MINDA virus and MCAFEE - Please read if you have MCAFEE. - GoFuckYourself.com

Juge · 09-20-2001, 11:36 AM

I just got hit by the fucking nimda virus yesterday. I'll throw some quick facts at you about it:

- Read about it off of http://www.norton.com website here: http://www.symantec.com/avcenter/[email protected]

- If you don't have the following patch installed http://www.microsoft.com/technet/sec...n/MS01-020.asp then chances are this virus can install itself by just previewing an email or just by visiting a website.

I had the patch installed, so how did I get it? Was I stupid enough to to download and run a readme.exe file when the email said it was a .wav file? NO!

FUCKING MCAFEE VIRUS SCAN'S OWN PRODUCT UPDATE DOWNLOADS SEVERAL FILES THAT CONTAIN THE VIRUS, INCLUDING .EML FILES (I HAVE NO IDEA WHY I NEED THEM - THEY ARE JUST OUTLOOK EXPRESS EMAIL FILES) AND THE SETUP.EXE UPDATE PROGRAM ITSELF! I GOT INFECTED FROM MCAFEE!

The virus reacted so quickly that (I realize now) the product update crashed due to no disk space left, since the virus was infected tons of files, inflating them to 4 megs in size, each.

Only once I realized mcafee didn't have any online write-ups about it (despite hearing about the virus for days on the news and radio), I assumed they didn't have a fix for it, so I installed norton antivirus, updating the files, and it cleaned my system. Then, after re-running macfee update, norton stops it, informing me about all the infected files it's downloading (and about to run) on my computer.

Has anyone else experienced this?

(oops, that should be nimda, admin spelled backwards, sorry)

[This message has been edited by Juge (edited 09-20-2001).]

HarryHo · 09-20-2001, 02:25 PM

thx for the tools

few hours ago ive been infected with that virus

just by visiting some site called pornstarclothing <- dont visit.."warning"
(they can forget the T shirt i wanted 2 order!

)

here is one of the 11 files infected

Date: 20-9-2001, Time: 21:13:02, Standard on OEMCOMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\WVV7AO1X\main[1].htm
was infected with the W32.Nimda.A@mm(html) virus.
The file was quarantined.

luckily i turned on my norton because my computer was doing weird..

justsexxx · 09-20-2001, 02:54 PM

Hi,
I get the virus yesterday I think by visiting a website. I didn't save the file the page wanted.
Today at my daily scan, he found nimda-a in temp internet files the file readme.exe.
He renemad this file and later he deleted it (sophos AV)Am I now still infected? I can't find any strange keys in my register.

Also a tool of panda that detect virusses like melissa and nimda-a can't find anything.
So am I clean?

Thanks,
Andre

FADE19 · 09-20-2001, 08:05 PM

I don't think people really realize just how ugly this bitch is....you most likely will not know you have it, until it is to late...I recieved my version of Nimda from microsoft after downloading ie5.5 sp2...this is just an FYI...I have been fighting this fucking thing for two days now...and just now seemed to have killed it...

HQ · 09-20-2001, 11:16 PM

i got a 'this update does not need to be installed on this system' msg. i guess windows update took care of it??? i just installed and run win update today!

Juge · 09-21-2001, 06:03 AM

HarryHo:

I never thought I'd see a .htm file having a virus on it, but I guess this one infects them by adding javascript code to them, to attempt to download the virus when people visit the site. I never had any of my .html files infected since my system ran out of disk space before it had a chance to infect everything. In fact only about 1/100th of my system got infected, some backups, and that was about it.

justsexxx:

Go to the norton (or mcafee, if you wish to tread in dark murky waters) web site, click on the virus name, and it should lead you to a program that will disinfect your system. Do this to make sure. The worm is tricky - it even gets into some files that system restore will store in your c:\_restore folder, which neither you nor your virus scan can delete (without turning off system restore first, and then rebooting, i think). So download and run one of these programs.

FADE19:
<quote>I recieved my version of Nimda from microsoft after downloading ie5.5 sp2...this is just an FYI...I have been fighting this fucking thing for two days now...and just now seemed to have killed it...</quote>

You got it from MS ie5.5 sp2? ha ha, that's the fucking patch that's supposed to stop this bitch. What a fucking slap in the face, huh? I bithced out mcafee today in an email. Those dumb fucks, out of everyone, should know that when a new virus is out, they should IMMEDIATELY block all downloads from their site, ESPECIALLY fucking upgrade services, since obviously it may be infected, and the program will not be able to detect it. I can't imagine how many people, like me, ran autoupgrade to ensure my computer would be safe from the virus, and got infected from it... grrrrrrrr

HQ:

Go into help, about IE, and it should say version 5.5 sp 2 - if you have the patch installed already.

Thanks all folks

09-20-2001, 11:36 AM	#1
Juge Confirmed User Join Date: Feb 2001 Posts: 1,917	MINDA virus and MCAFEE - Please read if you have MCAFEE. I just got hit by the fucking nimda virus yesterday. I'll throw some quick facts at you about it: - Read about it off of http://www.norton.com website here: http://www.symantec.com/avcenter/[email protected] - If you don't have the following patch installed http://www.microsoft.com/technet/sec...n/MS01-020.asp then chances are this virus can install itself by just previewing an email or just by visiting a website. I had the patch installed, so how did I get it? Was I stupid enough to to download and run a readme.exe file when the email said it was a .wav file? NO! FUCKING MCAFEE VIRUS SCAN'S OWN PRODUCT UPDATE DOWNLOADS SEVERAL FILES THAT CONTAIN THE VIRUS, INCLUDING .EML FILES (I HAVE NO IDEA WHY I NEED THEM - THEY ARE JUST OUTLOOK EXPRESS EMAIL FILES) AND THE SETUP.EXE UPDATE PROGRAM ITSELF! I GOT INFECTED FROM MCAFEE! The virus reacted so quickly that (I realize now) the product update crashed due to no disk space left, since the virus was infected tons of files, inflating them to 4 megs in size, each. Only once I realized mcafee didn't have any online write-ups about it (despite hearing about the virus for days on the news and radio), I assumed they didn't have a fix for it, so I installed norton antivirus, updating the files, and it cleaned my system. Then, after re-running macfee update, norton stops it, informing me about all the infected files it's downloading (and about to run) on my computer. Has anyone else experienced this? (oops, that should be nimda, admin spelled backwards, sorry) [This message has been edited by Juge (edited 09-20-2001).]

09-20-2001, 02:25 PM	#2
HarryHo Confirmed User Join Date: Sep 2001 Location: South Of Heaven Posts: 100	thx for the tools few hours ago ive been infected with that virus just by visiting some site called pornstarclothing <- dont visit.."warning" (they can forget the T shirt i wanted 2 order! ) here is one of the 11 files infected Date: 20-9-2001, Time: 21:13:02, Standard on OEMCOMPUTER The file C:\WINDOWS\Temporary Internet Files\Content.IE5\WVV7AO1X\main[1].htm was infected with the W32.Nimda.A@mm(html) virus. The file was quarantined. luckily i turned on my norton because my computer was doing weird..

09-20-2001, 02:54 PM	#3
justsexxx Too lazy to set a custom title Join Date: Aug 2001 Location: The Netherlands Posts: 13,723	Hi, I get the virus yesterday I think by visiting a website. I didn't save the file the page wanted. Today at my daily scan, he found nimda-a in temp internet files the file readme.exe. He renemad this file and later he deleted it (sophos AV)Am I now still infected? I can't find any strange keys in my register. Also a tool of panda that detect virusses like melissa and nimda-a can't find anything. So am I clean? Thanks, Andre

09-20-2001, 08:05 PM	#4
FADE19 Snow's Parole Officer Join Date: Sep 2001 Location: mud hut next to Bin Laden's Posts: 1,161	I don't think people really realize just how ugly this bitch is....you most likely will not know you have it, until it is to late...I recieved my version of Nimda from microsoft after downloading ie5.5 sp2...this is just an FYI...I have been fighting this fucking thing for two days now...and just now seemed to have killed it...

09-20-2001, 11:16 PM	#5
HQ Confirmed User Join Date: Jan 2001 Posts: 3,539	i got a 'this update does not need to be installed on this system' msg. i guess windows update took care of it??? i just installed and run win update today!

09-21-2001, 06:03 AM	#6
Juge Confirmed User Join Date: Feb 2001 Posts: 1,917	HarryHo: I never thought I'd see a .htm file having a virus on it, but I guess this one infects them by adding javascript code to them, to attempt to download the virus when people visit the site. I never had any of my .html files infected since my system ran out of disk space before it had a chance to infect everything. In fact only about 1/100th of my system got infected, some backups, and that was about it. justsexxx: Go to the norton (or mcafee, if you wish to tread in dark murky waters) web site, click on the virus name, and it should lead you to a program that will disinfect your system. Do this to make sure. The worm is tricky - it even gets into some files that system restore will store in your c:\_restore folder, which neither you nor your virus scan can delete (without turning off system restore first, and then rebooting, i think). So download and run one of these programs. FADE19: <quote>I recieved my version of Nimda from microsoft after downloading ie5.5 sp2...this is just an FYI...I have been fighting this fucking thing for two days now...and just now seemed to have killed it...</quote> You got it from MS ie5.5 sp2? ha ha, that's the fucking patch that's supposed to stop this bitch. What a fucking slap in the face, huh? I bithced out mcafee today in an email. Those dumb fucks, out of everyone, should know that when a new virus is out, they should IMMEDIATELY block all downloads from their site, ESPECIALLY fucking upgrade services, since obviously it may be infected, and the program will not be able to detect it. I can't imagine how many people, like me, ran autoupgrade to ensure my computer would be safe from the virus, and got infected from it... grrrrrrrr HQ: Go into help, about IE, and it should say version 5.5 sp 2 - if you have the patch installed already. Thanks all folks