Wesley- There is no evidence that the patch does not fix the vulnerability. You may be getting infected during the patching and cleaning process. Best bet is to patch, reboot, then clean. Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D dsi@iss.net 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: Wesley Vaux [mailto:Wesley.Vaux@globalknowledge.com] Sent: Monday, August 25, 2003 11:25 AM To: nanog@merit.edu Subject: Virus Has anyone noticed that after patching and cleaning machines that they become infected again? Is this just me? What is your process for remove Nachi.worm. Sorry for bringing this back up. Wes Vaux, CCNA, CCDA Network Security Engineer, 9000 Regency Pkwy Ste 500 Cary, NC 27511 t 919.463.6782 f 919.463.1290 Global Knowledge Experts Teaching Experts http://www.globalknowledge.com
There is no evidence that the patch does not fix the vulnerability. You may be getting infected during the patching and cleaning process. Best bet is to patch, reboot, then clean.
We've found that downloading both the appropriate patches and cleaning tools, and then disconnecting from the network (as in unplug your ethernet cord or hang up your modem line) before you run them both - patch then clean - works and prevents you from being re-infected during the process. Eric :)
We've found that downloading both the appropriate patches and cleaning tools, and then disconnecting from the network (as in unplug your ethernet cord or hang up your modem line) before you run them both - patch then clean - works and prevents you from being re-infected during the process.<<
For those who can't download the fixes first, you should be able to turn on IP filtering in the network properties (it blocks incoming connect attempts), permit nothing, to allow yourself time to get to windowsupdate and get patched. With XP just enable the firewall. Geo.
Review the system restore feature of XP machines as it relates to patches. This seems to be the big buzz around the desktop people where I work. Regards, jade On Mon, 2003-08-25 at 11:06, Geo. wrote:
We've found that downloading both the appropriate patches and cleaning tools, and then disconnecting from the network (as in unplug your ethernet cord or hang up your modem line) before you run them both - patch then clean - works and prevents you from being re-infected during the process.<<
For those who can't download the fixes first, you should be able to turn on IP filtering in the network properties (it blocks incoming connect attempts), permit nothing, to allow yourself time to get to windowsupdate and get patched. With XP just enable the firewall.
Geo. --
PGP Public Key: http://www.scoundrelz.net/~moose/key.asc
participants (4)
-
Eric Gauthier
-
Geo.
-
Ingevaldson, Dan (ISS Atlanta)
-
Jade E. Deane