Virus?

[RickM]

beenthere,
Glad you got your system back. You mention the rich20.dll file did not take. That is probably because the file is in use. However I believe it is one of the files infected by the Nimda. Go to this page http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html and scan down to where it talks about manually fixing Win 95/98 systems. There are instructions there for restoring the rich20.dll file. I recall another site saying it is ok to copy the file from another 'clean' machine to your own. It is usually found in the c:\windows\system directory. Again, hope this helps and good luck.

 

[Bird]

Good luck, Terry, hope it's OK. Those viruses via e-mail have been so frequent lately that my Norton automatically updates every day.

 

[Bird]

Just for comparison purposes, I ran my Norton AntiVirus yesterday afternoon and it showed to have scanned 54,902 files (I may have more now since I updated by browser this afternoon), then Norton automatically updated last night and now the virus lists shows 58,381 viruses to check for.

 

[Chuck52]

I guess this is one benefit I get from having the university as my internet provider. The mail server catches viruses before they get to my box. As you can imagine, universities are somewhat paranoid about such things and keep their interdiction software updated. Doesn't protect me from stuff I might download, but I'm fairly picky about that myself.

Chuck

 

[AndyR]

Right, it's the number of viruses checked for that is the figure of merit. The other (really really important) thing is to make sure that Norton is configured to scan all incoming mail and attachments. I probably catch at least 2-4 attempts per month - but Norton has caught every one so far.

Practice Safe Computing!

Andy in NH

 

[Bird]

Chuck, you're lucky; I don't have any such protection.

And Andy, you're right. Norton has caught two just this week, so far, so good. Like you, Norton has caught all of them for me so far.

 

[beenthere]

Rick
It is the manual extract that I cannot get to work. I get an error that 'cannot open file D:\win98\win_28.cab. Not sure what is not correct, my input or something missing on the Gateway system disk - emulating the Win98se system disk. I will keep looking and working on it, as I don't want that file to stay corrupted.
thanks
beenthere

 

[TerryinMD]

Bird,

Thanks for the concern.

It appears as though Norton caught the Virus before it could do any damage as I can't find any of the files it says have been infected.

However, I am going to follow the Norton suggestions and run their Nimda tool. Better to be safe than sorry.

I told my wife to do two things. Kill the Internet connection and not to turn the PC off. I believe this helped us. The Norton Nimda advisory mentioned that you shouldn't turn the machine off.

Now we'll see what we can do to make sure this cursed virus is kaput!! Also, I'm gonna set up a personal firewall this weekend. I think that we were hacked!! No proof. Just that my wife didn't receive any messages with an executable attached.

Ack!! What a pain. /w3tcompact/icons/eyes.gif I'd rather be sitting in front of the idiot box with an adult beverage.....

Bird, I hope everything works for the best with your wife. I'll keep her in my thoughts.

Terry

 

[Bird]

<font color=blue>I'm gonna set up a personal firewall </font color=blue>

My computer came with Norton AntiVirus, but then I decided to buy Norton SystemWorks and called on the phone to order it instead of off the Internet because I had a couple of questions I wanted to ask. Anyway, when I ordered it, the lady asked me if I'd like the firewall also for another $10. Of course, I don't understand all those things, but for $10, I figured, why not? It occasionally pops a little line on the screen showing some site as being "blocked for 30 minutes" so I guess it works./w3tcompact/icons/wink.gif

 

[TerryinMD]

Okay, here's the final outcome.

Norton dectected the virus and prevented it from damaging any files. I ran the virus scan and then downloaded the Nimda.Axxx repair tool from Symantec. I ran the repair tool and found no problems. One for the good guys!! /w3tcompact/icons/smile.gif

After that, I turned on the personal firewall feature in XP. I'm going to also run the Nimda.Axxx repair tool on my other machine as a safety measure.

A bit of a scare, no problems....

The thing that bothers me is where the damned thing came from. My wife got a couple of messages from her boss and did not download any files. So, the only other ways were that it was picked up from a website (a bank site was the only one accessed prior to the virus attack) or the PC was hacked while online. ????? /w3tcompact/icons/crazy.gif

Terry

 

[Charlie_Iliff]

Terry:
I had exactly the same experience. My computer at home is dual operating system, with W2000 on one drive that I use and W98 on my wife's. Both of us connect with AOL and a phone modem. She got the Nimda virus with no download or attachment to an e-mail. Norton trapped it and the repair tool found no problem. If someone hacked it, they sure don't have any sense about how to spend time. There's nothing to find there except constructive criticism of public officials.

 

[billboe]

Do you have a web server (specifically IIS) running on your system? Nimda can also come in that way.... Also, if you have any unprotected network shares on your PC, Nimda also takes advantage of those! Nimda is a pretty nasty one in terms of propagation. It could have been much meaner in terms of destruction...

Aren't viruses fun!

 

[TerryinMD]

Billlboe,

No, didn't install IIS.

Now, unprotected shared files. Now that is a distinct possibility. I have a hub with both machines connected to share files and our multifunction printer. What is an unprotected network share? A shared folder without using a password?

Terry

 

[beenthere]

IIS? Does that refer to an internet information server? And is it, for example, Netscape or is it something else? When I go to the the site that has the MS security bulletin to see if I need to add a patch, I get lost and confused real easily.
The Symantec bulletin that I referred to for cleaning up Nimda virus, said to run it over and over until the system is reported to be clean (which I did). Then it says:
<font color=blue>If necessary, download the appropriate MS patches to patch vulnerable systems.</font color=blue> How do I determine if it is necessary? Any help would be appreciated.
I am still trying to get beyond the 'extract' command to get the Riched20.dll file corrected. I am waiting for NAV to answer their 800 #, which was what Gateway Technical Service said I had to do. They said they couldn't help me remedy the problem I have (getting an error message that the d:\Win98\Win98_28.cab file could not be found).

 

[billboe]

<font color=blue>What is an unprotected network share? A shared folder without using a password?</font color=blue>

Yes, that is exactly what it is... The virus will copy itself to the unprotected shared folder and then someone/something must execute the virus in order for it to really infect this new PC (otherwise it can just sit there "dormant". When I say "something", I mean if the virus had access to the root folder ("c:\") then it could overwrite files that causes itself to be executed automatically... This is theoretical on my part... I know it will copy itself to unprotected shares, but, I'm not sure if it is smart enough to recognize that it has access to the other PCs root folder!!??

Anyway, that was a long winded answer to a simple question !

 

[billboe]

Beenthere,

Yes, IIS does stand for MS Internet Information Server... No other web servers (to my knowledge) are suseptible to Nimda.

Sorry I can't help with specifics! I dealt with Nimda about 2 (or more???) months ago... And, it wasn't exactly foolproof back then. A couple of systems that I worked on never recovered totally and had to be re-installed (now, that should say something about my virus fighting capabilities right there! /w3tcompact/icons/grin.gif )