<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.00.3105.105" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>Network Associates' Mcafee business unit has released a
stand alone tool to</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>remove
the nimda virus/worm. See this web page for more
information:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001><A
href="http://vil.nai.com/vil/virusSummary.asp?virus_k=99209">http://vil.nai.com/vil/virusSummary.asp?virus_k=99209</A></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>Obviously, existing anti-virus software DATs have also
been released.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>Network Associates' Sniffer business unit has released
Sniffer filters to assist</SPAN></FONT></DIV>
<DIV><SPAN class=367363018-20092001></SPAN><FONT face=Tahoma><FONT size=2><SPAN
class=367363018-20092001><FONT color=#0000ff face=Arial>with identifying
infected machines. There is even a way to set up an alert
to</FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=367363018-20092001><FONT
color=#0000ff face=Arial>send an email once the worm's signature traffic is
detected on a network.</FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=367363018-20092001><FONT
color=#0000ff face=Arial>See this web page for the filter and more
</FONT></SPAN></FONT></FONT><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>information:</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001><A
href="http://www.sniffer.com/other/jump/nimda-filter.asp">http://www.sniffer.com/other/jump/nimda-filter.asp</A></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>I am
not authorized/~/able to answer software specific support questions--so
please</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>do not
contact me with those. :-)</SPAN></FONT><FONT color=#0000ff face=Arial
size=2><SPAN class=367363018-20092001> However, if I see a generic
question posted to</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=367363018-20092001>this
list about the worm that I can answer, I will do so...time permitting.
</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001></SPAN></FONT><FONT color=#0000ff face=Arial
size=2><SPAN class=367363018-20092001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>Thanks,</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=367363018-20092001>-BM</SPAN></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN
class=367363018-20092001></SPAN></FONT></FONT> </DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN
class=367363018-20092001> </SPAN>-----Original Message-----<BR><B>From:</B>
Eric Germann [mailto:ekgermann@cctec.com]<BR><B>Sent:</B> Thursday, September
20, 2001 7:53 AM<BR><B>To:</B> Indra PRAMANA; Andras Bellak<BR><B>Cc:</B> Steve
Smith; nanog@nanog.org<BR><B>Subject:</B> RE: Trend Micro FIX_NIMDA.EXE - was
Re: Virus fix<BR><BR></DIV></FONT>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px"></FONT>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> owner-nanog@merit.edu
[mailto:owner-nanog@merit.edu]<B>On Behalf Of </B>Indra
PRAMANA<BR><B>Sent:</B> Wednesday, September 19, 2001 11:56 PM<BR><B>To:</B>
Andras Bellak<BR><B>Cc:</B> Steve Smith; nanog@nanog.org<BR><B>Subject:</B>
RE: Trend Micro FIX_NIMDA.EXE - was Re: Virus
fix<BR><BR></FONT></DIV>Andras,<BR><BR>At 07:46 PM 9/19/01 -0700, Andras
Bellak wrote:<BR>
<BLOCKQUOTE class=cite type="cite" cite><FONT color=#0000ff face=arial
size=2>Norton released a definition file yesterday that cleaned everything
but the .eml files and made the systems resistant to re-infection. They
released an update today that got the .eml files as well.
</FONT></BLOCKQUOTE><BR>Yes, but this requires us to install the antivirus
software as well. Do you know any tools like FIX_NIMDA.EXE that can fix the
problem automatically without having to use the antivirus software?<BR><BR>
<BLOCKQUOTE class=cite type="cite" cite><FONT color=#0000ff face=arial
size=2>I still haven't seen anything that cleans up the htm, html, asp,
etc files, but there are a few utilities that work fine for doing that
one.</FONT></BLOCKQUOTE>
<DIV><BR>What are the utilities? Where can I get them?<BR><SPAN
class=320075211-20092001><FONT color=#0000ff face=Arial
size=2> </FONT></SPAN></DIV>
<DIV><SPAN class=320075211-20092001><FONT color=#0000ff face=Arial
size=2>Norton Antivirus will clean most of the htm, html, asp, etc
files. http://www.symantec.com</FONT></SPAN></DIV>
<DIV><SPAN class=320075211-20092001> </SPAN><BR>Thank you for your
help.<BR><BR>Cheers. </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>