Announcement

Collapse
No announcement yet.

Is there a new flavor of nimda roaming out there ? [W32.Nimda.enc(dr)]

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Is there a new flavor of nimda roaming out there ? [W32.Nimda.enc(dr)]

    It's infecting ikernel.exe and lucky me got it.
    Nav 2002 can't remove it (with the pattern file from november 11th) so I had to delete the file.
    Is ikernel.exe part of the Demo Shield ?
    I seem to have got it after installing programs using the new Demo Shield 7 (installation shield).
    Last edited by Admiral; 12 November 2001, 11:47.
    Tags: None
  • #2
    I got the virus and had NAV2k2 quarantine it, then deleted the file. I'm not sure where it came from...

    Comment

    • #3
      http://www.symantec.com/avcenter/ven...imda.e@mm.html is the closest I've seen!

      Comment

      • #4
        I got it after installing the Myth 3 multiplayer demo, which is using Demo Shield 7 to install.
        It was in Program Files/CommonFiles/InstallShield/Engine...

        I also had it quarantined and deleted, but my XP installation is booting slower now and the NAV autoprotection is disabled for a few seconds when it boots into windows (maybe just as long for nimda to insert into the XP kernel ? ntoskrnl.exe is not infected though) .I also have a new prog added to my startup, something called "kernel fault check" (I'm in 98 now so I don't have the exact name). Guess it's put there by Windows... if I remove the line Windows keeps rewritting it.

        Comment

        • #5
          Well theres another virus defination update file the third in three days so it maybe worth while you doing another update and see what it says then.
          Chief Lemon Buyer no more Linux sucks but not as much
          Weather nut and sad git.

          My Weather Page

          Comment

          • #6
            The virus definition dated 11/11/01 (updated via LiveUpdate), which can also be downloaded here, could not remove it. This was the virus definition I had installed when I detected it.
            There doesn't seem to be a newer (than nov 11) virus definition yet.
            My system seems to be clean now (since I deleted the infected file), still, I'm thinking of formating and reinstalling Windows.



            Last edited by Admiral; 12 November 2001, 11:43.

            Comment

            • #7
              looks like live update is a bit behind times. Yep you're right the one I downloaded today is dated 11/11/01 and I downloaded an update the day before and the day before that. No doubt they'll be another one on the way.
              Last edited by The PIT; 12 November 2001, 14:24.
              Chief Lemon Buyer no more Linux sucks but not as much
              Weather nut and sad git.

              My Weather Page

              Comment

              • #8
                There is one from November 12th now...

                I don't get it, I boot in XP, make the NAV update, reinstall the infected demo, now it can't even detect it.

                I boot in 98, reinstall the infected demo, NAV starts screaming (with the virus definition from 11/11/01). I tell it to leave the file alone, go make the update... now it can't detect it either.

                Now, why would Symantec give us a new virus definition that stops detecting it ?
                Or there wasn't really a worm to begin with, just some new thing in Demo Shield 7 that NAV thought to be nimda ?

                Comment

                • #9
                  Latest NAV definitions are now 12/11/01 (12th dec).
                  FT.

                  Comment

                  • #10
                    Admiral is correct, November the 12th Tony... unless you're traveling forward in time
                    "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

                    "Always do good. It will gratify some and astonish the rest." ~Mark Twain

                    Comment

                    • #11
                      Originally posted by Greebe
                      Admiral is correct, November the 12th Tony... unless you're traveling forward in time
                      LOL

                      Comment

                      • #12
                        Tony,
                        You have to remember that the US peeps for some reason known only to them put their dates:
                        month/day/year

                        Where as we blighty people use:
                        day/month/year

                        No idea why, but it can get confusing when your trying to check driver release dates on web sites.
                        It cost one penny to cross, or one hundred gold pieces if you had a billygoat.
                        Trolls might not be quick thinkers but they don't forget in a hurry, either

                        Comment

                        • #13
                          From InstallShield Site

                          Dear InstallShield Customer,
                          As you may be aware, recent virus definition updates provided by Symantec for the Norton Anti-Virus software are incorrectly identifying the InstallShield Professional 6.31 script engine (ikernel.exe) as being infected by the W32.Nimda.enc (dr) virus. This is a false positive. Symantec/Norton has already updated the virus definition. For complete details, please read <A HREF="http://support.installshield.com/kb/view.asp?pcode=ALL&articleid=Q105740">Knowledge Base Article #Q105740.</A>

                          InstallShield remains dedicated to delivering the highest quality software. We regret any inconvenience this may have caused.

                          Comment

                          • #14
                            Thanks for clearing it up LS

                            Comment

                            Previous template Next
                            Working...
                            X