I know. I spent last night and this morning cleaning out over 2500
desktop.eml files on all kinds of shares.  The person just visited a
compromised web site.  They knew better than opening an attachment (besides,
we block all .exe, .vbs, etc at the firewall).

Thanks,

James Spinti
jspinti at dartdist.com
952-368-3278 x396
fax 952-368-3255

|-----Original Message-----
|From: tclug-list-admin at mn-linux.org
|[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Shawn Fertch
|Sent: Wednesday, September 19, 2001 2:47 PM
|To: tclug-list at mn-linux.org
|Subject: [TCLUG] New virus info I think
|
|
|
|Just found this today on one of my systems with samba running...
|
|If someone is mapped to a samba share and they are infected with the "code
|blue" or nimba virus I think it's called, it will fill the file
|system with a
|pe000##.eml file in every directory.  Currently I'm writing a
|script to clean
|out the system of these and greping for the readme.exe when doing
|a strings
|against the file.
|
|My scripting sucks, but I'll get it done sometime....
|
|
|--
|---
|Shawn
|
|   "Knowing is not enough, we must apply.  Willing is not enough,
|we must do."
|	-Bruce Lee
|_______________________________________________
|tclug-list mailing list
|tclug-list at mn-linux.org
|https://mailman.mn-linux.org/mailman/listinfo/tclug-list
|