Eating The Worm

by

Pasta

Pasta's Pissers

I knew it would happen! How many times have you warned people about opening attachments from people they don't know? Whether you noticed or not, I disappeared after last weeks DFN. Wednesday was to be a technical day installing a new server and 10 work-stations, assisting the consultants. The server and work-stations were set up at their offices, all we had to do was disconnect the old pc's and attach the new work-stations. What should have been a smooth transition was met by a fierce DoS attack. My machine was still connected to the old server, I have been and always will be a supporter of Zone Alarm. You can beat this for a free firewall. Zone alarm was going wild. For those that don't know Zone Alarm blocks malicious attempts from computers/servers trying to access / ping your PC. It always blocks programs from dialing home and sending info about you, to where ever home is for the spyware. It was blocking every attempt to send e-mail from my PC at an alarming rate to the outside world, our customers. My twisted mind thought this was so cool! The deer in the headlight look was priceless, Nimda had propagated our old server to the max. What we decided to do was move all our data files to my PC. Scan it with Nimda Removal Tool, and scan it with Norton Corporate edition just to be sure everything was clean. We were clean. We transferred the files to the new server, finally but the birds were chirping. A Webmasters wakeup call, chirping birds.

Pasta's Cool DFN Link Of The Week

How You Doin?
Webmaster Cheat Sheets

How You Doin Nimda

Just when you think you ate the bear the bear eats you. The Norton console was going wild again, "a Virus has been detected" W32.Nimda.a@mm. This was not cool anymore! Another complete scan would take an hour or so. Then a complete re-scan, It's almost time to do porn 4:30. Where did everyone go? Oh time to go home? How You Doin? I was really benefiting from Voltar's Sleep Depravation NPOWS at this point of the day, they rock :) Don't go fetching the archives. They don't exist. It's the three DDD's, Desire, Discipline, Determination. If you lack them, you might as well go home!

Something was wrong, very wrong. We scanned, and deleted all the quarantined files on all machines. Again, "a virus has been detected" ... "WTF OVER". We were complacent, lack of sleep will do it every time. We definitely overlooked something, time for more coffee. We decided to revert to basic troubleshooting. Isolation.

All work-stations disconnected, disconnected the server. Ran the scan tool again. We missed riched20.dll on one of the work-stations? Finished the scans. Everything was clean. Put all work-stations back on the wire, attached the server. Did a complete system scan again. Woo Hoo! This time we were finally clean

Your Kidding Right!

Set up software, attach printers, assign rights to various users. Ten work-stations, 1/2 hr a station, 5 hours. It's Friday, an earned easy day. Work-station installs went smoothly, I was now at my works-tation, setting up Cute FTP, Homesite, SSH a must for every office power user :)

"A virus has been detected on your system, W32Nimda.A@mm has been detected Ip# XXX". Open Norton Console ... Son of a Bitch, You Dick!! I was pissed because the violator was a PC literate person, so I thought. Just as I walked into the individuals office out comes Mr.Zip Disk. "What are you doing?" "I just transferred my address book." "Cool, Getting familiar with the PC." "Oh yeah its fast I can multitask more so than on the older system." "Cool! Did you Scan that disk first?" "Yes" ... "You Asshole! You didn't scan the disk!" "The last 2 days spent cleaning up Nimda and you forget to scan a fucken disk, take your head out of your ass and wake the fuck up!" "When your done sulking come in my office, I want to show you something" hehe ... Norton Console is a very cool tool/feature of NAV Corporate Edition. It's the admin for the proggie. "Your busted dude, look at your IP ... the one with the red x, the particular file that was infected on your pc quarantined" The damage was done ... "I guess you forgot to scan that file huh!" The sound of silence when caught in the cookie jar. Well 48000 instances of Nimda later, everyone was up and running Monday morning. Mind you I am Just Pasta, A DFN, I am me but my work ethic is focused around the DDD's. and "Sicilian Persistence". It's gotten me in trouble, but hasn't let me down!

The Nimda Virus was such a pain in the ass the way it propagates and replicates in mere seconds. A priceless learning experience the hard way, first hand. If you haven't visited symantecs website check it out it's an excellent read on Nimda. Lots of info, period. It's weeks after its first instance, but how many people still have have their heads in their asses, data on floppies? It can happen! It did happen! Did you scan that disk?... Hey, where did everyone go? I ate the worm!

Hasta Pasta