will fill the file |system with a |pe000##.eml file in every directory. Currently I'm writing a |script to clean |out the system of these and greping for the readme.exe when doing |a strings |against the file. | |My scripting sucks, but I'll get it done sometime.... | | |-- |--- |Shawn | | "Knowing is not enough, we must apply. Willing is not enough, |we must do." | -Bruce Lee |_______________________________________________ |tclug-list mailing list |tclug-list at mn-linux.org |https://mailman.mn-linux.org/mailman/listinfo/tclug-list |