December 13th, 2001, 10:20 PM
Virus w2k server cleaning
On my personal pc I run w2k server sp2 with IE 6.0 and Norton Antivirus. Recently I contracted Nawbi (not sure of spelling sorry). I have the latest updates from Symantec. If I disable IIS 5 (I am aware of security issues) and run Norton the system comes up clean. If I then re-enable IIS I receive Norton tells me that scripts xxxftp in inetpub\scripts is infected (no files in that directory not even hidden files).
I reinstalled 2000 and the problem persists. I am planing on switching to Apache but it bugs me that I can't fully remove this virus.
Going Linux on this system is not an option -I use too many m$ products for work.
Thanks for all your suggestions.
December 13th, 2001, 10:40 PM
Norton gives you the option to delete an infected file when it discovers one. Have you tried to delete the file that way?
December 13th, 2001, 11:23 PM
Norton gives me a 2 pop-ups first:
File xyz on Homer infected with virus abc could not repair (only option is okay) next pop-up
File xyz on Homer infected with virus abc could not repair Access is denied
there is nothing in Quaritine
Thanks for your suggestions
December 14th, 2001, 02:57 PM
Do you get these 'pop-ups' from the 'real-time' protection feature or during a scan. If it's 'real-time', I recommend you do a full system scan (all files) this should give you more options when the virus is encountered. Did you get the name of the virus? Is it "NIMDA", if so, Symantec has removal tools for two variants of this virus. Go to http://securityresponse.symantec.com/ to check them out.
Let me know if you need more info.